Skip to main content

Vulnerability Levels

Technical severity VRT category Specific vulnerability name Variant / Affected function
P1 Server Security Misconfiguration Using Default Credentials
P1 Server-Side Injection File Inclusion Local
P1 Server-Side Injection Remote Code Execution (RCE)
P1 Server-Side Injection SQL Injection
P1 Server-Side Injection XML External Entity Injection (XXE)
P1 Broken Authentication and Session Management Authentication Bypass
P1 Sensitive Data Exposure Disclosure of Secrets For Publicly Accessible Asset
P1 Insecure OS/Firmware Command Injection
P1 Insecure OS/Firmware Hardcoded Password Privileged User
P1 Broken Cryptography Cryptographic Flaw Incorrect Usage
P1 Automotive Security Misconfiguration Infotainment, Radio Head Unit PII Leakage
P1 Automotive Security Misconfiguration RF Hub Key Fob Cloning
P2 Server Security Misconfiguration Misconfigured DNS High Impact Subdomain Takeover
P2 Server Security Misconfiguration OAuth Misconfiguration Account Takeover
P2 Sensitive Data Exposure Weak Password Reset Implementation Token Leakage via Host Header Poisoning
P2 Cross-Site Scripting (XSS) Stored Non-Privileged User to Anyone
P2 Broken Access Control (BAC) Server-Side Request Forgery (SSRF) Internal High Impact
P2 Cross-Site Request Forgery (CSRF) Application-Wide
P2 Application-Level Denial-of-Service (DoS) Critical Impact and/or Easy Difficulty
P2 Insecure OS/Firmware Hardcoded Password Non-Privileged User
P2 Automotive Security Misconfiguration Infotainment, Radio Head Unit OTA Firmware Manipulation
P2 Automotive Security Misconfiguration Infotainment, Radio Head Unit Code Execution (CAN Bus Pivot)
P2 Automotive Security Misconfiguration RF Hub CAN Injection / Interaction
P3 Server Security Misconfiguration Misconfigured DNS Basic Subdomain Takeover
P3 Server Security Misconfiguration Mail Server Misconfiguration No Spoofing Protection on Email Domain
P3 Server-Side Injection HTTP Response Manipulation Response Splitting (CRLF)
P3 Server-Side Injection Content Spoofing iframe Injection
P3 Broken Authentication and Session Management Second Factor Authentication (2FA) Bypass
P3 Broken Authentication and Session Management Session Fixation Remote Attack Vector
P3 Sensitive Data Exposure Disclosure of Secrets For Internal Asset
P3 Sensitive Data Exposure EXIF Geolocation Data Not Stripped From Uploaded Images Automatic User Enumeration
P3 Cross-Site Scripting (XSS) Stored Privileged User to Privilege Elevation
P3 Cross-Site Scripting (XSS) Stored CSRF/URL-Based
P3 Cross-Site Scripting (XSS) Reflected Non-Self
P3 Broken Access Control (BAC) Server-Side Request Forgery (SSRF) Internal Scan and/or Medium Impact
P3 Application-Level Denial-of-Service (DoS) High Impact and/or Medium Difficulty
P3 Client-Side Injection Binary Planting Default Folder Privilege Escalation
P3 Automotive Security Misconfiguration Infotainment, Radio Head Unit Code Execution (No CAN Bus Pivot)
P3 Automotive Security Misconfiguration Infotainment, Radio Head Unit Unauthorized Access to Services (API / Endpoints)
P3 Automotive Security Misconfiguration RF Hub Data Leakage / Pull Encryption Mechanism
P3 Automotive Security Misconfiguration CAN Injection (Battery Management System)
P3 Automotive Security Misconfiguration CAN Injection (Steering Control)
P3 Automotive Security Misconfiguration CAN Injection (Pyrotechnical Device Deployment Tool)
P3 Automotive Security Misconfiguration CAN Injection (Headlights)
P3 Automotive Security Misconfiguration CAN Injection (Sensors)
P3 Automotive Security Misconfiguration CAN Injection (Vehicle Anti-theft Systems)
