Hi, I am trying to figure out how Nexpose rounds the riskscore on the Vulnerabilities Tab in the GUI in order for my SQL Query Risk score to match what the CIO exports to CSV. Currently we keep getting hit on our queries because the risk score doesn’t match up with what they see. I see that some of the scores are rounded to the whole number, but others are rounded to the first decimal and my script rounds everything to the nearest tenth which is causing the scores to be different.
For instance, in one vulnerability my script is showing one of the vulnerability scores as 150.8 but when you look in the GUI, it shows 151. In another vulnerability on the same host, my script shows 98.7 and when you look in the GUI, it shows 98.7.
Does anyone know how Rapid7 is determining when to use decimal in the score and when not to?
Just for clarification, When I say GUI, I am using the URL of /vulnerability/listing.jsp