The Vulnerability Detail Screen: Applications

The application Vulnerability Detail screen is available from the Summary tab, under the Assets tab, and the Findings tab. It gives you exact details about a specific vulnerability. The Vulnerability Detail is quite large, so this is a summary of the top of section of the screen:

ne wvulndetail app 2
Field No. Field Name Description

1

Vulnerability Class

This is the name of the general type of vulnerability — for example, cross-site scripting or sql injection.

2

Vulnerability ID

This is the unique Sentinel ID for this specific vulnerability.

3

Located In

This gives the path to the vulnerability. (This will be the URL for a site or the repository path for an application. Applications with unpatched library vulnerabilities will include specific location information if the customer is using a package manager for which Sentinel Source supports specific locations.)

4

Found Revision

This is the revision where the vulnerability was found during scan. This may or may not be the actual revision where the vulnerability was introduced by the developer, since there can be many revisions submitted in a single day.

5

Opened On

This is the date the vulnerability was reported.

6

Days Open

This is the number of days the vulnerability is or was open. The number is rounded down.

7

Verification Status

This indicates whether the vulnerability is certified (verified) by WhiteHat or not.

8

Vuln Status

This is open, closed, accepted, mitigated, or invalid. (Please see Vuln Status.)

9

CVSS Score

The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat.

10

WhiteHat Rating

Classification of the threat posed by the vulnerability, based on WhiteHat research (Low, Medium, High and Critical).

ne wvulndetail app
application vuln detail page 2

Vulnerability Details Tabs

In the lower sections of Vulnerability Details screen, there are a number of tabs that allow the user to drill in deeper into the finer detail about each vulnerability.

Vulnerability Elements

This provides the vulnerability elements, such as the Source, Sink and Variable Usage, etc.

Description & Solution

If a recommended patch or remedial steps are available, they will be provided in this tab. Here you can review remedial steps and download recommended patches, as they relate to the specific vulnerability in question.

Ask a Question

If you need more information about the vulnerability than is available in the Description & Solution tab, you can use the Ask a Question tab for clarification. Questions submitted here are routed directly to our engineers, bypassing the Synopsys Software Integrity Community.

Ask a Question

To ask a question using the Vulnerability Management functions, perform the following steps:

  1. Click Findings.

  2. Select a Vuln ID from the Vulnerability Management page:

    ask a question 1 application rw
  3. Select Ask a Question.

  4. Click the Ask a Question icon.

    ask a question 2 application
  5. Type a Question in the text field provided.

  6. Click Submit to send your question to the Threat Research Center.

    ask a question 3
Previous questions and responses can be reviewed in the Ask a Question section.

Vulnerability Notes

Users can write notes here in order to keep a record of remedial steps taken and to communicate with other team members about the vulnerability.

If there are similar vulnerabilities elsewhere in this application (or in other applications that this viewer has permissions for), they will be listed in this tab, making it easier for developers to resolve all related vulnerabilities in a systematic and consistent way.

For more information on dependency errors, refer to Dependency Errors in Java or Dependency Errors in C#.