Home
Issues
Issues view provides access to the results of a scan. You can view results at a high level or select specific tests or objects and access more details. These details include how to fix, requests/responses, and differences between the test variants that resulted in issues. You can manipulate the severity of issues, resend tests (with or without modifications), and create reports based on Issues.
Issues: Result list
Issue severity levels

Issues
Issues view provides access to the results of a scan. You can view results at a high level or select specific tests or objects and access more details. These details include how to fix, requests/responses, and differences between the test variants that resulted in issues. You can manipulate the severity of issues, resend tests (with or without modifications), and create reports based on Issues.
- Issues: Application tree
- Issues: Result list
  - Issue severity levels
    - Change issue severity
      You can manually change the severity level for an issue, overriding its CVSS score.
    - Apply CVSS 3.1 to legacy results
      How to update a scan run with an older CVSS version.
  - Issue state: Open or Noise
    Issues not relevant to your application can be designated as "Noise" and removed from the results.
  - Resending tests
  - Right-click menu
  - Filtering Security Issues in Result List
    You can filter the Result List for types of issues, or you can search for a specific issue.
  - Sorting the Result List
- Issues: Detail pane
- Report false positive test results
- Manual tests
- Non-vulnerable variants

Issue severity levels

In the case of individual issues, the severity icon indicates the severity level of the issue; in the case of Issue Types and URLs, it indicates the most severe of all issues under that node.

Severity level is calculated based on CVSS 3.1 scoring, taking into account environment definitions you can optionally configure. In addition, you can manually change the severity level of individual issues or groups of issues.


Icon	Severity	Description	Score	Examples
	Critical	High severity issues that are easier to exploit.	9 - 10	Exploitation of the vulnerability likely results in root-level compromise of servers or infrastructure devices. Exploitation is usually straightforward.
	High	Direct danger to your application, web server, or information.	7 - 8.9	Executing commands on server, stealing customer information, denial of service.
	Medium	Threat through unauthorized access to private areas, though the database and operating system are not at risk.	4 - 6.9	Script source disclosure, forceful browsing.
	Low	Allow for unauthorized reconnaissance.	0.1 - 3.9	Server path disclosure, internal IP address disclosure.
	Informational	Issues you should know about, not necessarily security issues.	0	Insecure methods enabled.