Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Qualys Adds Real-Time Exploitability Data to Its Vulnerability Management

Qualys today announced that its QualysGuard Vulnerability Management (VM) now includes correlated exploitability information from real-time feeds to provide customers with up-to-date references to exploits and related security resources.

Qualys today announced that its QualysGuard Vulnerability Management (VM) now includes correlated exploitability information from real-time feeds to provide customers with up-to-date references to exploits and related security resources. With this new addition, customers running vulnerability scans can view the latest correlated exploits from third party vendors including Core Security, Immunity, and related exploit information from Metasploit and The Exploit-DataBase.QualysGuard Vulnerability Management

Previously, when running vulnerability scans, users would be presented with a list of Common Vulnerabilities and Exposures (CVEs), and have to manually look up exploits for each CVE, a time consuming process. With the new features, QualysGuard VM scans automatically, producing a list of correlated exploits for each CVE, using a databases of tested exploits from several vendors including Core Security, Immunity, The Exploit-DataBase or Metasploit.

The new exploitability correlation feature includes:

• Live exploit feeds from Core Security, Immunity (and their partners Agora, Dsquare, Enable Security, White Phosphorous), Metasploit and The Exploit-DataBase. Customers can choose the source of exploit data.

• An “Exploitability” column in the QualysGuard KnowledgeBase indicating whether exploitability information is available for the vulnerability from third party vendors and/or publicly available sources.

• Exploit details for any vulnerability selected, including the CVE reference, a description of the exploit provided by the source and a link to the exploit when available.

• The ability to include exploitability information for vulnerabilities in scan reports.

The new feature is available immediately in QualysGuard Vulnerability Management.

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.