Fortinet black logo

User Guide

Home FortiDAST 24.1.0 User Guide
24.1.0
24.1.0
23.4.0
23.3.a
23.3.0
23.2.0
23.1.a
23.1.0

Vulnerabilities

Vulnerabilities

The URI/API list displays the scan result per URI/API for you to analyze and remediate the issues found. Click on each row to view details such as the vulnerability description, reasons for failure, CVSS score, EPSS percentile, suggested remediation, and outbreak alerts.

Click on the URI to view and modify the status of each vulnerability or of all vulnerabilities, select Select Multiple and set the status. You can also filter the vulnerabilities based on the assigned status.

Click Outbreak Alerts to view asset specific outbreak alerts detected after a successful scan.

Notes:

  • The EPSS percentile is displayed for vulnerabilities that have an associated CVE ID. This value is displayed only for vulnerable and outdated components.
  • You are required to re-scan the previously scanned assets (from older releases) to review the associated vulnerabilities and to obtain the Proof of Exploit in the result dashboard and reports.
  • Click outbreak alert link to navigate to the FortiGuard Outbreak Alert page for in-depth analysis.

The following status categories are supported.

  • New: This is a new vulnerability detected by the scan.
  • Confirmed: This is a real vulnerability and requires a fix.
  • In Review: This vulnerability is currently in review/looked into for further action.
  • Reviewed: This vulnerability review is complete.
  • Fixed: This vulnerability is fixed and does not appear in the next scan result.
  • Risk Accepted: This vulnerability is an accepted risk and continues to exist without any potential damage.
  • False Positive: This vulnerability is a potential flaw in the scanner or is indicative of a unique feature of the application.
  • Removed: This vulnerability is overlooked in the application.
  • Reopened: This is a fixed vulnerability detected again in the rescan and requires to be addressed. This state is assigned by FortiDAST.

Previous
Next

Vulnerabilities

The URI/API list displays the scan result per URI/API for you to analyze and remediate the issues found. Click on each row to view details such as the vulnerability description, reasons for failure, CVSS score, EPSS percentile, suggested remediation, and outbreak alerts.

Click on the URI to view and modify the status of each vulnerability or of all vulnerabilities, select Select Multiple and set the status. You can also filter the vulnerabilities based on the assigned status.

Click Outbreak Alerts to view asset specific outbreak alerts detected after a successful scan.

Notes:

  • The EPSS percentile is displayed for vulnerabilities that have an associated CVE ID. This value is displayed only for vulnerable and outdated components.
  • You are required to re-scan the previously scanned assets (from older releases) to review the associated vulnerabilities and to obtain the Proof of Exploit in the result dashboard and reports.
  • Click outbreak alert link to navigate to the FortiGuard Outbreak Alert page for in-depth analysis.

The following status categories are supported.

  • New: This is a new vulnerability detected by the scan.
  • Confirmed: This is a real vulnerability and requires a fix.
  • In Review: This vulnerability is currently in review/looked into for further action.
  • Reviewed: This vulnerability review is complete.
  • Fixed: This vulnerability is fixed and does not appear in the next scan result.
  • Risk Accepted: This vulnerability is an accepted risk and continues to exist without any potential damage.
  • False Positive: This vulnerability is a potential flaw in the scanner or is indicative of a unique feature of the application.
  • Removed: This vulnerability is overlooked in the application.
  • Reopened: This is a fixed vulnerability detected again in the rescan and requires to be addressed. This state is assigned by FortiDAST.

Previous
Next