AnsweredAssumed Answered

Is there a QID that tells if a vulnerability is half-red and half-yellow?

Question asked by Rusty Qualyz on Sep 21, 2017
Latest reply on Sep 21, 2017 by Rusty Qualyz

We are seeing some of our Confirmed (red) vulnerabilities turn to Potential (yellow).  So here is the scenario:  The QID is half-red and half-yellow:

An asset gets network scanned (authenticated), the vulnerability turns red

The Cloud Agent does a scan and the vulnerability turns yellow


This is done continually and we miss confirmed vulnerabilities depending on when the agent runs a scan.  There is no record of this in the ticket history.  It seems to me that no vulnerability team would want a Confirmed vulnerability to turn to a Potential (my opinion).


Has anyone else seen this behavior?  If so, how are you dealing with it?


Concerned Qualys customer,