Viewing Detected CVEs in the Web UI
The Web UI is easiest for looking at data quickly. Use the CVE Analysis view to monitor if your applications have executed code known to be affected by a CVE. Open the web UI and select "Vulnerability Detection".
The table shows all CVEs that have been detected in the classes loaded by your instances. The CVE Status column indicates whether the vulnerable code has been executed or not:
-
USED
: The instance has executed the code affected by the CVE. -
PRESENT
: The CVE is present in the classes loaded by the instance, but the instance has not executed the code containing the CVE.
Column | Description |
---|---|
|
The name of the component. |
|
The component version. |
|
The CVE ID. If the component is not affected by any CVE, the column contains the string "No CVE impact". |
|
The CVE score. |
|
Indicates whether the code containing the CVE has been executed. |
|
The timestamp when the CVE was detected. |
|
The hostname of the instance host machine. |
|
The instance ID. An instance prints its ID to the console at startup if you enable logging of instance IDs. |
Note
|
For a short time (a few minutes) after a JVM starts, it will be shown in this overview but no components are listed yet. As soon as vulnerabilities analysis has been performed for the first time, the list will contain the correct data for this new JVM. |