000014883 - RSA Security Advisories Severity Rating

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Nov 14, 2017
Version 5Show Document
  • View in full screen mode

Article Content

Article Number000014883
IssueSecurity Advisories Severity Rating
ResolutionSeverity Rating
A security vulnerability is classified by its severity rating, which is determined by many factors, including the level of effort required to exploit a vulnerability as well as the potential impact to data or business activities from a successful exploit. RSA currently uses the Common Vulnerability Scoring System version 3.0 (CVSS v3.0) to identify the severity level of identified vulnerabilities. The full standard, which is maintained by the Forum of Incident Response and Security Teams (FIRST), can be found at: https://www.first.org/cvss.
When and where applicable, RSA Security Advisories will provide the CVSS v3.0 Base Score, corresponding CVSS v3.0 Vector and the CVSS v3.0 Severity Rating Scale for identified vulnerabilities. RSA recommends that all customers take into account both the Base Score and any Temporal and/or Environmental Scores that may be relevant to their environment to assess their overall risk.
CVSS v3 Base Score MetricsDescriptionPossible Values
Exploitability MetricsRelated exploit rangeAttackVector (AV)P = Physical access, L = Local access, A = Adjacent network, N = Network
 Attack complexityAttackComplexity (AC)L = Low, H = High
 Level of privileges requiredPrivilegesRequired(PR)N = None required, L = Low privileges required, H = High privileges required
 User interactionUserInteraction (UI)N = None, R = Required
Scope MetricScopeScope (S)U = Unchanged. No scope change, C = Changed. Scope changed
Impact MetricsConfidentiality impactConfImpact (C)N = None, L = Low, H = High
 Integrity impactIntegImpact (I)N = None, L = Low, H = High
 Availability impactAvailImpact (A)N = None, L = Low, H = High
Legacy Article IDa46604