Understanding Threat (Used for Sites in the Legacy Rating Methodology)

In the Legacy Rating Methodology, the Rating is reported based on Severity, but if you are viewing a particular vulnerability on the Vuln Details page, you can see the details under "Score." Score is a combination of Severity and Threat. Threat levels are rated zero to five:

  • 5 (Urgent): This is an easily exploited vulnerability; immediate remediation is recommended.

  • 4 (Critical): This is a commonly exploited vulnerability; priority remediation is recommended.

  • 3 (High): This is a regularly exploited vulnerability; priority remediation is recommended.

  • 2 (Medium): This is a moderately difficult vulnerability to exploit. Remediation is recommended.

  • 1 (Low): This is a difficult vulnerability to exploit. Remediation is recommended as possible.

  • 0 (Informational): This is an informational finding with negligible risk. Remediation is recommended as best practice.