Severity Definitions

Severity Definitions:

TitleDescription
HighThe type of data exposed is considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure will lead to brand/reputational damage, compliance issues, and/or financial losses.
MediumThe type of data exposed may be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure may lead to brand/reputational damage, compliance issues, and/or financial losses.
LowThe type of data exposed could be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure could lead to brand/reputational damage, compliance issues, and/or financial losses.

Exploit-ability Definitions:

TitleDescription
EasyThe data exposure is easy to exploit.
ModerateThe data exposure is moderately difficult to exploit.
DifficultThe data exposure is difficult to exploit.

Priority Definitions:

P1 Issues are vulnerabilities that can allow a remote attacker to pull data from your application or the user's device or a vulnerability that could result in negative brand impact or press attention.

P2, P3, and P4 Issues are customer controlled, where the general SLAs are below:

TitleRecommend SLA
P01 Day
P1Next Release

P2

30 Days
P390 Days
P4365 Days