Explore a Vulnerability

The dedicated Vulnerability Details page provides a wealth of information about the latest detection of a vulnerability, including its detailed description, classification by major standards, detection samples, remediation guidance, and access to the related online training.



The page is organized into tabs focusing on specific areas. The tab strip above the banner provides entries to these areas in which you can do the following:

Area What You Can Do
Summary View the vulnerability detection metrics in the banner, explore the detection details including the location of vulnerable code. Click the What is … link for general information about the vulnerability, including its classification by major standards.
Data flow

View a high-level visual representation of cross-project data flow steps. Drill down into the steps tracking the method calls that caused the vulnerability, and review the detailed explanations accompanying each call.
Verification proof View the details of verification performed by Seeker for this vulnerability.
HTTP request Explore the details of the HTTP Request in which the vulnerability has been detected.
Under HTTP Context:
  • Raw tab: displays the vulnerable HTTP request in raw format. You can copy and paste it into other tools for further validation.
  • cURL (cmd) tab or cURL (bash) tab: Choose the best option for your operating system and command line environment. Makes the vulnerable request available as a cURL command. You can copy and paste the request into other tools for further validation.
  • Request tab: displays the vulnerable HTTP request details.
  • Response tab: available for any checker detecting vulnerabilities that could be triggered by an HTTP request. Displays the vulnerable HTTP response details.
Previous detections Access the history of previous detections of this vulnerability.
Remediation Review the remediation guidance for this vulnerability.
Online training If online training is enabled, and online courses relevant for this vulnerability are available, the page displays the most relevant courses first, and then other related courses.
Right-side panel Handle the vulnerability: triage, track (create and view tickets), apply custom tags, and view and make comments.
Attention: If the vulnerability status change requires approval, and you are authorized to do so, an approval box will be displayed under Triage. Once you approve or deny, this status change will or will not take effect.
Note: By default, the detection time of a vulnerability is set according to the system time of the Seeker server. Administrators can change this behavior to set the detection time according to Agent machines by configuring an environment variable.