P3 Automotive Security Misconfiguration CAN Injection (Powertrain)
P3 Automotive Security Misconfiguration CAN Injection (Basic Safety Message)
P3 Automotive Security Misconfiguration Battery Management System Firmware Dump
P3 Automotive Security Misconfiguration Immobilizer Engine Start
P3 Automotive Security Misconfiguration Automatic Braking System (ABS) Unintended Acceleration / Brake
P4 Server Security Misconfiguration Misconfigured DNS Zone Transfer
P4 Server Security Misconfiguration Mail Server Misconfiguration Email Spoofing to Inbox due to Missing or Misconfigured DMARC on Email Domain
P4 Server Security Misconfiguration Database Management System (DBMS) Misconfiguration Excessively Privileged User / DBA
P4 Server Security Misconfiguration Lack of Password Confirmation Delete Account
P4 Server Security Misconfiguration No Rate Limiting on Form Registration
P4 Server Security Misconfiguration No Rate Limiting on Form Login
P4 Server Security Misconfiguration No Rate Limiting on Form Email-Triggering
P4 Server Security Misconfiguration No Rate Limiting on Form SMS-Triggering
P4 Server Security Misconfiguration Missing Secure or HTTPOnly Cookie Flag Session Token
P4 Server Security Misconfiguration Clickjacking Sensitive Click-Based Action
P4 Server Security Misconfiguration OAuth Misconfiguration Account Squatting
P4 Server Security Misconfiguration CAPTCHA Implementation Vulnerability
P4 Server Security Misconfiguration Lack of Security Headers Cache-Control for a Sensitive Page
P4 Server Security Misconfiguration Web Application Firewall (WAF) Bypass Direct Server Access
P4 Server-Side Injection Content Spoofing Impersonation via Broken Link Hijacking
P4 Server-Side Injection Content Spoofing External Authentication Injection
P4 Server-Side Injection Content Spoofing Email HTML Injection
P4 Server-Side Injection Server-Side Template Injection (SSTI) Basic
P4 Broken Authentication and Session Management Cleartext Transmission of Session Token
P4 Broken Authentication and Session Management Weak Login Function Other Plaintext Protocol with no Secure Alternative
P4 Broken Authentication and Session Management Weak Login Function Over HTTP
P4 Broken Authentication and Session Management Failure to Invalidate Session On Logout (Client and Server-Side)
P4 Broken Authentication and Session Management Failure to Invalidate Session On Password Reset and/or Change
P4 Broken Authentication and Session Management Weak Registration Implementation Over HTTP
P4 Sensitive Data Exposure Disclosure of Secrets Pay-Per-Use Abuse
P4 Sensitive Data Exposure EXIF Geolocation Data Not Stripped From Uploaded Images Manual User Enumeration
P4 Sensitive Data Exposure Visible Detailed Error/Debug Page Detailed Server Configuration
P4 Sensitive Data Exposure Token Leakage via Referer Untrusted 3rd Party
P4 Sensitive Data Exposure Token Leakage via Referer Over HTTP
P4 Sensitive Data Exposure Sensitive Token in URL User Facing
P4 Sensitive Data Exposure Weak Password Reset Implementation Password Reset Token Sent Over HTTP
P4 Sensitive Data Exposure Via localStorage/sessionStorage Sensitive Token
P4 Cross-Site Scripting (XSS) Stored Privileged User to No Privilege Elevation
P4 Cross-Site Scripting (XSS) IE-Only IE11
P4 Cross-Site Scripting (XSS) Referer
P4 Cross-Site Scripting (XSS) Universal (UXSS)
P4 Cross-Site Scripting (XSS) Off-Domain Data URI
P4 Broken Access Control (BAC) Server-Side Request Forgery (SSRF) External
P4 Broken Access Control (BAC) Username/Email Enumeration Non-Brute Force
P4 Unvalidated Redirects and Forwards Open Redirect GET-Based
P4 Insufficient Security Configurability No Password Policy
