Guides

Vulnerabilities

Suggest Edits

Finding a Vulnerability

To find a specific vulnerability, click on the search box on the very top of your Manifest app and type the Vulnerability ID (including all aliases) of the vulnerability you're looking for.


The Vulnerability Details Page

πŸ—ΊοΈ Overview

The Vulnerability Overview page provides key details about each vulnerability.

On the left side, basic information about the vulnerability is listed in the top right - the name, aliases, and reference links. All main actions are listed below.

  • If you have a ticketing integration configured (like JIRA, ServiceNow or Linear, you can click on Create a Ticket which will open a new panel to add more info to put on the ticket.
  • This is where you'll also be able to download a shareable .pdf report of the vulnerability by clicking Download Report.
  • To create a VEX document, click the β ‡ button and select Create a VEX Document from the dropdown. To learn more about creating a VEX document, please check out our VEX & VDR Documents guide.

Under the actions, you'll see more key information about the vulnerability like the severity (CVSS), exploitability (EPSS Score & Percentile), whether or not it is on the KEV list, and two dates: when this vulnerability was published publicly and when it was first seen/detected in your organization. Please note that even if the original asset that introduced the vulnerability is removed from Manifest, the first seen date will not change. For more information on how to interpret this information to assess the risk of a vulnerability, check out our Vulnerabilities Overview guide.

On the right side, you'll see the overall Manifest Recommendation. Learn more about how this is scored on our Vulnerability Scoring guide.

Finally, the Impact section tells you the extent of this vulnerability across your system. You can see which assets, components and products are impacted by the vulnerability. To see more about each individual element, click on the version to see more details.


πŸ’ͺ Actions

The Actions tab lists what your team has done to mitigate the vuln. This includes links to all tickets created, as well as any VEX documents that uploaded to your organization.


πŸ› οΈ Fixes

The Fixes tab lists all the remediation and remediation notes for the vulnerability.


πŸ“š References

The References tab lists all supplemental information about the vulnerability. This includes a list of all aliases, and a list of additional reference links.


VEX Documents

Learn more about how you can use Manifest to generate and manage VEX & VDR Documents.

Updated 3 months ago