Severity

Severity is a categorization of the risk and urgency of a vulnerability.

For more information, see CVSS Scores vs. VPR.

CVSS-based Severity

When you view vulnerabilities in scan results, Tenable Nessus shows severity based on CVSSv2, CVSSv3, or CVSSv4 scores, depending on your configuration.

• You can choose whether Tenable Nessus calculates the severity of vulnerabilities using CVSSv2, CVSSv3, or CVSSv4 scores by configuring your default severity base setting. For more information, see Configure Your Default Severity Base.

• You can also configure individual scans to use a particular severity base, which overrides the default severity base for those scan results. For more information, see Configure the Severity Base for an Individual Scan.

VPR

When you view vulnerabilities in scan results, Tenable Nessus shows severity based on VPR.

EPSS-based Severity

When you view vulnerabilities in scan results, Tenable Nessus shows severity based on the Exploit Prediction Scoring System (EPSS).