Brangus ITBrangus IT
Sample Report

Vulnerability Assessment Report

Sample deliverable from a quarterly vulnerability assessment engagement, including prioritized findings and remediation guidance.

CONFIDENTIAL — SAMPLE DATA

Vulnerability Assessment Report

Prepared for: Sample Client Environment

Illustrative data for demonstration purposes only

Scope

  • 214 external IP addresses
  • 1,140 internal hosts
  • 12 cloud accounts (AWS, Azure)
  • Authenticated + unauthenticated scanning

Executive Summary

This quarterly assessment identified 37 findings across the in-scope environment, down from 52 in the prior quarter. Two critical findings involving unpatched remote code execution vulnerabilities were identified on internet-facing systems and require remediation within 72 hours per the client's SLA. No evidence of active exploitation was observed at the time of testing.

37

Total Findings

2 / 9

Critical / High

1,354

Assets Scanned

-29%

QoQ Change

Findings

FindingSeverityAsset
Unpatched Apache Struts RCE (CVE-2026-4471)

Apply vendor patch 6.5.2 or later within 72 hours; restrict access via WAF in the interim.

Criticalext-web-03.client.com
Exposed Redis instance with no authentication

Enable AUTH, bind to internal interface only, restrict via security group.

Critical10.20.4.18
TLS 1.0/1.1 still enabled

Disable legacy TLS versions; enforce TLS 1.2+ only.

Highapi.client.com
Default credentials on network printer management interface

Change default credentials; disable remote management if unused.

High10.20.9.4
Outdated OpenSSH version (8.2)

Patch to latest OpenSSH release via standard patch cycle.

Medium42 internal hosts
Missing HTTP security headers (CSP, HSTS)

Add recommended security headers at the load balancer or application layer.

Lowmarketing.client.com

Recommendations

  • Remediate both critical findings within the 72-hour SLA window and notify Brangus IT for re-test scheduling.
  • Prioritize high-severity findings within the current patch cycle (30 days).
  • Review internal segmentation to reduce exposure of administrative interfaces like the Redis instance found above.

Want the full report for your environment?

This page shows illustrative sample data. Request a scoped engagement and we'll deliver the real thing for your organization.

Request This Report