The report shows that the vulnerability is active and has been detected recently but the last fixed date is populated by a date many months ago. Does this mean it was fixed then the fixed was removed?
Correct. Or something was re-installed that re-introduced the vulnerability.
Yes, if something was removed or re-installed, then the vulnerability would come back. If you go to the VM module, then to Remediation and then to Tickets, look up the asset IP and QID. If you look at the info in the ticket, specifically the ticket history section, it will give you the history with dates on when it was opened, closed and if it was re-opened. Very helpful area.
Only word of warning, this tab can take forever and a day to open... So don't select it if you are in a rush.
Retrieving data ...