This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base Archive
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA Security Advisories Severity Rating

Article Number

000014883

Applies To

All RSA Products

Resolution

Severity Rating

A security vulnerability is classified by its severity rating, which is determined by many factors, including the level of effort required to exploit a vulnerability as well as the potential impact to data or business activities from a successful exploit. RSA currently uses the Common Vulnerability Scoring System version 3.0 (CVSS v3.0) to identify the severity level of identified vulnerabilities. The full standard, which is maintained by the Forum of Incident Response and Security Teams (FIRST), can be found at https://www.first.org/cvss.

When and where applicable, RSA Security Advisories will provide the CVSS v3.0 Base Score, corresponding CVSS v3.0 Vector and the CVSS v3.0 Severity Rating Scale for identified vulnerabilities. RSA recommends that all customers take into account both the Base Score and any Temporal and/or Environmental Scores that may be relevant to their environment to assess their overall risk.
 
CVSS v3 Base Score MetricsDescriptionPossible Values
Exploitability MetricsRelated exploit rangeAttackVector (AV)P = Physical access, L = Local access, A = Adjacent network, N = Network
 Attack complexityAttackComplexity (AC)L = Low, H = High
 Level of privileges requiredPrivilegesRequired(PR)N = None required, L = Low privileges required, H = High privileges required
 User interactionUserInteraction (UI)N = None, R = Required
Scope MetricScopeScope (S)U = Unchanged. No scope change, C = Changed. Scope changed
Impact MetricsConfidentiality impactConfImpact (C)N = None, L = Low, H = High
 Integrity impactIntegImpact (I)N = None, L = Low, H = High
 Availability impactAvailImpact (A)N = None, L = Low, H = High

 

Severity

The Severity field in an RSA Security Advisory is defined with the value of Critical, High, Medium or Low based on the highest CVSSv3 score of the CVEs associated with the advisory. The severity level is determined based on the criteria below.
 
Severity LevelCriteria
CriticalCVSSv3 base score is greater than or equal to 9.0
HighCVSSv3 base score is greater than or equal to 7.0 but less than 9.0
MediumCVSSv3 base score is greater than or equal to 4.0 but less than 7.0
LowCVSSv3 base score is less than or equal to 3.9

Notes

For information on the severity rating for Dell EMC products, refer to the following article: 000468307 - Dell EMC Security Alert (DSA) Severity Rating
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 09:50 PM
Updated by:
Administrator Administrator

Related Content

© 2022 RSA Security LLC or its affiliates. All rights reserved.