Hello, I am trying to find the definitions for the results in the “Vulnerability Test Result Code”. I ran a Basic Vulnerability check report and I am trying to understand the results from the report.
Is there a Data Dictionary document or page that lists the report fields definition of values? Thank you.
Hi @pppelis ,
Is this it? Reporting FAQs
Each code corresponds to results of a vulnerability check:
- ve (vulnerable, exploited): The check was positive as indicated by asset-specific vulnerability tests. Vulnerabilities with this result appear in the CSV report if the Vulnerabilities found result type was selected in the report configuration.
- vv (vulnerable, version check): A check was positive because the version of the scanned service or application is associated with known vulnerabilities.
- vp (vulnerable, potential): The check for a potential vulnerability was positive.
- ee (excluded, exploited): A check for an exploitable vulnerability was excluded.
- ev (excluded, version check): A check for a vulnerability that can be identified because the version of the scanned service or application is associated with known vulnerabilities was excluded.
- ep (excluded, potential): A check for a potential vulnerability was excluded.
- nv (not vulnerable): Nexpose did not find the target application or service to be vulnerable.
- uk (unknown): Nexpose was unable to determine whether the scanned service or application is vulnerable.
- sd (skipped because of DoS settings): Nexpose skipped the check because it involves Denial of Service settings.
- sv (skipped because of inapplicable version): Nexpose skipped the check because the version of the target service or application is not associated with the given vulnerability.
- er (error during check): Nexpose encountered an error during the check.
- ds (skipped, disabled): A check was not performed because it was disabled in the scan template.
- ov (overridden, version check): A check for a vulnerability that would ordinarily be positive because the version of the target service or application is associated with known vulnerabilities was negative due to information from other checks.
- nt (no tests): There were no checks to perform.