000014883 - Security Advisories Severity Rating

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000014883
Applies ToPort Scan Port Scanning vulnerability vulnerabilities
 
IssueSecurity Advisories Severity Rating
ResolutionSeverity Rating
A security vulnerability is classified by its severity rating, which is determined by many factors, including the level of effort required to exploit a vulnerability as well as the potential impact to data or business activities from a successful exploit. RSA currently uses the Common Vulnerability Scoring System version 2.0 (CVSS v2) to identify the severity level of identified vulnerabilities. The full standard, which is maintained by the Forum of Incident Response and Security Teams (FIRST), can be found at http://www.first.org/cvss/cvss-guide.
When and where applicable, RSA Security Advisories will provide the CVSS v2 Base Score and corresponding CVSS v2 Vector for identified vulnerabilities. The CVSS v2 Base score is a number between 0 and 10 with 10 being the highest severity, and calculated from known details of the identified vulnerability (see the table below).

 

  

CVSS v2 Base Score Metrics


  

  

Description


  

  

Possible Values


  

  

Exploitability Metrics


  

  

Related exploit range


  

  

AccessVector (AV)


  

  

L = Local access, A = Adjacent network, N = Network


  
 
  

Attack complexity


  

  

AccessComplexity (AC)


  

  

H = High, M = Medium, L = Low


  
 
  

Level of authentication needed


  

  

Authentication (Au)


  

  

N = None required, S = Requires single instance, M = Requires multiple instances


  

  

Impact Metrics


  

  

Confidentiality impact


  

  

ConfImpact (C)


  

  

N = None, P = Partial, C = Complete


  
 
  

Integrity impact


  

  

IntegImpact (I)


  

  

N = None, P = Partial, C = Complete


  
 
  

Availability impact


  

  

AvailImpact (A)


  

  

N = None, P = Partial, C = Complete


  
Legacy Article IDa46604

Attachments

    Outcomes