Select > Reports > Portal > Repository > Standard Content > OWASP > A 9 - Using Components with Known Vulnerabilities.
Many of the components within a web application, such as the libraries and modules, run with the same privileges as the application itself. Applications and APIs using components with known vulnerabilities can undermine application defenses and enable various attacks and impacts. Malicious users can exploit vulnerabilities in SSH and SSL. For example, the Heartbleed Bug is a known SSL vulnerability. Your enterprise might have large numbers of SSH keys because end users can create new SSH keys (credentials) or even duplicate them without oversight, unlike certificates or passwords. A malicious user can gain long-term access to your resources by taking advantage of SSH keys that have been left unaccounted for.
To check whether components can be exploited, use the following dashboards and reports:
Provides charts and a table that show hosts with the most SSH vulnerabilities and the most reported vulnerabilities. You can review these vulnerabilities over time, by agent severity, and by risk indicator.
Lists the hosts reported to have the most SSH vulnerabilities.
Lists the hosts reported to have the most SSL vulnerabilities.
This report also is available in the Vulnerability Monitoring category of the Foundation reports.
Provides charts and a table that show the top signature IDs for the antivirus programs that have failed to update, as well as the hosts most likely to be vulnerable. You can review these vulnerabilities over time and by agent severity.