Vulnerability Severity

We have multiple severity indicators that are visible on our CVE page, and file results page:

Field

Description

Possible values

severity

OPSWAT calculated severity key

CRITICAL

IMPORTANT

MODERATE

LOW

severity_index

OPSWAT calculated score based on CVSS and analyzing big data, called " OPSWAT Severity Core " based on:

  • CVSSv2/CVSSv3: still be a primary input

  • CVE Popularity: how active the given vulnerability

  • Compromised Risk rate: number of infected devices/total number of devices that we have seen this vulnerability exists in. T he data of risk level is coming from real life machine

  • CVE Lifecycle: how long the vulnerability has been reported

Between 0 and 100

CVSS score

CVSS 2.0 score

Between 0 and 10

The severity index of a hash is determined by the maximum severity indexes of it's associated vulnerabilities:

images/download/attachments/26170018/image2018-1-11_17-9-18.png