Get FDA readyServices
Solutions
Guardian helpGet a demo

Remediate a vulnerability

Depending on your organization, you’ll likely want to start with the most critical vulnerabilities first, so that you can assess their severity given your particular device, its environment and its use. The CVSS v3 column in shown by default in the Vulnerabilities table. You can click the Columns link above the table header row to customize your data display, including adding the CVSS v2 column.

Initially, all of your vulnerabilities will have a Status of blank. For CycloneDX status, you'll ultimately want to remediate each of these to either Exploitable or Not affected. For VEX status, you’ll ultimately want to remediate each of these to either Affected or Not affected. Some MDMs use CycloneDX for assigning internal statuses, while using the CycloneDX VEX profile to assign external statuses that will be communicated to customers and other external stakeholders.

To do so:

  1. If you're not familiar with a particular vulnerability, click Actions > View details to get all vulnerability information. Close this panel when you're ready to remediate this vulnerability.

  2. Click Actions > ... > Remediate vulnerability.

  3. If you're still investigating a vulnerability, choose the interim status for CycloneDX of In triage. If you have any information about the vulnerability that will help triage it, you will be able to add that to the Evidence field once you have chosen a status.

  4. If you're ready to remediate the vulnerability to a final status, choose the appropriate status. For CycloneDX, depending on the status, you may also need to select a remediation and justification for that remediation.

  5. If you'd also like to add a VEX status, click the Add CycloneDX VEX status link. Note that this is the CycloneDX profile of VEX, not OpenVEX, so the statuses are a subset. If you're still investigating a vulnerability, choose the interim status for CycloneDX VEX of Unknown.

  6. If you select any status besides an interim status for either CycloneDX or CycloneDX VEX, you'll need to provide information to explain this status change in the Evidence field. This will provide you with an audit trail for this vulnerability

  7. Click Apply remediation. In the Vulnerabilities table, you'll see the respective status(es) display in the CycloneDX status and VEX status columns, respectively.

PreviousApply Windows KB to resolve a vulnerabilityNextSend email with vulnerability details for future prioritization

Last updated

© Copyright MedCrypt 2024, All rights reserved.

#294: EOL release docs

Change request updated