Level 2

Need clarification on severity rating for SA103136

SA103136 - This is coming across as low in Flexera database, however the CVE's have a score of High

CVE-2021-21995 - CVSS v3 score is 7.5

CVE-2021-21994 - CVSS v3 score is 9.8


Can someone please help clarify on the severity rating for this advisory?

0 Kudos
2 Replies
Community Manager Community Manager
Community Manager

As general comment, Secunia Research typically makes its ratings based on active consideration of more vulnerability exploitation metrics compared to NVD or other public vendors. When the product usage context analysis is applied, the CVSS scoring in SVM might differ from the public one.
For details on how scoring has been applied for specific CVEs, you may wish open a case with Flexera Support who can connect you with the Secunia Research team.
(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)
0 Kudos

Thanks, got the clarification from Flexera.

0 Kudos