P4 Insufficient Security Configurability Weak Password Reset Implementation Token is Not Invalidated After Use
P4 Insufficient Security Configurability Weak 2FA Implementation 2FA Secret Cannot be Rotated
P4 Insufficient Security Configurability Weak 2FA Implementation 2FA Secret Remains Obtainable After 2FA is Enabled
P4 Insecure Data Storage Sensitive Application Data Stored Unencrypted On External Storage
P4 Insecure Data Storage Server-Side Credentials Storage Plaintext
P4 Insecure Data Transport Executable Download No Secure Integrity Check
P4 Privacy Concerns Unnecessary Data Collection WiFi SSID+Password
P4 Automotive Security Misconfiguration Infotainment, Radio Head Unit Source Code Dump
P4 Automotive Security Misconfiguration Infotainment, Radio Head Unit Denial of Service (DoS / Brick)
P4 Automotive Security Misconfiguration Infotainment, Radio Head Unit Default Credentials
P4 Automotive Security Misconfiguration RF Hub Unauthorized Access / Turn On
P4 Automotive Security Misconfiguration CAN Injection (Disallowed Messages)
P4 Automotive Security Misconfiguration CAN Injection (DoS)
P4 Automotive Security Misconfiguration Battery Management System Fraudulent Interface
P4 Automotive Security Misconfiguration GNSS / GPS Spoofing
P4 Automotive Security Misconfiguration Roadside Unit (RSU) Sybil Attack
P5 Server Security Misconfiguration Directory Listing Enabled Non-Sensitive Data Exposure
P5 Server Security Misconfiguration Same-Site Scripting
P5 Server Security Misconfiguration Misconfigured DNS Missing Certification Authority Authorization (CAA) Record
P5 Server Security Misconfiguration Mail Server Misconfiguration Email Spoofing to Spam Folder
P5 Server Security Misconfiguration Mail Server Misconfiguration Missing or Misconfigured SPF and/or DKIM
P5 Server Security Misconfiguration Mail Server Misconfiguration Email Spoofing on Non-Email Domain
P5 Server Security Misconfiguration Lack of Password Confirmation Change Email Address
P5 Server Security Misconfiguration Lack of Password Confirmation Change Password
P5 Server Security Misconfiguration Lack of Password Confirmation Manage 2FA
P5 Server Security Misconfiguration No Rate Limiting on Form Change Password
P5 Server Security Misconfiguration Unsafe File Upload No Antivirus
P5 Server Security Misconfiguration Unsafe File Upload No Size Limit
P5 Server Security Misconfiguration Unsafe File Upload File Extension Filter Bypass
P5 Server Security Misconfiguration Cookie Scoped to Parent Domain
P5 Server Security Misconfiguration Missing Secure or HTTPOnly Cookie Flag Non-Session Cookie
P5 Server Security Misconfiguration Clickjacking Form Input
P5 Server Security Misconfiguration Clickjacking Non-Sensitive Action
P5 Server Security Misconfiguration CAPTCHA Brute Force
P5 Server Security Misconfiguration CAPTCHA Missing
P5 Server Security Misconfiguration Exposed Admin Portal To Internet
P5 Server Security Misconfiguration Missing DNSSEC
P5 Server Security Misconfiguration Fingerprinting/Banner Disclosure
P5 Server Security Misconfiguration Username/Email Enumeration Brute Force
P5 Server Security Misconfiguration Potentially Unsafe HTTP Method Enabled OPTIONS
P5 Server Security Misconfiguration Potentially Unsafe HTTP Method Enabled TRACE
P5 Server Security Misconfiguration Insecure SSL Lack of Forward Secrecy
P5 Server Security Misconfiguration Insecure SSL Insecure Cipher Suite
P5 Server Security Misconfiguration Insecure SSL Certificate Error
P5 Server Security Misconfiguration Reflected File Download (RFD)
P5 Server Security Misconfiguration Lack of Security Headers X-Frame-Options
