Confluence 3.5 : Severity Levels for Security Issues
This page last changed on Nov 13, 2009 by edawson.
Severity LevelsAtlassian security advisories include a severity level. This severity level is based on our self-calculated CVSS score for each specific vulnerability. CVSS is an industry standard vulnerability metric. You can learn more about CVSS at FIRST.org web site. CVSS scores are mapped into the following severity ratings:
An approximate mapping guideline is as follows:
Below is a summary of the factors which illustrate types of vulnerabilities usually resulting in a specific severity level. Please keep in mind that this rating does not take into account details of your installation. Severity Level: CriticalVulnerabilities that score in the Critical range usually include:
For critical vulnerabilities, is advised that you patch or upgrade as soon as possible, unless you have other mitigating measures in place. For example, if your installation is not accessible from the Internet, this may be a mitigating factor. Severity Level: HighVulnerabilities that score in the High range usually have the following characteristics:
Severity Level: ModerateVulnerabilities that score in the Moderate range usually have the following characteristics:
Severity Level: LowVulnerabilities in the Low range typically have very little impact on an organisation's business. Exploitation of such vulnerabilities usually requires local or physical system access. Further readingSee How to Get Legendary Support from Atlassian for more support-related information. |
![]() |
Document generated by Confluence on Mar 16, 2011 18:52 |