Zimbra Vulnerability Rating Classification

Revision as of 16:29, 28 September 2015 by Plobbes (talk | contribs) (update policy link)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Zimbra Vulnerability Rating Classification

Zimbra uses the "NVD Common Vulnerability Scoring System v2" ("CVSS") for scoring and communicating the characteristics and urgency of vulnerabilities. You can read more on the CVSS Scoring System at the following URL: https://nvd.nist.gov/cvss.cfm

Once a vulnerability has been CVSS scored, Zimbra assigns a "Zimbra Vulnerability Rating Classification" based on that CVSS Score. The Rating Classification in turn determines how Zimbra will respond to the Vulnerability, as defined in our Zimbra Security Response Policy.

The Zimbra Vulnerability Rating Classification is the following:

Zimbra Vulnerability Rating Classification CVSS Score Alignment Definition
Critical 8.0-10.0 Vulnerability can be exploited by an unauthenticated attacker. Exploitation results in the complete compromise of confidentiality, integrity, and/or availability of user data and/or processing resources without user interaction. Exploitation could be automated and/or leveraged to propagate an Internet worm.
Major 5.0-7.9 A vulnerability where exploitation may result in compromise of confidentiality and/or integrity of user data or system resources through an authenticated attacker, or where harmful data could be used to impact a single user or user data through some action by the user themselves, or where an unauthenticated attacker may significantly compromise availability of the system or service.
Minor 0.0-4.9 All other issues with security impact. A vulnerability where exploitation is believed to be difficult or limited in scope, or where successful exploitation would have minimal impact, or where a default configuration limits the likelihood or scope of the vulnerability.

Try Zimbra

Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »

Want to get involved?

You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »


Jump to: navigation, search