In OneView, the Vulnerabilities page offers an overview of vulnerabilities in installed software on managed endpoints. This is essential for system security, as it highlights potential weaknesses that could be exploited. Regular vulnerability assessments allow organizations to proactively address risks from outdated or insecure software.
TIP - To keep vulnerability data current, set up a daily Inventory & Vulnerability Scan. If an endpoint is removed from OneView, its associated vulnerabilities are automatically removed from the console within 48 hours.
To view and manage vulnerabilities in OneView, go to Monitor > Vulnerabilities. There are 3 tabs on this page:
- Active Vulnerabilities: Shows current vulnerabilities on endpoints.
- Ignored Vulnerabilities: Lists vulnerabilities dismissed from Active Vulnerabilities.
- Resolved Vulnerabilities: Lists vulnerabilities addressed in the past 365 days.
Manage vulnerabilities
Administrators can view and ignore current vulnerabilities on the Active Vulnerabilities tab. They can also resolve them by updating applications with Patch Management.
If an installed application is not needed, remove it from the endpoint using the Software Inventory page. For more information, see Uninstall software with Vulnerability & Patch Management in OneView.
Filter for important vulnerabilities
The quick filters at the top of the page help admins focus on specific sets of vulnerabilities. We suggest resolving vulnerabilities in this order:
- Ransomware Risk: Vulnerabilities linked to ransomware campaigns and require immediate attention.
- CISA Recommended: Vulnerabilities listed in the Cybersecurity and Infrastructure Security Agency (CISA) managed catalog of Known Exploited Vulnerabilities.
- Severity level: Vulnerabilities sorted by severity and impact.
Active Vulnerabilities table
The following information is displayed for each endpoint vulnerability.
| Column | Description |
|---|---|
| Application | Name of the vulnerable application. |
| Application version | Currently installed version of the application. |
| CISA recommended |
CISA recommends resolving this vulnerability. Click on the CVE number for resolution details.
|
| CVE |
The Common Vulnerability and Exposures (CVE) number as reported in the National Vulnerability Database.
|
| Description | Description of the vulnerability and how it is used to exploit the application. |
| Domain name | Name of the computer group the workstation belongs to. |
| Endpoint | Device name. |
| Group | OneView group the endpoint belongs to. |
| Identified date | Date the vulnerability was detected on the endpoint. |
| OS platform | Windows or macOS. |
| OS release name | The public release name of the operating system. |
| OS type | Workstation or server. |
| OS version | Version of the operating system. |
| Severity |
Severity level of a vulnerability determined by using a calculated score based on Common Vulnerability Scoring System (CVSS) and by analyzing real data, with the following inputs:
|
| Site | OneView Site name assigned to the endpoint with the vulnerability. |
| Update available | Identifies if the application can be updated directly from OneView with Patch Management. If not, update the application manually to resolve the vulnerability. |
| Vendor | Vendor name of the vulnerable application. |
Ignore vulnerabilities
Ignoring vulnerabilities increases breach risks. It's essential to resolve them to prevent threats and unauthorized access. However, some vulnerabilities may not apply if an application must stay on a specific version.
For instance, if an in-house app relies on a specific Adobe version, updating it could break the app. In this case, the vulnerability can be ignored from the Active Vulnerabilities tab.
- Check the boxes for specific CVE numbers.
- Click Actions > Ignore.
- Review the selected vulnerabilities in the pop-up window.
- Select how long to ignore the vulnerability:
- Permanent: Do not detect this vulnerability again until it is manually removed from the list. Use this option sparingly, as it requires extra effort to track unresolved vulnerabilities.
- 30 or 60 days: Temporarily ignore the vulnerability and revisit in a short amount of time.
- Custom date: Ignore the vulnerability until a certain date.
- Provide a reason for ignoring the vulnerability. This helps other admins understand the decision.
- Click Ignore.
The vulnerability is moved to the Ignored Vulnerabilities tab. This tab adds the following columns to the table:
| Column | Description |
|---|---|
| Ignore duration | How long the vulnerability remains unaddressed. |
| Ignore reason | Admin's reason for ignoring the vulnerability. |
| Ignored date | Date an admin ignored the vulnerability from the Active Vulnerabilities tab |
| User | Admin who ignored the vulnerability. |
Restore ignored vulnerabilities
Ignored vulnerabilities reappear in the Active Vulnerabilities tab once their duration ends and can be re-ignored as needed.
For permanently ignored vulnerabilities, an admin must restore them manually from the Ignored Vulnerabilities tab, which can also be used to restore a vulnerability before its duration expires. To do this:
- Click on the Ignored Vulnerabilities tab.
- Check the box next to an ignored vulnerability.
- Click Actions > Restore.
- Click Confirm.
Edit ignored vulnerabilities
To update the duration or reason for an ignored vulnerability:
- Click on the Ignored Vulnerabilities tab.
- Check the box next to an ignored vulnerability.
- Click Actions > Edit.
- Update the duration or reason.
- Click Save.
Resolve vulnerabilities
Vulnerabilities can be patched from the Active Vulnerabilities page by updating software.
- Check the boxes for specific CVE numbers.
- Click Actions > Update Software.
- In the confirmation window, click Update software.
- If the Update software button is grayed out, the application isn't supported for updating via Patch Management. Manually update the software by visiting the vendor's website. Filter the Update available column to Yes to check which applications can be patched with Patch Management.
After the software is patched, run an Inventory & Vulnerability scan. This updates the Active Vulnerabilities list and moves the vulnerability to the Resolved Vulnerabilities tab. The Resolved Vulnerabilities tab adds the following column to the table:
| Column | Description |
|---|---|
| Resolved Date | When the vulnerability was resolved. |
Return to Vulnerability and Patch Management.