AnsweredAssumed Answered

VM Scan Report: Qualys is showing a Potential vulnerability as type 'Vuln' in scan report

Question asked by Pat Tepen on Mar 26, 2015
Latest reply on Apr 8, 2015 by mmurray

I'm running a scan report that has the following attributes:

  • The Search List is set to look for all severity 3-5 vulnerabilities in our environment, both Potential and Confirmed.
  • The Report Template is configured to return only Confirmed vulnerabilities found on assets tagged in the filters.


What I'm seeing, though, are some Potential vulnerabilities in the report of type 'Vuln'.

Based on what I know about Qualys reporting, if somehow the template was configured to return the Potentials, they would be listed as type 'Practice' in the report.  Checking the knowledge base, I've verified that the vulnerabilities in question are Potential vulnerabilities (solid yellow bar).


How is this possible?