The result report includes the following:
Overview of objectives, scope of implementation.
Summary of approach, implementation methodology.
A report of identified vulnerabilities in the systems and their severity.
For each vulnerability: severity level (critical, high, medium, low) / CVSS score, detailed description, reference link, location/parameter of that vulnerability on the system, analysis of the possibility to be exploited internally/externally, proof of concept (PoC), steps to reproduce PoC, ….
The remediation for each vulnerability in the listed systems in the scope of work: