Vulnerability Severity Indicators
Tenable assigns all vulnerabilities a severity (Info, Low, Medium, High, or Critical) based on the vulnerability's static CVSS score (the CVSS version depends on your configuration).
The Tenable Vulnerability Management interface uses different icons for each severity category and accepted or recasted status.
Note: While Tenable Vulnerability Management calculates Severity metrics based off CVSS, Tenable Exposure Management bases them solely off of VPR. As such, you can expect a difference in Severity values between the two applications.
| Icon |
Category |
And |
|---|---|---|
|
Critical |
You have not accepted or recasted the risk. |
|
You accepted the risk. | |
|
You recasted the severity to Critical. | |
|
High |
You have not accepted or recasted the risk. |
|
You accepted the risk. | |
|
You recasted the severity to High. | |
|
Medium |
You have not accepted or recasted the risk. |
|
You accepted the risk. | |
|
You recasted the severity to Medium. | |
|
Low |
You have not accepted or recasted the risk. |
|
You accepted the risk. | |
|
You recasted the severity to Low. | |
|
Info |
You have not accepted or recasted the risk. |
|
You accepted the risk. | |
|
You recasted the severity to Info. | |
|
Mixed | The plugin contains findings at multiple severity levels. This indicator appears in the Severity column when you use Group By Plugin in Explore > Findings. Hover over Mixed to see a tooltip listing each severity and the number of findings at that level. |