| Status |
Use to track workflow during your remediation
process. |
| CVSS |
An average score based on a combination of the
Base and Temporal CVSS metrics groups and any manually set severity
scores. |
| Severity Value |
Manually fine-tune the CVSS score for a specific
issue. Typically, you override the settings when you are importing
issues from a third-party scanner or from AppScan Standard, or when
you are triaging individual issues.
- Use CVSS
- Information = 0
- Low = 3
- Medium = 6
- High = 8
- Critical = 12
|
| Discovery Method |
Static Analysis (SAST) or Dynamic Analysis (DAST) |
| Scanner |
The type of third-party scanner that imported
the issue, for example Nessus Vulnerability Scanner. |
| Application |
An issue that is imported from AppScan Source.
It contains one or more projects and related attributes. An attribute
is a characteristic that helps organize scan results into meaningful
groups. |
| Element |
The name of the object on the page, for example,
cookie or parameter, that is vulnerable to the issue, for example, passw. |
| Classification |
Type of finding: vulnerability, exception, or
informational. An exception is an indication of a suspicious and potentially
vulnerable condition that requires more information or investigation. |
| Source File |
The source files in the AppScan Source project
that contain the vulnerabilities. |
| Line |
The line number in the source code where the
vulnerability was found. |
| API |
The API that contains the vulnerabilities. |
| Project Name |
A project in AppScan Source consists of a set
of files, including source code, and related information, for example,
configuration data. A project is always part of an application. |
| Fixed Date |
The date and time stamp of when the issues were fixed. This attribute is read-only. |
| Overdue |
An issue that has not been fixed by a predetermined date. |