Sunday, April 7, 2024

Vulnerability Management - Vulnerabilities vs Vulnerable Instance (Rapid7)

Rapid7 considers a vulnerability different from a vulnerable instance.


Vulnerabilities:

A “vulnerability” is a unique, defined, and publicly disclosed software weakness. Each vulnerability is typically identified by an enumeration system, barring a few exceptions based on the type of software. Although multiple enumeration systems exist, the Common Vulnerabilities and Exposures (CVE) system is the most widely used and accepted system today.

Vulnerability Instances:

A “vulnerability instance” refers to the specific condition on an asset that causes it to be vulnerable to a vulnerability. An asset can be vulnerable to the same vulnerability in multiple ways. Common causes for this scenario are:
  1. Having multiple versions of the same software installed on an asset at the same time; all of which are vulnerable to the same vulnerability.
  2. Being vulnerable to the same vulnerability through multiple network ports.
So just be careful when you are comparing numbers between raw reports and InsightVM's dashboards. Raw reports will always show more numbers (if you have selected 'Vulnerability Proof' and 'Service Port' column) than what the dashboard is showing. I did not observe this kind of distinction in Qualys and Tenable yet.

Please refer below URL for more details:
https://docs.rapid7.com/insightvm/vulnerability-metrics-explained/

Happy Learning
vulnerabilitymanagement cybersecurity
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Vulnerability Management - Understanding vulnerability posture

Understanding the vulnerability posture of an organisation at a basic level helps you drive remediation efforts. So, I don't know what t...