Vulnerability Assessment Report
Sample deliverable from a quarterly vulnerability assessment engagement, including prioritized findings and remediation guidance.
Vulnerability Assessment Report
Prepared for: Sample Client Environment
Illustrative data for demonstration purposes only
Scope
- • 214 external IP addresses
- • 1,140 internal hosts
- • 12 cloud accounts (AWS, Azure)
- • Authenticated + unauthenticated scanning
Executive Summary
This quarterly assessment identified 37 findings across the in-scope environment, down from 52 in the prior quarter. Two critical findings involving unpatched remote code execution vulnerabilities were identified on internet-facing systems and require remediation within 72 hours per the client's SLA. No evidence of active exploitation was observed at the time of testing.
37
Total Findings
2 / 9
Critical / High
1,354
Assets Scanned
-29%
QoQ Change
Findings
| Finding | Severity | Asset |
|---|---|---|
| Unpatched Apache Struts RCE (CVE-2026-4471) Apply vendor patch 6.5.2 or later within 72 hours; restrict access via WAF in the interim. | Critical | ext-web-03.client.com |
| Exposed Redis instance with no authentication Enable AUTH, bind to internal interface only, restrict via security group. | Critical | 10.20.4.18 |
| TLS 1.0/1.1 still enabled Disable legacy TLS versions; enforce TLS 1.2+ only. | High | api.client.com |
| Default credentials on network printer management interface Change default credentials; disable remote management if unused. | High | 10.20.9.4 |
| Outdated OpenSSH version (8.2) Patch to latest OpenSSH release via standard patch cycle. | Medium | 42 internal hosts |
| Missing HTTP security headers (CSP, HSTS) Add recommended security headers at the load balancer or application layer. | Low | marketing.client.com |
Recommendations
- Remediate both critical findings within the 72-hour SLA window and notify Brangus IT for re-test scheduling.
- Prioritize high-severity findings within the current patch cycle (30 days).
- Review internal segmentation to reduce exposure of administrative interfaces like the Redis instance found above.
Want the full report for your environment?
This page shows illustrative sample data. Request a scoped engagement and we'll deliver the real thing for your organization.
Request This Report