Disable or enable risk change for a CVE or TPE

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • As a Vulnerability Manager and Analyst, you can disable or enable the risk change requests for the host vulnerabilities associated with a Common Vulnerability Entry (CVE) or Third-party Entry (TPE) in the Vulnerability Manager Workspace.

    Before you begin

    Role required: admin

    About this task

    The risk change for a CVE and TPE is enabled by default.

    Note:
    The compensating controls feature is available for host vulnerabilities only.

    Procedure

    1. Navigate to Workspaces > Vulnerability Manager Workspace.
      On the Lists page, under Libraries, open one of the following for which you want to disable the risk change requests:
      • CVE from the CVEs list.
      • TPEs from the TPEs list.
    2. Select Disable risk change.
      The remediation owner can’t request risk change for the host vulnerable items and application vulnerable items related to this CVE or TPE. In other words, the Request for Risk Reduction check box doesn’t appear when the Reason is selected as Mitigating Control in Place on the Request Exception modal.
    3. To enable the risk change requests for host vulnerable items and application vulnerable items, select Enable risk change.