Vulnerabilities
The Vulnerabilities tab on the agent detail page shows all CVEs detected on the endpoint. TridentStack Control continuously matches installed software versions and Windows build numbers against CVE databases to identify known vulnerabilities.
Current View
The default view shows all active vulnerabilities in a sortable, filterable table.
Vulnerability Table
| Column | Description |
|---|---|
| CVE ID | The CVE identifier, linked to the NVD entry |
| Software | The affected application or "Windows" for OS-level CVEs |
| Severity | Critical, High, Medium, or Low (color-coded) |
| CVSS Score | Numeric CVSS v3 base score |
| Status | Open, Resolved, or Pending Restart |
Summary Bar
Above the table, a summary strip shows:
- Total vulnerability count
- Breakdown by severity: Critical / High / Medium / Low
- KEV count (CISA Known Exploited Vulnerabilities)
Source Tabs (Windows Only)
On Windows agents, vulnerabilities are categorized by source:
- All: Every detected vulnerability
- System: CVEs in the Windows OS itself (based on build number and installed KBs)
- Software: CVEs in installed third-party applications (based on software inventory)
Filters
- Search: Filter by CVE ID, software name, or CWE identifier
- Severity: Show only Critical, High, Medium, or Low
- KEV only: Toggle to show only CISA Known Exploited Vulnerabilities
- Fixable only: Toggle to show only vulnerabilities with an available fix (KB or package update)
- Group by Remediation: Group vulnerabilities that share the same fix action (e.g., same KB resolves multiple CVEs)
Expanded Details
Click any vulnerability row to see full details:
- CVSS v3 vector breakdown: Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope, and Confidentiality/Integrity/Availability impact
- EPSS score: Exploit Prediction Scoring System probability and percentile
- KEV status: Whether this CVE is in the CISA Known Exploited Vulnerabilities catalog
- Fix information: The KB number or package update that resolves the vulnerability
- Detection logic: How the vulnerability was identified (version comparison, build number match, etc.)
Actions
From the expanded row, you can:
- Remediate: Open the remediation modal to trigger a fix (install the KB, update the package, etc.)
- Create Exception: Exempt this vulnerability from scoring and reporting, with a reason and optional expiration date
- Investigate: Open an investigation view for deeper analysis
History View
Toggle to History to see the vulnerability timeline for this agent:
- When vulnerabilities were first detected
- When they were resolved (by patch installation or software update)
- Status transitions over time
This helps you verify that remediation actions were effective and track how long vulnerabilities remained open.