It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Vulnerability Remediation Service

Understanding Barracuda Vulnerability Remediation Service Reports

  • Last updated on

The Barracuda Vulnerability Remediation Service Report contains a comprehensive set of details to help you determine how to resolve existing vulnerabilities.

During the scan, the Barracuda Vulnerability Remediation Service collects information about your applications to increase accuracy and find vulnerabilities in the application. The Barracuda Vulnerability Remediation Service does not collect any personally identifiable information (PII), source code, or records from your application's database, regardless of whether the information is publicly accessible.

Executive Summary

The Executive Summary section is a quick glance at your risk level based on the vulnerabilities discovered on your application website, including a breakdown by severity level.

ExecSummaryAdv.png

 

Scan Information

The Scan Information section lists the basic information about the scan, including domain verification and the authentication username, if authentication was used.

Server Information

The Server Information section lists basic information about the server that was scanned.

Standard Compliance

This section shows whether you qualify for compliance with several different industry-standard compliance measures, including:

The Barracuda Vulnerability Remediation Service cannot guarantee that you comply with these measures, but can determine if you are not compliant. Links in this section direct you to compliance information direct from the respective sources.

Table of Contents

This section lists web application vulnerabilities found in the scan, ordered by severity level. Click a link to view the detailed results for each issue.

This is not a guarantee that there are not additional vulnerabilities that were undiscovered.

 

Each section within the detailed results includes:

Name of the Vulnerability

The title of each section is the official name of each vulnerability.

CVSS

 The National Vulnerability Database's Common Vulnerability Scoring System score and vector.

List of Pages 

The pages in your web application on which this vulnerability was found.

Path

The path in your web server where the vulnerability was located.

Severity

The severity of the vulnerability. You can change this value, based on your organization's perception of the Severity. Refer to Vulnerabilities or click the Help icon on the Vulnerabilities on page for information on changing the Severity.

SymbolDescription
critical.jpgAttack severity is Critical
high.jpgAttack severity is High
medium.jpgAttack severity level is Medium
low.jpgAttack severity level is Low
false positive.jpgAttack severity level is False Positive
Confidence

How likely it is that your website has this vulnerability. Confidence levels include:

    • Certain
    • Likely
    • Possible
Status

Shows the current status of this vulnerability. All vulnerabilities start as New when they are first detected. You can use the Vulnerability Details page to mitigate or otherwise change the status of vulnerabilities. For more information, see How to Work with Vulnerabilities in the Vulnerability Details Page. 

    • New
    • Passive Mode
    • Active Mode
    • Manual
    • Ignored
Details

Describes how the scanner detected this vulnerability.

Recent Scans Table

This table lists recent scans on this application and shows in which of them this vulnerability was found. The table includes:

    • Scan Date – The date the scan was run.
    • Configuration – The name of the scan.
    • Type – The description of the scan.
    • Status – Whether the vulnerability was found in that specific scan.

 

Refer to Vulnerabilities and How to Work with Vulnerabilities in the Vulnerability Details Page to learn more about changing certain vulnerability-related values.