1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Compute Edition Administrator’s Guide
    5. Vulnerability management
    6. CVSS scoring
    End-of-Life (EoL)

    CVSS scoring

    Because severity terminology can vary between projects, Prisma Cloud normalizes severity ratings into a common schema. Prisma Cloud leverages the CVSS 3.0 scoring system.

    Mappings

    We only normalize vulnerability ratings for the purpose of creating rules. Console’s Monitoring section shows vendor terminology, not Prisma Cloud’s normalized scores (low, medium, high, critical).
    The following table maps popular vendor terminology to Prisma Cloud normalized scores:
    Vendor terminology
    Prisma Cloud score
    Unimportant
    Low
    Unassigned
    Low
    Negligible
    Low
    Not yet assigned
    Low
    Low
    Low
    Medium
    Medium
    Moderate
    Medium
    High
    High
    Important
    High
    Critical
    Critical
    In the absence of project-specific terminology, Prisma Cloud normalizes using the CVSS base scores defined by NIST. In addition to the numeric CVSS scores, NVD provides severity rankings of Low, Medium, High, and Critical. These qualitative rankings are simply mapped from the numeric CVSS scores:
    CVSS base score
    Prisma Cloud severity
    0.0 - 3.9
    Low
    4.0 - 6.9
    Medium
    7.0 - 8.9
    High
    9.0 -10.0
    Critical

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo