Risk Ratings

Each vulnerability has a risk rating assigned. The following is a description of the different categories.

• High, Medium, Low: confirmed vulnerabilities with a different score that considers the impact and complexity.
• Hardening: absence of hardening measures that can prevent and mitigate the impact of certain vulnerabilities.
• Potentially: non-confirmed vulnerabilities that may depend on context and usage.
• Secure: applies to vulnerabilities and hardening mechanisms, this indicates that tests confirm the absence of the vulnerability, or the implementation of the security measure.
• Important, Info: Informative findings that can help with manual assessment, understanding of application behavior or confirming certain aspects of the application, like using a certificate to sign the application.