CVSS v3.x Scoring System
When Code Insight is configured to report security vulnerabilities using the CVSS v3.x scoring system, the color-coded segments in Vulnerabilities bar graph represent the following severity levels:
| • | Dark brown—Critical severity (CVSS score 9.0 - 10.0) |
| • | Red—High severity (CVSS score7.0 - 8.9) |
| • | Gold—Medium severity (CVSS score 4.0 - 6.9) |
| • | Yellow—Low severity (CVSS score 0.1 - 3.9) |
| • | None—No severity available (N/A) |
The following Vulnerabilities bar graph reflects vulnerability counts for an inventory item when CVSS v3.x scoring is used. (The counts are based on vulnerability scores in all CVSS v3 systems supported by Code Insight, currently v3.1 and v3.0. A given vulnerability can have only one v3 score—either a v3.1 or v3.0 score, not both.) This specific graph indicates 13 vulnerabilities of critical severity, 5 of high severity, 3 of medium severity, 0 of low severity, and 5 of unknown severity.
