Skip to main content
This page lists all tracked IT security vulnerabilities. Navigate to it at /it/security/vulnerabilities.

Overview

The Vulnerabilities page displays a searchable, filterable table of vulnerabilities. Each row shows CVE ID, name, severity badge, discovery date, and remediation status badge. Filters: search, severity, and remediation status. The Report Vulnerability button navigates to /it/security/vulnerabilities/new. Clicking a vulnerability name navigates to its detail page. Remediation status values from code: open, in_progress, remediated, false_positive.

Who it’s for

This route is protected by IT_PERMISSIONS.VIEW (it.view) via the module-level ITViewGuard. No additional per-route permission gate exists beyond the module guard.

Before you start

  • No prerequisites. The list loads automatically.

Steps

  1. Navigate to IT > Security > Vulnerabilities, or go directly to /it/security/vulnerabilities.
  2. Use the search box to find vulnerabilities by name.
  3. Use the Severity and Status dropdowns to filter the list.
  4. Click a vulnerability name to open its detail page.
  5. Click Report Vulnerability to record a new one.

Key concepts

  • CVE ID — optional Common Vulnerabilities and Exposures identifier.
  • SecuritySeveritycritical | high | medium | low.
  • RemediationStatusopen | in_progress | remediated | false_positive.

Viewing a vulnerability

This page displays the full detail view for a single IT security vulnerability. Navigate to it at /it/security/vulnerabilities/:id. The Vulnerability Details page shows vulnerability name, severity badge, optional CVE ID, discovery date, current remediation status, remediation date (if set), description, affected assets (AffectedAssetsCard), and remediation action buttons. Available actions depend on current status: Open shows “Mark In Progress”; Open or In Progress shows “Mark Remediated” and “Mark False Positive”; Remediated shows “Reopen”. Before you start: the vulnerability must already exist.
  1. Navigate to IT > Security > Vulnerabilities and click a vulnerability name, or navigate directly to /it/security/vulnerabilities/:id.
  2. Review the metadata cards: discovered date, remediation status, and remediation date.
  3. Read the vulnerability description.
  4. Review the Affected Assets section.
  5. Use the Remediation Actions buttons to advance the vulnerability’s status:
    • Click Mark In Progress to begin remediation.
    • Click Mark Remediated when the issue is resolved.
    • Click Mark False Positive if the finding is not a real vulnerability.
    • Click Reopen if a remediated vulnerability recurs.
AffectedAssetsCard — shows the list of IT assets impacted by this vulnerability.
remediation_date — set when status transitions to remediated.
CVE ID — displayed in monospace below the title if set.

Reporting a vulnerability

This page provides a form to report a new security vulnerability. Navigate to it at /it/security/vulnerabilities/new. The New Vulnerability page is a single-step form. Required field is Vulnerability Name; all other fields (CVE ID, severity, discovered date, description) are optional. New records are created with remediation_status set to open. On success the user is redirected to the Vulnerabilities list at /it/security/vulnerabilities. This route is protected by IT_PERMISSIONS.VIEW (it.view) via the module-level ITViewGuard. No additional per-route permission gate exists beyond the module guard. Before you start: have the vulnerability name and, if available, the CVE identifier. Know the severity level and the date it was discovered.
  1. Navigate to IT > Security > Vulnerabilities and click Report Vulnerability, or go directly to /it/security/vulnerabilities/new.
  2. Enter the Vulnerability Name (required).
  3. Optionally enter a CVE ID (e.g., CVE-2024-12345).
  4. Select a Severity: Critical, High, Medium (default), or Low.
  5. Set the Discovered Date (defaults to today).
  6. Enter a Description including impact and potential remediation steps.
  7. Click Report Vulnerability. On success you are redirected to the Vulnerabilities list.
New records start with remediation_status: open; status can be advanced to in_progress, remediated, or false_positive from the vulnerability detail page.

Editing a vulnerability

The Edit Vulnerability screen allows updating an existing vulnerability record and is accessible at /it/security/vulnerabilities/:id/edit. The Edit Vulnerability page loads the existing record via useVulnerability. The form fields include: CVE ID (optional), vulnerability name, severity (default medium), discovery date, remediation status (default open), description, remediation notes, and optional remediation date. On save, updateVulnerability is called. A loading skeleton is shown while data loads and an error/not-found state is displayed when appropriate. A back-navigation button is provided. Before you start: the vulnerability record must exist.
  1. Navigate to /it/security/vulnerabilities/:id/edit from the vulnerability detail or list page.
  2. Modify CVE ID, name, severity, discovery date, remediation status, description, and notes.
  3. If remediation is complete, set the remediation status accordingly and enter the remediation date and notes.
  4. Submit the form to save updates and navigate back.
cve_id — Optional CVE identifier (e.g., CVE-2024-12345); stored as a free-text field.
severitySecuritySeverity type; default medium.
remediation_statusRemediationStatus type; default open.
remediation_date — Optional date when the vulnerability was remediated.

IT Service Management

IT Service Management overview.

Governance & parity

This page documents shipped product behavior. It is not medical, legal, or billing advice. Verify against your organization’s policies and applicable regulations before using it for clinical, compliance, or billing decisions. Protected health information (PHI) shown in the product is governed by your tenant’s access controls and is never exposed in this documentation.
  • src/routes/it.tsx
  • src/cores/it/pages/security/vulnerabilities/VulnerabilityListPage.tsx
  • src/cores/it/pages/security/vulnerabilities/VulnerabilityDetailPage.tsx
  • src/cores/it/pages/security/vulnerabilities/NewVulnerabilityPage.tsx
  • src/cores/it/pages/security/vulnerabilities/EditVulnerabilityPage.tsx
  • src/cores/it/hooks/useVulnerabilities.ts
  • src/cores/it/hooks/useVulnerabilityMutations.ts
  • src/cores/it/types/security.ts