Vulnerabilities
This is the single spot where all the discovered problems and vulnerabilities across all categories will be displayed with sorting and filtering options. The table data will load the operating system with the most data and the Critical Severity problem group by default.
- Security < Continuous Threat Exposure Management < 'Vulnerabilities'
Access the Vulnerabilities from the Security - CTEM category
Data is filtered by default to Internal Vulnerabilities, Windows OS, and Critical Severity. You can cycle between the filters to view data according to your preferences.
- Internal Vulnerabilities = discovered on the assets directly from agent scanning
- External Vulnerabilities = discovered on external assets from probe network scanning, external scanning, or attack surface mapper scanning.
Problem Category Groups
Here are the default problem category groups that discovered problems will automatically go into.
| Problem Category | Description |
| All Vulnerabilities | Displays every detected vulnerability across all severities and categories |
| Critical Severity Vulnerabilities | Displays critical-severity vulnerabilities only |
| High Severity Vulnerabilities | Displays high-severity vulnerabilities only |
| Medium Severity Vulnerabilities | Displays medium-severity vulnerabilities only |
| Low Severity Vulnerabilities | Displays low-severity vulnerabilities only |
| SMB Vulnerabilities | Displays the SMB protocol-related vulnerabilities |
| SSL/TLS Vulnerabilities | Displays the SSL?TLS cipher/certificate-based vulnerabilities |
| SSL Certificate Info | Displays informational findings about SSL/TLS certificates (issuer, expiry, subject, chain, key strength) |
| Running Services | Displays network services detected as running on the asset (port, protocol, service banner) |
| Web Server Fingerprint | Displays identified web server software, version, and technology stack details |
| Information Disclosure | Displays vulnerabilities where the asset is leaking sensitive data such as version banners, internal paths, configuration, or directory listings |
| Remote Login Vulnerabilities | Displays the remote login-based vulnerabilities |
| CISA Notified Vulnerabilities | Displays the vulnerabilities where the EPSS score is greater than or equal to 95% |
| EPSS >= 0.95 | Displays the vulnerabilities where the EPSS score is greater than or equal to 95%, indicating very high real-world exploitation probability |
| 0.95 > EPSS >= 0.90 | Displays the vulnerabilities where the EPSS score is between 90% and 95%. |
| 0.90 > EPSS >= 0.85 | Displays the vulnerabilities where the EPSS score is between 85% and 90%. |
| Database Vulnerabilities | Displays vulnerabilities affecting database services (e.g. MSSQL, MySQL, PostgreSQL, Oracle, MongoDB) |
| Mail Vulnerabilities | Displays vulnerabilities affecting mail services and protocols (SMTP, IMAP, POP3, Exchange) |
| Remote Access Vulnerabilities | Displays vulnerabilities in remote access services such as RDP, VNC, TeamViewer, AnyDesk, or remote shell protocols |
| Informational | Displays the vulnerabilities where the category is informational only; these do not carry a CVE or impact the risk score or asset scoring of the company |
| High Severity Network Vulnerabilities | Displays high-severity vulnerabilities detected at the network/service layer rather than the OS or application layer |
| Medium Severity Network Vulnerabilities | Displays medium-severity vulnerabilities detected at the network/service layer |
| Low Severity Network Vulnerabilities | Displays low-severity vulnerabilities detected at the network/service layer |
| Critical Network Vulnerabilities | Displays critical-severity vulnerabilities detected at the network/service layer |
Problem Groups are how the CTEM portal will automatically categorize discovered vulnerabilities.
Tap the CVE-ID in the Problem Name field for the NIST/NVD source reference.
Use the three-dot Action menu to access the ‘Suppress’ option.
You can do this in mass by selecting multiple records and tapping the Global Actions button.
Use the column buttons to view the additional details.
This includes the Affected Assets, Suppressed Records, and Auto Suppressed Records.
- Suppressed Records = manually suppressed using a three-dot Action menu or Global Actions.
- Auto Suppressed = automatically suppressed based on ‘Suppress Vulnerabilities Days' settings.
Please note that for auto-suppression, our system references the published date of the vulnerability, not the KB release date.
Registry + Driver + SNMP Issues Vulnerabilities
The second bottom half of the screen contains a table of additional problems/vulnerabilities discovered by the scanning agents. This includes Registry, Driver-based checks and SNMP Issues.
Note: All SNMP issues will be listed under SNMP Issues instead of the Registry tab.
Like the above half, you can tap between the buttons to see Remediated and Suppressed records.
To access the Evidence CSV, click the Asset count and tap the Evidence icon.
The scope of Xcitium CTEM is limited to identifying registry vulnerabilities and providing documented remediation steps as evidence. Implementation of the required registry changes is performed by technicians.
Integration Action
It is necessary to set up an integration before use. This will allow you to take any discovered vulnerability and send it through the integration as a call to action.
- IE: Create a ticket in your PSA
- IE: Send email to your support email distribution group
- IE: Post a message to a Teams/Slack channel
Select the three-dot Action menu or check the box to access Global Actions, then tap the Integration Action option.
You can choose one based on your configured integrations and then select an action.
Complete the required fields based on the selected integration to complete.