Updating Vulnerabilities
Once a vulnerability has been created for an asset on a project, you can then update the vulnerability in a number of ways.
Considering updating vulnerabilities is part of the role for a pentester or assessor, only users with Edit access to the project can perform this function.
However, any project team member can add remediation notes & mark a vulnerability as Ready For Retesting. This allows customers, developers & engineers to track remediation performed for a given issue; and let you know once the vulnerability is ready to be retested.
From the vulnerability page which you can access by drilling down from the project dashboard, you can use the page menu to select
Edit Vulnerability
.
If you need to upload further evidence to a vulnerability, you can select
Upload Evidence

If you need to perform QA on multiple vulnerabilities, or would like to review each vulnerability one-by-one (from one screen) - you can select this option.



If you need to perform a bulk overwrite on selected fields across selected vulnerabilities - you can select this option.



If you need to perform a bulk overwrite on all fields across selected vulnerabilities - you can select this option.
!WARNING - this will overwrite all fields on every vulnerability you have selected. Use with caution.



Once a vulnerability is ready for retesting, any user on the project can mark the vulnerability as
Ready for Retesting
from the vulnerability page menu.The audit trail for the vulnerability will also be updated to reflect the change in status.
Any user can also mark the vulnerability as
Not Ready for Retesting
to set it back to Open status.


As a vulnerability is in the process of remediation, project team members can update the vulnerability audit trail to include remediation notes. These notes are also synced with JIRA.



During remediation testing, vulnerabilities can be Closed and Re-Opened depending on their status.





You can also bulk update status for vulnerabilities as follows:
- Mark as Ready for Retesting
- Mark as Not Ready for Retesting
- Mark as Open
- Mark as Closed




This feature will add new tags for each selected vulnerability if the tag does not already exist on the affected asset.
To customize an existing CVSS score for vulnerabilities on the project, include the following at the start in the tags:
- CVSS:3.1
- CVSSv3.1 Base Score:
- CVSSv3.1 Temporal Score:
- CVSSv3.1 Environmental Score:
- CVSS:3.0
- CVSSv3.0 Base Score:
- CVSSv3.0 Temporal Score:
- CVSSv3.0 Environmental Score:


This feature will add new ReportGen tags for each selected vulnerability if the tag does not already exist on the affected asset.
To customize an existing tag - if the tag/name already exists on the affected asset, it will update its value to the new supplied value.
You can update the affected asset for a vulnerability:

Or perform bulk update across multiple vulnerabilities:

You can also duplicate vulnerabilities:

You can delete vulnerabilities individually:

Or you can bulk delete vulnerabilities:

Last modified 1yr ago