/it/security/vulnerabilities.
Overview
The Vulnerabilities page displays a searchable, filterable table of vulnerabilities. Each row shows CVE ID, name, severity badge, discovery date, and remediation status badge. Filters: search, severity, and remediation status. The Report Vulnerability button navigates to/it/security/vulnerabilities/new. Clicking a vulnerability name navigates to its detail page.
Remediation status values from code: open, in_progress, remediated, false_positive.
Who it’s for
This route is protected byIT_PERMISSIONS.VIEW (it.view) via the module-level ITViewGuard. No additional per-route permission gate exists beyond the module guard.
Before you start
- No prerequisites. The list loads automatically.
Steps
- Navigate to IT > Security > Vulnerabilities, or go directly to
/it/security/vulnerabilities. - Use the search box to find vulnerabilities by name.
- Use the Severity and Status dropdowns to filter the list.
- Click a vulnerability name to open its detail page.
- Click Report Vulnerability to record a new one.
Key concepts
- CVE ID — optional Common Vulnerabilities and Exposures identifier.
- SecuritySeverity —
critical | high | medium | low. - RemediationStatus —
open | in_progress | remediated | false_positive.
Viewing a vulnerability
This page displays the full detail view for a single IT security vulnerability. Navigate to it at/it/security/vulnerabilities/:id.
The Vulnerability Details page shows vulnerability name, severity badge, optional CVE ID, discovery date, current remediation status, remediation date (if set), description, affected assets (AffectedAssetsCard), and remediation action buttons. Available actions depend on current status: Open shows “Mark In Progress”; Open or In Progress shows “Mark Remediated” and “Mark False Positive”; Remediated shows “Reopen”.
Before you start: the vulnerability must already exist.
- Navigate to IT > Security > Vulnerabilities and click a vulnerability name, or navigate directly to
/it/security/vulnerabilities/:id. - Review the metadata cards: discovered date, remediation status, and remediation date.
- Read the vulnerability description.
- Review the Affected Assets section.
- Use the Remediation Actions buttons to advance the vulnerability’s status:
- Click Mark In Progress to begin remediation.
- Click Mark Remediated when the issue is resolved.
- Click Mark False Positive if the finding is not a real vulnerability.
- Click Reopen if a remediated vulnerability recurs.
remediation_date — set when status transitions to
remediated.CVE ID — displayed in monospace below the title if set.
Reporting a vulnerability
This page provides a form to report a new security vulnerability. Navigate to it at/it/security/vulnerabilities/new.
The New Vulnerability page is a single-step form. Required field is Vulnerability Name; all other fields (CVE ID, severity, discovered date, description) are optional. New records are created with remediation_status set to open. On success the user is redirected to the Vulnerabilities list at /it/security/vulnerabilities.
This route is protected by IT_PERMISSIONS.VIEW (it.view) via the module-level ITViewGuard. No additional per-route permission gate exists beyond the module guard.
Before you start: have the vulnerability name and, if available, the CVE identifier. Know the severity level and the date it was discovered.
- Navigate to IT > Security > Vulnerabilities and click Report Vulnerability, or go directly to
/it/security/vulnerabilities/new. - Enter the Vulnerability Name (required).
- Optionally enter a CVE ID (e.g.,
CVE-2024-12345). - Select a Severity: Critical, High, Medium (default), or Low.
- Set the Discovered Date (defaults to today).
- Enter a Description including impact and potential remediation steps.
- Click Report Vulnerability. On success you are redirected to the Vulnerabilities list.
remediation_status: open; status can be advanced to in_progress, remediated, or false_positive from the vulnerability detail page.
Editing a vulnerability
The Edit Vulnerability screen allows updating an existing vulnerability record and is accessible at/it/security/vulnerabilities/:id/edit.
The Edit Vulnerability page loads the existing record via useVulnerability. The form fields include: CVE ID (optional), vulnerability name, severity (default medium), discovery date, remediation status (default open), description, remediation notes, and optional remediation date. On save, updateVulnerability is called. A loading skeleton is shown while data loads and an error/not-found state is displayed when appropriate. A back-navigation button is provided.
Before you start: the vulnerability record must exist.
- Navigate to
/it/security/vulnerabilities/:id/editfrom the vulnerability detail or list page. - Modify CVE ID, name, severity, discovery date, remediation status, description, and notes.
- If remediation is complete, set the remediation status accordingly and enter the remediation date and notes.
- Submit the form to save updates and navigate back.
severity —
SecuritySeverity type; default medium.remediation_status —
RemediationStatus type; default open.remediation_date — Optional date when the vulnerability was remediated.
Related
IT Service Management
IT Service Management overview.
Governance & parity
This page documents shipped product behavior. It is not medical, legal, or
billing advice. Verify against your organization’s policies and applicable
regulations before using it for clinical, compliance, or billing decisions.
Protected health information (PHI) shown in the product is governed by your
tenant’s access controls and is never exposed in this documentation.
Documentation sources
Documentation sources
- src/routes/it.tsx
- src/cores/it/pages/security/vulnerabilities/VulnerabilityListPage.tsx
- src/cores/it/pages/security/vulnerabilities/VulnerabilityDetailPage.tsx
- src/cores/it/pages/security/vulnerabilities/NewVulnerabilityPage.tsx
- src/cores/it/pages/security/vulnerabilities/EditVulnerabilityPage.tsx
- src/cores/it/hooks/useVulnerabilities.ts
- src/cores/it/hooks/useVulnerabilityMutations.ts
- src/cores/it/types/security.ts