Question
You may notice that most vulnerabilities include a Details tab that lists code events following the flow of data from source to sink with associated stack traces that detail exactly what happened to the data as it passes through the application, as in this example:
but some are missing the Details tab entirely:
Answer
It may have become obvious from the examples above, the difference is whether the vulnerability involves the flow of data.
For vulnerabilities that are detected via non-dataflow rules - predominantly those associated with application or app server configuration, there are no code event details to populate the Details tab.
However, the Overview tab should have sufficient detail about the vulnerability.
Additional data is also sometimes available (if needed) when the vulnerability is exported as XML.