Vulnerability Severity

CVSSv2/CVSSv3: still be a primary input
CVE Popularity: how active the given vulnerability
Compromised Risk rate: number of infected devices/total number of devices that we have seen this vulnerability exists in. T he data of risk level is coming from real life machine
CVE Lifecycle: how long the vulnerability has been reported

We have multiple severity indicators that are visible on our CVE and file results pages:

Field	Description	Possible values
severity	OPSWAT calculated severity key	CRITICAL IMPORTANT MODERATE LOW
severity_index	OPSWAT calculated score based on CVSS and analyzing big data, called " OPSWAT Severity Core " based on: CVSSv2/CVSSv3: still be a primary input CVE Popularity: how active the given vulnerability Compromised Risk rate: number of infected devices/total number of devices that we have seen this vulnerability exists in. T he data of risk level is coming from real life machine CVE Lifecycle: how long the vulnerability has been reported	Between 0 and 100
CVSS score	CVSS 2.0 score	Between 0 and 10

The severity index of a hash is determined by the maximum severity indexes of it's associated vulnerabilities:

Last updated on

Was this page helpful?