Locations

United States Change All Microsoft Sites

Search

Some vulnerabilities are easier to exploit than others, and vulnerability complexity is an important factor to consider in determining the magnitude of the threat a vulnerability poses. A High severity vulnerability that can only be exploited under very specific and rare circumstances might require less immediate attention than a lower severity vulnerability that can be exploited more easily.

Security investigators take both severity and complexity into account when determining the appropriate response to a vulnerability. CVSS version 2.0 uses three complexity designations: Low, Medium, and High. The table below gives definitions for these designations.

A Complete Guide to the Common Vulnerability Scoring System Version 2.0

Definitions from Peter Mell, Karen Scarfone, and Sasha Romanosky, A Complete Guide to the Common Vulnerability Scoring System Version 2.0, section 2.1.2.

Feedback:

Was the information in this article helpful?