Skip to main content

Vulnerability description

Locations table

When you select a type of vulnerability in your group's Vulnerabilities section, you will be directed to a subsection with specific information about it. The title is the name of the type of vulnerability preceded by the number we have assigned to it in our list. Below it, is the header with global information about that type of vulnerability. And even further below, you will notice that you are in that type of vulnerability's Locations tab, which shows the locations table. This table shows the following information, from the leftmost to the rightmost column:

  • Location: The files where this type of vulnerability has been reported. They can be understood as individual vulnerabilities of that type.
  • Specific: In what lines of code, inputs (e.g., password field) or ports each vulnerability was detected.
  • Status: Whether each vulnerability has been closed (remediated) or remains open.
  • Report date: The dates when vulnerabilities were reported.
  • Reattack: Whether a reattack has been requested and is pending, is on hold, has been verified (open) or verified (closed). If this cell is blank, it should be interpreted that a reattack has not been requested.
  • Treatment: The defined treatment for each vulnerability, which could be in progress, temporarily accepted, permanently accepted or zero risk.
  • Tags: Any tags that you have given each vulnerability to identify it.

Locations Table

Filters

In the Locations subsection for each type of vulnerability, there is a Filters button that offers you six options to filter the information presented in the locations table.

Filters

Description tab

Clicking on the Description tab you will see a subsection with concise technical information about the type of vulnerability you are exploring. Among this information, you will find what this type of vulnerability consists of, the security requirements with which you are not complying, the potential dangers this represents, and what actions you can implement for remediating this type of vulnerability or mitigating risk. For more information about this subsection, we recommend you follow this link.

Description Tab

Severity score

For the calculation of the severity of vulnerabilities, we use the Common Vulnerability Scoring System (CVSS) version 3.1. For more information go to the following link

Evidence

The Evidence tab corresponds to a subsection where we provide you with supporting proof of the existence and exploitation of the corresponding type of vulnerability. We present such evidence in pictures, videos or GIFs when we identify this type of vulnerability for the first time in your system. This evidence changes each time we perform a reattack on this type of vulnerability.

Evidence

Tracking

Here you find the history of each Vulnerability. For more information go to the following link.

Records

Clicking on the Records tab, you can see a section with a table showing the information our ethical hackers obtained after exploiting the specific type of vulnerability in your system that you are exploring. All the information included there, which varies from case to case, we consider to be sensitive and relevant to your organization. You might see financial information (e.g., account numbers, financial movements, credit card numbers), personal information (e.g., phone numbers, contacts, personal IDs, physical addresses), technical information (e.g., roles, keys, access tokens), among others.

Records

Consulting

You can post any doubt, comment, or thought you want to share with the Fluid Attacks team or your team in the Consulting tab. This section works like a forum where anyone can post and reply. For more information go to the following link.