Monitor Vulnerabilities

An application registered with Cisco Secure Application is scanned and continuously monitored for vulnerabilities. The Vulnerabilities page displays the list of all the scanned vulnerabilities. When vulnerabilities are detected, a user with Configure permission can prioritize the vulnerabilities and change the status based on the details on this page.

By default, this page displays an overview of the selected application. For information about selecting a specific application or service, see Select Application Scope at Monitor Application Security Using Cisco Secure Application.

Vulnerabilities page:

Vulnerabilities includes Last 1 Week, which displays data for last seven days. The top pane of Vulnerabilities includes these charts:

Chart

Description

Open

This pie chart represents the total number of open vulnerabilities. Open vulnerabilities are vulnerabilities that currently exist in the runtime application, which are not patched or fixed yet and are not explicitly marked Ignored by the user. The chart displays the number of vulnerabilities based on the following severity:

Critical = Red
High = Orange
Medium = Yellow
Low = Purple

Hover on the required severity to view the number of open vulnerabilities with that severity. If you require all the charts in the pane to display based on a specific severity, click the severity on the pie chart. To return back to the complete chart, click the same severity again.

First Detected

This chart displays the number of days the vulnerability is open versus the severity of the vulnerability (critical, high, medium, or low).

Trend

This chart displays the number of open tickets versus the number of fixed tickets from the last 7 days. This shows the trend of fixing open vulnerabilities.

The bottom pane includes different fields and corresponding columns that provide details of the vulnerabilities:

Use the Search filter to search based on the Vulnerability, Package Language, CWE, Severity, Application, Tiers, Libraries and Status values. For more information about the Search filter, see View Data Using Search Filter in Monitor Application Security Using Cisco Secure Application.
There are few options such as Set Status and Set Severity that are available only if you have the Configure permissions for Cisco Secure Application.
Click a row to view the vulnerability details for the specific tier.

Name	Description
Severity	The severity level of the corresponding vulnerability. The warning icon () next to a severity indicates that the exploit is detected in your application. You can click this icon to view the attack details page. The red icon () next to a severity indicates that this exploit is detected somewhere else in the Secure Application network. If you have Configure permission, you can change the severity by selecting the checkbox next to required vulnerabilities, and then click Set Severity to choose the appropriate severity. You can sort this column alphabetically.
Reached	The application uses the vulnerable method as part of its code flow. A yellow icon is displayed in this column to indicate that a vulnerability method is matched.
Risk	The risk score of the vulnerability. This helps in prioritizing the affected services.
Vulnerability	The vulnerability name and Common Vulnerabilities and Exposure (CVE) identifier. You can click the name to view the details specific to that CVE.
CWE	The Common Weakness Enumeration ID for the corresponding vulnerability.
Package Language	The Application package language. Currently Cisco Secure Application supports only Java and .NET Agents. Therefore the value of this field is Java or .Net.
Application	The name of the affected application.
Tier (Nodes)	The services or the tiers affected because of the corresponding vulnerability. The number in parenthesis indicates the number of nodes. Click the flow map icon() to view the AppDynamics flow map for that tier.
Libraries	The libraries that exists in the corresponding application and tier. You can click the value in this field to view the list of all the vulnerabilities that impacts this library in the Libraries detail view.
First Detected	The time elapsed after the vulnerability was first detected.
Status	The status of the corresponding vulnerability. The status value can be: Detected (at least one vulnerability is detected in the library) Confirmed (Library is reviewed) Fixed (Library is fixed) Ignored (not a library) Not Vulnerable (no vulnerabilities are found in the library) The status Ignored can be updated by the developer with Configure permission for Cisco Secure Application. If you have Configure permissions, you can select the vulnerabilities using the checkbox, and then set the status by using the Set Status option. Without Configure permission, the Set Status option is unavailable.

View Vulnerability Details

To prioritize vulnerabilities, you may require additional information. Click a vulnerability row to view detailed information about a vulnerability. The vulnerability details view is displayed.

The top pane displays the following details:

Field Name	Description
Title	The name of the vulnerability.
CWE	The Common Weakness Enumeration ID for the corresponding vulnerability.
Reported Severity	The severity of the vulnerability, which can be critical, high, medium, or low.
CVSS3 Vector String	The metric values that is used for Common Vulnerability Scoring System (CVSS).
Description	Details of the vulnerability.
First/Last seen	The timeframe when the vulnerability was first detected and when the vulnerability was last detected.
Remediation	The recommended remediation action. In the case of a vulnerable library, the version(s) to upgrade the library for remediation. Click on show all <count of versions> to view all the recommended remediation versions.
Vulnerability Notes	If you have the Configure permission, you can add the notes under Vulnerability Notes. You can use the copy icon to copy the notes, if required.

The bottom pane displays the following details:

Field Name	Description
Application	Name of the affected application.
Tier (Nodes)	The services or the tiers that are affected because of the selected vulnerability. The number indicates the number of affected nodes. The flow map icon() directs to the AppDynamics flow map for that tier.
Severity	The severity of the vulnerability. You can edit the severity if you have Configure permission.
Libraries	The library affected because of the vulnerability. You can click the library to view the details of the library. See Monitor Libraries.
Risk	The risk score of the vulnerability. This helps in prioritizing the affected services. A higher risk score indicates that the corresponding library on the corresponding service is at risk.
First Detected	The time elapsed since the vulnerability is detected.
Status	The status of the selected vulnerability. The status value can be: Detected (at least one vulnerability is detected in the library) Confirmed (vulnerability is reviewed) Fixed (vulnerability is fixed) Ignored (not a vulnerability) Not Vulnerable (no vulnerabilities are found in the library) If you have Configure permissions, you can select the rows using the checkbox, and then set the status by using the Set Status option. Without Configure permission, the Set Status option is unavailable. The Detected and Fixed status are automatically detected based on the libraries used in the application.
Note	Under Note, if you have the Configure permission, you can select required checkboxes and then use the Note option to add notes.

You can click the Export button to download the table data. It downloads all of the rows, columns, and related data in a .csv file. A separate .json file includes the following: link to the Cisco Secure Application website where the table is exported from, global filters (if any) applied to the pages, and search filters applied to the columns. These two files are compressed into a .zip file for downloading. The maximum number of rows that can be exported is 10,000. If table data exceeds 10,000 rows you may apply filters to narrow your search, or export the first 10,000 results.