Vulnerability Management

The Vulnerabilities section of the Operations module provides comprehensive vulnerability tracking with severity classification, CVSS scoring, validation workflows, and integration with report findings.

Vulnerability Management

🖥️ Vulnerability Management Interface Screenshot

CRUD Operations

Full create, read, update, and delete operations are supported:

Create: Add vulnerabilities manually or through imports
Read: View vulnerabilities in table format or floating windows
Update: Modify vulnerability details, status, and validation data
Delete: Remove vulnerabilities with confirmation, supports bulk deletion

Vulnerability Fields

Each vulnerability record contains the following fields:

Field	Type	Description
`title`	String	Vulnerability name/title
`severity`	Select	Severity level: `critical`, `high`, `medium`, `low`, `info`
`cve_id`	String	CVE identifier (e.g., CVE-2024-1234)
`cwe_id`	String	CWE identifier (e.g., CWE-89)
`cvss_score`	Number	CVSS score (0.0 to 10.0)
`cvss_vector`	String	CVSS vector string
`description`	Text	Detailed vulnerability description
`status`	Select	Current status in the workflow
`source`	String	Import source tool name
`source_id`	String	Unique ID from source tool
`service`	String	Affected service/application
`component`	Relation	Project component reference
`metadata`	JSON	Additional structured data

Severity Levels

Vulnerabilities are classified by severity with color-coded badges:

Severity	CVSS Range	Color	Description
Critical	9.0 - 10.0	Red	Immediate exploitation risk, critical business impact
High	7.0 - 8.9	Orange	Significant risk requiring urgent attention
Medium	4.0 - 6.9	Yellow	Moderate risk, should be addressed in normal cycle
Low	0.1 - 3.9	Blue	Minor risk, address as resources allow
Info	0.0	Gray	Informational finding, no direct security impact

Status Workflow

Vulnerabilities progress through defined status states:

open → confirmed → remediated
         ↓
    false_positive
         ↓
      accepted

Status	Description
`open`	Initial state, vulnerability identified but not reviewed
`confirmed`	Validated as a genuine security issue
`remediated`	Fixed by the target organization
`false_positive`	Determined to be incorrectly identified
`accepted`	Risk accepted by stakeholders

Filtering Options

🖥️ Vulnerability Filtering Options Screenshot

The vulnerability list supports comprehensive filtering:

Service: Filter by affected service or application
Severity: Filter by one or more severity levels
Status: Filter by current workflow status
Source: Filter by import source tool
Validation: Filter by manually validated or not validated
Component: Filter by project component
Text Search: Search across titles and descriptions

Sorting Options

Sort the vulnerability list by:

Severity (critical first by default)
Status
Created date
CVSS score
Title

Floating Window Editor

🖥️ Floating Window Editor for Vulnerabilities Screenshot

Vulnerabilities can be viewed and edited in floating windows:

Open multiple vulnerabilities in separate windows
Minimize windows to a taskbar
View affected assets within the editor
Edit all fields including validation data

Validation Workflow

🖥️ Manual Validation Workflow Interface Screenshot

Manual Validation

The validation workflow allows analysts to document verification of vulnerabilities:

Select vulnerabilities to validate (single or bulk)
Add validation notes explaining the verification process
Attach evidence documenting the validation
Mark as validated to record the validation

Validation Fields

Field	Type	Description
`manually_validated`	Boolean	Whether the vulnerability has been validated
`validated_by`	Relation	User who performed validation
`validation_date`	Date	When validation occurred
`validation_notes`	Text	Notes explaining the validation
`validation_evidence`	Text	Evidence supporting the validation

Validation Badge

Validated vulnerabilities display a visual badge indicating:

Validation status (validated/not validated)
Validator name
Validation date

Bulk Validation

Validate multiple vulnerabilities at once:

Select vulnerabilities using checkboxes
Click the bulk validate action
Enter shared validation notes
All selected vulnerabilities are marked as validated

Bulk Operations

🖥️ Bulk Operations Interface Screenshot

Bulk Update

Update multiple vulnerabilities simultaneously:

Status Update: Change the status of all selected vulnerabilities
Service Update: Assign a common service to selected items
Component Assignment: Assign vulnerabilities to a component

Bulk Selection

The selection system provides:

Individual checkbox selection
Select all visible items
Select none (clear selection)
Selection count indicator

Bulk Delete

Delete multiple vulnerabilities with:

Confirmation dialog showing count
Warning for validated vulnerabilities
Cascading deletion of related mappings

Statistics and Analytics

Severity Breakdown

The dashboard displays vulnerability counts by severity:

Metric	Description
Critical	Count of critical severity vulnerabilities
High	Count of high severity vulnerabilities
Medium	Count of medium severity vulnerabilities
Low	Count of low severity vulnerabilities
Info	Count of informational findings

Status Breakdown

Track vulnerability progress through the workflow:

Metric	Description
Open	Vulnerabilities awaiting review
Confirmed	Validated vulnerabilities
False Positive	Incorrectly identified items
Remediated	Fixed vulnerabilities
Accepted	Risk-accepted vulnerabilities

Component Filtering

Filter statistics by selected project components to see:

Component-specific severity breakdown
Validation progress per component
Status distribution per component

Asset Relationships

🖥️ Asset Relationships from Vulnerability View Screenshot

Affected Assets

Each vulnerability displays its affected assets:

Asset name and value
Asset type indicator
Link to the full asset record

Asset Count Badge

The vulnerability list shows an asset count badge indicating how many assets are affected by each vulnerability.

Port/Protocol/Service Details

For network vulnerabilities, the relationship includes:

Port number
Protocol (TCP/UDP)
Service name
Additional network details

Finding Mapping

Mapped Finding Indicator

Vulnerabilities that have been mapped to report findings display:

Mapping indicator badge
Link to the associated finding
Finding title preview

Auto-Mapping

The system can automatically map vulnerabilities to findings based on:

CVE ID matching
CWE ID matching
Title similarity matching

Manual Mapping

Analysts can manually map vulnerabilities to findings:

Select the vulnerability
Choose the target finding from the report
Confirm the mapping

Import Behavior

Vulnerability Deduplication

Imported vulnerabilities are deduplicated using:

Primary Match: source_id + source + project
Secondary Match: cve_id + project (if source_id not available)

Update Logic

When a matching vulnerability exists:

Identical: Record is skipped
Changed: Record is updated with new data
New fields: Additional data is merged

Relationship Creation

When importing, the system automatically:

Creates asset-vulnerability mappings based on affected_assets
Links to existing assets by matching asset values
Creates new assets if referenced assets don’t exist

Best Practices

Validation Workflow

Review by severity - Start with critical and high severity items
Document evidence - Include screenshots, request/response data
Note false positives - Explain why items are false positives for future reference
Bulk validate similar items - Group related vulnerabilities for efficient validation

Status Management

Set confirmed status after successful validation
Use false_positive sparingly and with documentation
Mark remediated only after confirming the fix
Use accepted status for business-approved risks

Mapping to Findings

Map validated vulnerabilities to corresponding report findings
Group related vulnerabilities under a single finding
Use auto-mapping for standard CVE-based findings
Review auto-mappings for accuracy