We are seeing some of our Confirmed (red) vulnerabilities turn to Potential (yellow). So here is the scenario: The QID is half-red and half-yellow:
An asset gets network scanned (authenticated), the vulnerability turns red
The Cloud Agent does a scan and the vulnerability turns yellow
This is done continually and we miss confirmed vulnerabilities depending on when the agent runs a scan. There is no record of this in the ticket history. It seems to me that no vulnerability team would want a Confirmed vulnerability to turn to a Potential (my opinion).
Has anyone else seen this behavior? If so, how are you dealing with it?
Concerned Qualys customer,