Select > Reports > Portal > Repository > Standard Content > Foundation.
Many of the components within a web application, such as the libraries and modules, run with the same privileges as the application itself. Applications and APIs using components with known vulnerabilities can undermine application defenses and enable various attacks and impacts. For example, malicious users can exploit a known in SSL with the Heartbleed Bug. Web site and web applications can be vulnerable to cross-site scripting (XSS) and cross-site request forgery (XSRF) attacks. In an XSRF attack, also known as a one-click attack or session riding, a malicious user submits unauthorized commands to a web application from a user account that the application trusts.
High-risk vulnerabilities represent those that are relatively easy for attackers to exploit and gain control over system components. Many high-risk vulnerabilities can temporarily or permanently disrupt enterprise operations.
To check whether your enterprise has vulnerabilties, use the following dashboard and reports:
Lists all high-risk vulnerabilities found on the specified hosts.
You must specify one host by Destination Host.
Lists the hosts reported to have the most SSL vulnerabilities.
This report also is available in the Using Components with Known Vulnerabilities category of the OWASP reports.
Provides charts and a table to help you track the vulnerabilities reported in your enterprise.
Lists all vulnerabilities found on the specified hosts.
You must specify one IP address.
Lists the top 10 hosts that are vulnerable to a cross-site request forgery (XSRF or CSRF) attack.
Lists the top 10 hosts that are vulnerable to cross-site scripting (XSS) attacks.