The vulnerability data provides multiple indicators for the risk level of an entry. For example CVSSv2 and CVSSv3 scores and exploit prices - There is also risk information available from other sources like other vulnerability databases, vulnerability scanners, and intrusion detection systems.
Every entry does also contain a risk level which is defined by the VulDB moderation team. The risk level consists of 3 different levels:
- Attack vectors limited to local are usually low (e.g. denial of service, information disclosure) or medium (e.g. privilege escalation, code execution, buffer overflow)
- Impact levels which promise high level access or even system access are at least medium (e.g. authentication required) and under some circumstances high (e.g. no prerequisites, exploit available, popular vulnerability)
Do you know our Splunk app?
Download it now for free!