Tell me about Severity levels
Click to view navigation pane

Home

Tell me about Severity Levels

The severity level assigned to a vulnerability tells you the security risk associated with its exploitation.

Confirmed Vulnerabilities

Confirmed vulnerabilities (QIDs) are design flaws, programming errors, or mis-configurations that make your web application and web application platform susceptible to malicious attacks. Depending on the level of the security risk, the successful exploitation of a confirmed vulnerability can vary from the disclosure of information to a complete compromise of the web application and/or the web application platform. Even if the web application isn't fully compromised, an exploited confirmed vulnerability could still lead to the web application being used to launch attacks against users of the site.

See confirmed severity levelsSee confirmed severity levels

Severity

Level

Description

Confirmed Vulnerability with severity level 1.

Minimal

Basic information disclosure (e.g. web server type, programming language) might enable intruders to discover other vulnerabilities, but lack of this information does not make the vulnerability harder to find.

Confirmed Vulnerability with severity level 2.

Medium

Intruders may be able to collect sensitive information about the application platform, such as the precise version of software used. With this information, intruders can easily exploit known vulnerabilities specific to software versions. Other types of sensitive information might disclose a few lines of source code or hidden directories.

Confirmed Vulnerability with severity level 3.

Serious

Vulnerabilities at this level typically disclose security-related information that could result in misuse or an exploit. Examples include source code disclosure or transmitting authentication credentials over non-encrypted channels.

Confirmed Vulnerability with severity level 4.

Critical

Intruders can exploit the vulnerability to gain highly sensitive content or affect other users of the web application. Examples include certain types of cross-site scripting and SQL injection attacks.

Confirmed Vulnerability with severity level 5.

Urgent

Intruders can exploit the vulnerability to compromise the web application's data store, obtain information from other users' accounts, or obtain command execution on a host in the web application's architecture.

 

Potential Vulnerabilities

Potential Vulnerabilities indicate that the scanner observed a weakness or error that is commonly used to attack a web application, and the scanner was unable to confirm if the weakness or error could be exploited. Where possible, the QID's description and results section include information and hints for following-up with manual analysis. For example, the exploitability of a QID may be influenced by characteristics that the scanner cannot confirm, such as the web application's network architecture, or the test to confirm exploitability requires more intrusive testing than the scanner is designed to conduct.

See potential severity levelsSee potential severity levels

Severity

Level

Description

Potential Vulnerability with severity level 1.

Minimal

Presence of this vulnerability is indicative of basic information disclosure (e.g. web server type, programming language) and might enable intruders to discover other vulnerabilities. For example in this scenario, information such as web server type, programming language, passwords or file path references can be disclosed.

Potential Vulnerability with severity level 2.

Medium

Presence of this vulnerability is indicative of basic information disclosure (e.g. web server type, programming language) and might enable intruders to discover other vulnerabilities. For example version of software or session data can be disclosed, which could be used to exploit.

Potential Vulnerability with severity level 3.

Serious

Presence of this vulnerability might give access to security-related information to intruders who are bound to misuse or exploit. Examples of what could happen if this vulnerability was exploited include bringing down the server or causing hindrance to the regular service.

Potential Vulnerability with severity level 4.

Critical

Presence of this vulnerability might give intruders the ability to gain highly sensitive content or affect other users of the web application.

Potential Vulnerability with severity level 5.

Urgent

Presence of this vulnerability might enable intruders to compromise the web application's data store, obtain information from other users' accounts, or obtain command execution on a host in the web application's architecture. For example in this scenario, the web application users can potentially be targeted if the application is exploited.

 

Information Gathered

Information Gathered issues (QIDs) include visible information about the web application's platform, code, or architecture. It may also include information about users of the web application.

See information gathered severity levelsSee information gathered severity levels

Severity

Level

Description

Information Gathered issues with severity level 1.

Minimal

Intruders may be able to retrieve sensitive information related to the web application platform.

Information Gathered issues with severity level 2.

Medium

Intruders may be able to retrieve sensitive information related to internal functionality or business logic of the web application.

Information Gathered issues with severity level 3.

Serious

Intruders may be able to detect highly sensitive data, such as personally identifiable information (PII) about other users of the web application.

 

Sensitive Content

Sensitive content may be detected based on known patterns (credit card numbers, social security numbers) or custom patterns (strings, regular expressions), depending on the option profile used. Intruders may gain access to sensitive content that could result in misuse or other exploits.

See sensitive content severity levelsSee sensitive content severity levels

Severity

Level

Description

Sensitive content of level 1.

Minimal

Sensitive content was found in the web server response. During our scan of the site, we found form(s) with field(s) for credit card number or social security number. This information disclosure could result in a confidentiality breach and could be a target for intruders. For this reason we recommend caution.

Sensitive content of level 2.

Medium

Sensitive content was found in the web server response. Specifically our service found a certain sensitive content pattern (defined in the option profile). This information disclosure could result in a confidentiality breach and could be a target for intruders. For this reason we recommend caution.

Sensitive content of level 3.

Serious

Sensitive content was found in the web server response - a valid social security number or credit card information. This information disclosure could result in a confidentiality breach, and it gives intruders access to valid sensitive content that could be misused.

 

Potential Confirmed

Vulnerabilities assigned a half red / half yellow severity level  (such as half red and half yellow severity level) in the KnowledgeBase, represent vulnerabilities that may be confirmed in some cases and not confirmed in other cases because of various factors affecting scan results. If the vulnerability is confirmed during a scan, it appears as a red vulnerability in the results. If it cannot be confirmed, it appears as a yellow potential vulnerability in the results. Additionally, scans may not result in enough information for confirming certain vulnerabilities due to the scan options applied to the scan, and the services running at the time of the scan.

Related Topics

Edit Severity

Customize severity levels