Search

See Resources

KnowledgeBase Severity Levels

Qualys assigns a vulnerability category and a severity level for each vulnerability detected. Vulnerability categories are Vulnerability, Potential Vulnerability and Information Gathered. A severity level indicates the security risk posed by exploitation of the vulnerability and its degree of difficulty. The results of successful exploitation of a vulnerability can vary from disclosure of information about the host to a complete compromise of the host.

Vulnerability Categories

Vulnerabilities Vulnerability icon

Vulnerabilities are design flaws or misconfigurations that make your network (or a host on your network) susceptible to malicious attacks from local or remote users. Vulnerabilities can exist in several areas of your network, such as in your firewalls, FTP servers, Web servers, operating systems or CGI bins. Depending on the level of the security risk, the successful exploitation of a vulnerability can vary from the disclosure of information about the host to a complete compromise of the host. The severity levels for vulnerabilities are level 1 (minimal), level 2 (medium), level 3 (serious), level 4 (critical) and level 5 (urgent).

Potential Vulnerabilities Potential Vulnerability icon

Potential Vulnerabilities include vulnerabilities that cannot be fully verified. In these cases, at least one necessary condition for the vulnerability is detected. It's recommended that you investigate these vulnerabilities further. The service can verify the existence of some potential vulnerabilities when authenticated trusted scanning is enabled. The severity levels for vulnerabilities are level 1 (minimal), level 2 (medium), level 3 (serious), level 4 (critical) and level 5 (urgent).

Information Gathered Information Gathered and Services icon

Information Gathered includes visible information about the network related to the host, such as traceroute information, Internet Service Provider (ISP), or a list of reachable hosts. Information Gathered severity levels also include Network Mapping data, such as detected firewalls, SMTP banners, or a list of open TCP services. The severity levels for vulnerabilities are level 1 (minimal), level 2 (medium) and level 3 (serious).

Email or call us at +1 800 745 4355 or try our Global Contacts
Subscription Packages
Qualys Solutions
Qualys Community
Company
Free Trial & Tools
Popular Topics