Severity Ranking
We use the CVSS (Common Vulnerability Scoring System) to evaluate the severity of reported vulnerabilities.
P1: Critical (CVSS >= 9.0)
Vulnerabilities that cause a privilege escalation on the platform from unprivileged to admin, allows remote code execution, financial theft, etc.
P2: High (CVSS 7.0 - 8.9)
Vulnerabilities that affect the security of the platform including the processes it supports.
P3: Medium (CVSS 5.0 - 6.9)
Vulnerabilities that affect multiple users, and require little or no user interaction to trigger.
P4: Low (CVSS < 5.0)
Issues that affect singular users and require interaction or significant prerequisites to trigger.