Jul 23, 2021 09:54 AM
Need clarification on severity rating for SA103136
SA103136 - This is coming across as low in Flexera database, however the CVE's have a score of High
CVE-2021-21995 - CVSS v3 score is 7.5
CVE-2021-21994 - CVSS v3 score is 9.8
Can someone please help clarify on the severity rating for this advisory?
Jul 27, 2021 06:07 PM
As general comment, Secunia Research typically makes its ratings based on active consideration of more vulnerability exploitation metrics compared to NVD or other public vendors. When the product usage context analysis is applied, the CVSS scoring in SVM might differ from the public one.
For details on how scoring has been applied for specific CVEs, you may wish open a case with Flexera Support who can connect you with the Secunia Research team.
(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)