000014883 - Security Advisories Severity Rating

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000014883
Applies ToPort Scan Port Scanning vulnerability vulnerabilities
IssueSecurity Advisories Severity Rating
ResolutionSeverity Rating
A security vulnerability is classified by its severity rating, which is determined by many factors, including the level of effort required to exploit a vulnerability as well as the potential impact to data or business activities from a successful exploit. RSA currently uses the Common Vulnerability Scoring System version 2.0 (CVSS v2) to identify the severity level of identified vulnerabilities. The full standard, which is maintained by the Forum of Incident Response and Security Teams (FIRST), can be found at http://www.first.org/cvss/cvss-guide.
When and where applicable, RSA Security Advisories will provide the CVSS v2 Base Score and corresponding CVSS v2 Vector for identified vulnerabilities. The CVSS v2 Base score is a number between 0 and 10 with 10 being the highest severity, and calculated from known details of the identified vulnerability (see the table below).



CVSS v2 Base Score Metrics






Possible Values



Exploitability Metrics



Related exploit range



AccessVector (AV)



L = Local access, A = Adjacent network, N = Network


Attack complexity



AccessComplexity (AC)



H = High, M = Medium, L = Low


Level of authentication needed



Authentication (Au)



N = None required, S = Requires single instance, M = Requires multiple instances



Impact Metrics



Confidentiality impact



ConfImpact (C)



N = None, P = Partial, C = Complete


Integrity impact



IntegImpact (I)



N = None, P = Partial, C = Complete


Availability impact



AvailImpact (A)



N = None, P = Partial, C = Complete

Legacy Article IDa46604