search
Go to eAuditor cloud®Website

Vulnerability management

hashtag
Vulnerability detection in applications

The system automatically analyzes installed software and compares its versions with public vulnerability databases. This makes it immediately clear which applications require updates and where real risk exists.

The feature is available in: IT Infrastructure → Software → Details

hashtag
Column Detected vulnerabilities

The software table contains a dedicated column for vulnerabilities.

  • If vulnerabilities are found for a given version, a list of CVE identifiers appears.

  • Each vulnerability is shown as a separate item.

  • No entries mean that no known vulnerabilities were detected for that version in the databases.

This allows quickly sorting or filtering the list and focusing on applications that truly require action.

hashtag
Vulnerability detailed view

Clicking on a selected vulnerability opens a detailed view containing, among others:

  • vulnerability description,

  • CVE number,

  • EUVD identifier,

  • CVSS score,

  • EPSS indicator,

  • information about the product and version it affects,

  • publication/update date of the entry,

  • reference links to external sources.

This eliminates the need to search for information manually on the Internet — all key data is available directly in the system.

chevron-rightWhat does CVSS mean?hashtag

CVSS (Common Vulnerability Scoring System) is a standard for assessing the severity of a vulnerability. The score is given on a scale from 0 to 10.

Example interpretation:

  • 0.1 - 3.9 → low severity

  • 4.0 - 6.9 → medium severity

  • 7.0 - 8.9 → high severity

  • 9.0 - 10 → critical severity

The higher the score, the greater the potential risk to the organization.

chevron-rightWhat does EPSS mean?hashtag

EPSS (Exploit Prediction Scoring System) determines the probability that a given vulnerability will be actually exploited in an attack.

In practice:

  • low EPSS → the vulnerability exists but has a low chance of being exploited,

  • high EPSS → a high probability that an exploit is already circulating or will appear soon.

Combining CVSS and EPSS enables prioritization decisions — not only based on the “theoretical severity” but also on the real risk of attack.

chevron-rightReference linkshashtag

The detailed view provides direct references to external sources, such as:

  • NVD (nvd.nist.gov),

  • Chromium entries / vendor entries,

  • official update information.

This allows quickly verifying the vulnerability context, checking technical details, or the availability of patches.

hashtag
Summary

The vulnerability detection mechanism runs automatically in the background and is an integral part of software inventory. Update management and the vulnerability remediation process are described in a separate section of the documentation.

PreviousSoftwareNextDevices

Last updated

Was this helpful?