Any type of vulnerability can exist and be tracked in Resolve, such as application, network, configuration, and even physical vulnerabilities. Application and network vulnerabilities are the most common.

Instances in application vulnerabilities

Applications often have more instances per vulnerability than network types. For example, a cross-site scripting vulnerability might be present at multiple URLs within an application's endpoints. The same vulnerability may manifest itself from a single line of code and be found in a dynamic scan. This would lead to many findings of cross-site scripting being reported with a unique instance for each.

In another example, a static scan of the code may reveal a SQL injection vulnerability was replicated across many locations due to a single developer's code practice. This would lead to many instances of the vulnerability being reported with one finding.

In both of these examples, the instances will typically have the same remediation instructions for the vulnerability. Most common application vulnerability remediations require a code change, but patches to dependencies and configuration changes could also be required.

Instances in network vulnerabilities

With network vulnerabilities, instances and vulnerabilities often align 1:1. A common exception is with port uniqueness. If a vulnerable service is detected on multiple ports on the same asset, each affected port would have a corresponding instance.