Severity Rating Matrix

Critical: A vulnerability whose exploitation could allow for the propagation of an Internet worm or a non-recoverable system crash without user interaction.

High: A vulnerability whose exploitation could lead to a non-recoverable system crash, the compromise of a system providing elevation of privileges on the system, the spread of malware, and compromise of confidentiality or integrity of sensitive data but which requires limited user interaction such as clicking on a link in email or browsing to a malicious website.

Medium: A vulnerability whose exploitation may lead to degraded system performance, or whose exploitation can be significantly mitigated by a degree of factors such as default configuration, auditing, availability of a reasonable workaround or difficulty of exploitation.

Low: A vulnerability whose exploitation does not significantly impact the integrity or performance of the system. For example, a self-recovering DoS attack, information disclosure of non-sensitive data or an attack that crashes a client application.