You can generate an audit report that shows a list of all common vulnerabilities and
exposures (CVEs) for a runtime in your inventory in comma-separated value (CSV) format.
Before you begin
You must have a user profile with the View security data permission
or the Manage security data permission. For more information, see Configuring roles and
permissions.
Choose a server by clicking the server name in the Server column on the
Security page or Server management page, then click the
Vulnerabilities tab in the server details page, then click
CVEs
Figure 1. Viewing Server vulnerabilities page with a list of vulnerabilities for
the server
If you do not see a listing of CVEs, either no servers are registered, or you have
insufficient permissions. For instructions on registering servers, see Registering a server. For more
information about permissions, see Roles and
permissions.
Click Download audit report.
In the system dialog that opens, you can open or save the audit report to your local
computer.
Open the audit report by using a program capable of viewing CSV files, such as a spreadsheet
editor.
The data looks similar to the following image:Figure 2. Viewing example audit report of CVEs for a registered server in CSV format
Note the column headings:
Risk level
The risk label, based on the specific CVSS score.
CVSS
The numerical rating of the severity of the vulnerability on a scale of 0 to 10, according to
the Common Vulnerability Scoring System (CVSS).
CVE
The CVE ID for the specific vulnerability.
Bulletin
The bulletin ID that contains the specific vulnerability.
Bulletin URL
The URL to the specific vulnerability on the IBM Support website.
Status
Either Resolved or Unresolved, depending on whether the applicable fix was applied to the
server.
Days exposed
The total number of days of vulnerability exposure for the registered server with the oldest
detection date.
Initial detection time
The date that WebSphere Automation first detected the vulnerability
on the server.
Note the column headings: