This topic provides an overview of the vulnerability fix feature of Security Center. You can use Security Center to detect and fix major vulnerabilities. You can view detected vulnerabilities and perform scan tasks manually on the Vulnerabilities page. This helps you monitor the vulnerabilities and security status of your assets.

Background information

For more information about vulnerability fix features supported by each edition of Security Center, see Vulnerability fixing.

Security Center can detect the following types of vulnerabilities:

Operating systems that support vulnerability detection

Operating system Version
CentOS CentOS 5, CentOS 6, and CentOS 7
Ubuntu Ubuntu 14, Ubuntu 16, and Ubuntu 18
Windows Server Windows Server 2008, Windows Server 2012, Windows Server 2016, and Windows Server 2019

Vulnerability statistics

To view vulnerability statistics, log on to the Security Center console and click Vulnerabilities in the left-side navigation pane. On the page that appears, you can view the following statistics:

  • Vul Servers
    Click the number under Vul Servers to go to the Assets > Server tab. On this tab, you can view the details of servers on which vulnerabilities are detected.The Server tab
  • Container Image Vul
    Click the number next to Container Image Vul to go to the Container Image Vul tab. On this tab, you can view the container images on which vulnerabilities are detected.The Container Image Vul tab
    Note Only when container image vulnerabilities are detected, statistics are displayed on the Container Image Vul tab.
  • Recommended Fix (CVE)
    Click the number under Recommended Fix (CVE) to go to the Recommended Fix (CVE) page. On the Recommended Fix (CVE) page, you can view and fix all High priority vulnerabilities.The Recommended Fix (CVE) page
    Note Currently, you can view and fix Linux software, Windows system, and Web-CMS vulnerabilities on the Recommended Fix (CVE) page.
  • Fixing
    Click the number under Fixing to go to the Fixing page. On the Fixing page, you can view the assets exposed to the vulnerabilities and the progress of vulnerability fixes.The Fixing page
  • Fixed Today and Total Fixed
    Click the number under Fixed Today or Total Fixed to go to the Fixed Today or Total Fixed page. You can view information about the assets exposed to the vulnerabilities that Security Center is Fixing or has Fixed.Fixed vulnerabilities
    You can perform the following operations:
    • View related processes: Click The Related process icon in the Related process column to view the processes or service systems that may be affected when Security Center is fixing the vulnerability.
    • View details of the Alibaba Cloud vulnerability library: Click the target CVE ID in the Vul (cve) column to view details about the vulnerability in the Alibaba Cloud vulnerability library.
      If multiple vulnerabilities are detected on an asset, the number of the vulnerabilities is displayed in the Vul (cve) column. To view the details of a vulnerability, place the pointer over the displayed CVE ID, and then select the target CVE ID.The Vul (cve) column
    • View details of the vulnerability fix: Click Details in the Actions column to view the descriptions and risks of the vulnerability fix.Vulnerability details
    • Undo Fix: If you have created a snapshot for an asset, you can undo the fixes of the vulnerabilities on this asset. To undo a fix, click Undo Fix in the Actions column, select the target snapshot, and then click OK.
      Note You can undo fixes of Linux software vulnerabilities only.
  • System Vul scan time
    The time when the last vulnerability scan was performed.
    Note If you need to manually scan newly purchased Elastic Compute Service (ECS) instances at an unscheduled time, click Scan now to start a scan task. For more information, see Quick scan.