Each issue is has a risk score consisting of the three main aspects of security (Confidentiality, Integrity and Availability) categorized from None to Critical.
Aspects of security
Confidentiality: An attacker can read internal or sensitive data, like passwords, software versions, etc.
Integrity: An attacker can modify data on your system, like bank account details, DNS entries, etc.
Availability: An attacker may impact the availability of your systems, e.g. by deleting files or overloading your systems.
Severity
![riskscores](https://sos-at-vie-1.exo.io/offensity-www-media/images/riskscores.width-930.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=EXO62529db2da36e4e9a10b1db6%2F20240727%2Fat-vie-1%2Fs3%2Faws4_request&X-Amz-Date=20240727T052433Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d2b5c6251c3d98ae09bfb3e4af12c3e85de281259e651f68e367b3ffc5de0725)
5 - Critical
Impact: There is critical impact on security. An attacker can compromise the systems with low effort.
Recommended resolution time: We recommend resolving this issue immediately, at latest within one week.
4 - High
Impact: The issue has severe impact on your systems and may be abused by attackers with manageable effort.
Recommended resolution time: We recommend resolving this issue within one week.
3 - Medium
Impact: The issue may be abused by attackers in targeted or multi-stage attacks.
Recommended resolution time: This issue may be handled in your continuous improvement process. We recommend resolving it within eight weeks.
2 - Low
Impact: There is small impact on security. The issue may indicate improper configurations or workflows.
Recommended resolution time: Evaluate if this issue is caused by an underlying workflow deficiency or the impacted service could be disabled or isolated. The issue does not necessarily need to be resolved.
1 - None
Impact: The issue has no security impact.
Recommended resolution time: The issue does not need to be resolved and is informational only.