RSA Security Advisories Severity Rating
Originally Published: 2009-07-08
Article Number
Applies To
Resolution
Severity Rating
A security vulnerability is classified by its severity rating, which is determined by many factors, including the level of effort required to exploit a vulnerability as well as the potential impact to data or business activities from a successful exploit. RSA currently uses the Common Vulnerability Scoring System version 3.0 (CVSS v3.0) to identify the severity level of identified vulnerabilities. The full standard, which is maintained by the Forum of Incident Response and Security Teams (FIRST), can be found at https://www.first.org/cvss.When and where applicable, RSA Security Advisories will provide the CVSS v3.0 Base Score, corresponding CVSS v3.0 Vector and the CVSS v3.0 Severity Rating Scale for identified vulnerabilities. RSA recommends that all customers take into account both the Base Score and any Temporal and/or Environmental Scores that may be relevant to their environment to assess their overall risk.
| CVSS v3 Base Score Metrics | Description | Possible Values | |
|---|---|---|---|
| Exploitability Metrics | Related exploit range | AttackVector (AV) | P = Physical access, L = Local access, A = Adjacent network, N = Network |
| Attack complexity | AttackComplexity (AC) | L = Low, H = High | |
| Level of privileges required | PrivilegesRequired(PR) | N = None required, L = Low privileges required, H = High privileges required | |
| User interaction | UserInteraction (UI) | N = None, R = Required | |
| Scope Metric | Scope | Scope (S) | U = Unchanged. No scope change, C = Changed. Scope changed |
| Impact Metrics | Confidentiality impact | ConfImpact (C) | N = None, L = Low, H = High |
| Integrity impact | IntegImpact (I) | N = None, L = Low, H = High | |
| Availability impact | AvailImpact (A) | N = None, L = Low, H = High | |
Severity
The Severity field in an RSA Security Advisory is defined with the value of Critical, High, Medium or Low based on the highest CVSSv3 score of the CVEs associated with the advisory. The severity level is determined based on the criteria below.| Severity Level | Criteria |
|---|---|
| Critical | CVSSv3 base score is greater than or equal to 9.0 |
| High | CVSSv3 base score is greater than or equal to 7.0 but less than 9.0 |
| Medium | CVSSv3 base score is greater than or equal to 4.0 but less than 7.0 |
| Low | CVSSv3 base score is less than or equal to 3.9 |
Notes
Related Articles
December 10, 2019 Intel Security Advisories: Impact on RSA Products Number of Views AES XTS mode and java.security.InvalidKeyException: java.security.InvalidAlgorithmParameterException: Algorithm parameters… Number of Views RSA Governance & Lifecycle Oracle EBS Connector Datasheet Number of Views Oracle Cloud Infrastructure - SAML My Page SSO Configuration - RSA Ready Implementation Guide Number of Views RSA Customer Advisory: OpenSSL 3.0.7 Security Patch CVE 2022-3786 CVE-2022-3602 Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
