08-22-2011 10:45 AM
How is the threat severity level determined?
Critical, High, Medium, Low or Informational
08-22-2011 03:09 PM
Criticall vulnerabilities typically affect default installations of widely deployed software, result in root compromise of servers, and the exploit code is widely available to attackers. The attacker usually does not need any special authentication credentials or knowledge about the individual victims and the target does not need to be manipulated into performing any special functions.
High vulnerabilities typically have the ability to become critical but have mitigating factors that make them less attractive to attackers. They may be difficult to exploit,.do not result in elevated privileges or do not have a large victim pool.
Moderatevulnerabilities are those where the scales are tipped in favor of the victim, such as a denial of service attack which does not compromise the target. They include exploits that require an attacker to reside on the same LAN as the victim, affect only non-standard configurations or obscure applications, or the exploitation only provides very limited access.
Low vulnerabilities typically have very little impact on an organization's infrastructure. They usually require local or physical system access and may often result in victim privacy or DoS issues and information leakage.
Informational vulnerabilities may be suspicious events that are reported to call attention that deeper problems could possibly exist.
08-22-2011 01:25 PM
Hi,
The document at this link contains the matrix for determining threat severity.
08-22-2011 01:34 PM
By threat severity I mean the Critical, High, Medium, Low and informational in the threat prevention table
08-22-2011 03:09 PM
Criticall vulnerabilities typically affect default installations of widely deployed software, result in root compromise of servers, and the exploit code is widely available to attackers. The attacker usually does not need any special authentication credentials or knowledge about the individual victims and the target does not need to be manipulated into performing any special functions.
High vulnerabilities typically have the ability to become critical but have mitigating factors that make them less attractive to attackers. They may be difficult to exploit,.do not result in elevated privileges or do not have a large victim pool.
Moderatevulnerabilities are those where the scales are tipped in favor of the victim, such as a denial of service attack which does not compromise the target. They include exploits that require an attacker to reside on the same LAN as the victim, affect only non-standard configurations or obscure applications, or the exploitation only provides very limited access.
Low vulnerabilities typically have very little impact on an organization's infrastructure. They usually require local or physical system access and may often result in victim privacy or DoS issues and information leakage.
Informational vulnerabilities may be suspicious events that are reported to call attention that deeper problems could possibly exist.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