P5 Server Security Misconfiguration Lack of Security Headers Cache-Control for a Non-Sensitive Page
P5 Server Security Misconfiguration Lack of Security Headers X-XSS-Protection
P5 Server Security Misconfiguration Lack of Security Headers Strict-Transport-Security
P5 Server Security Misconfiguration Lack of Security Headers X-Content-Type-Options
P5 Server Security Misconfiguration Lack of Security Headers Content-Security-Policy
P5 Server Security Misconfiguration Lack of Security Headers Public-Key-Pins
P5 Server Security Misconfiguration Lack of Security Headers X-Content-Security-Policy
P5 Server Security Misconfiguration Lack of Security Headers X-Webkit-CSP
P5 Server Security Misconfiguration Lack of Security Headers Content-Security-Policy-Report-Only
P5 Server Security Misconfiguration Bitsquatting
P5 Server-Side Injection Parameter Pollution Social Media Sharing Buttons
P5 Server-Side Injection Content Spoofing Flash Based External Authentication Injection
P5 Server-Side Injection Content Spoofing Email Hyperlink Injection Based on Email Provider
P5 Server-Side Injection Content Spoofing Text Injection
P5 Server-Side Injection Content Spoofing Homograph/IDN-Based
P5 Server-Side Injection Content Spoofing Right-to-Left Override (RTLO)
P5 Broken Authentication and Session Management Weak Login Function Not Operational or Intended Public Access
P5 Broken Authentication and Session Management Session Fixation Local Attack Vector
P5 Broken Authentication and Session Management Failure to Invalidate Session On Logout (Server-Side Only)
P5 Broken Authentication and Session Management Failure to Invalidate Session Concurrent Sessions On Logout
P5 Broken Authentication and Session Management Failure to Invalidate Session On Email Change
P5 Broken Authentication and Session Management Failure to Invalidate Session On 2FA Activation/Change
P5 Broken Authentication and Session Management Failure to Invalidate Session Long Timeout
P5 Broken Authentication and Session Management Concurrent Logins
P5 Sensitive Data Exposure Disclosure of Secrets Intentionally Public, Sample or Invalid
P5 Sensitive Data Exposure Disclosure of Secrets Data/Traffic Spam
P5 Sensitive Data Exposure Disclosure of Secrets Non-Corporate User
P5 Sensitive Data Exposure Visible Detailed Error/Debug Page Full Path Disclosure
P5 Sensitive Data Exposure Visible Detailed Error/Debug Page Descriptive Stack Trace
P5 Sensitive Data Exposure Disclosure of Known Public Information
P5 Sensitive Data Exposure Token Leakage via Referer Trusted 3rd Party
P5 Sensitive Data Exposure Sensitive Token in URL In the Background
P5 Sensitive Data Exposure Sensitive Token in URL On Password Reset
P5 Sensitive Data Exposure Non-Sensitive Token in URL
P5 Sensitive Data Exposure Mixed Content (HTTPS Sourcing HTTP)
P5 Sensitive Data Exposure Sensitive Data Hardcoded OAuth Secret
P5 Sensitive Data Exposure Sensitive Data Hardcoded File Paths
P5 Sensitive Data Exposure Internal IP Disclosure
P5 Sensitive Data Exposure JSON Hijacking
P5 Sensitive Data Exposure Via localStorage/sessionStorage Non-Sensitive Token
P5 Cross-Site Scripting (XSS) Stored Self
P5 Cross-Site Scripting (XSS) Reflected Self
P5 Cross-Site Scripting (XSS) Flash-Based
P5 Cross-Site Scripting (XSS) Cookie-Based
P5 Cross-Site Scripting (XSS) IE-Only XSS Filter Disabled
P5 Cross-Site Scripting (XSS) IE-Only Older Version (< IE11)
P5 Cross-Site Scripting (XSS) TRACE Method
P5 Broken Access Control (BAC) Server-Side Request Forgery (SSRF) DNS Query Only
P5 Cross-Site Request Forgery (CSRF) Action-Specific Logout
P5 Cross-Site Request Forgery (CSRF) CSRF Token Not Unique Per Request
P5 Cross-Site Request Forgery (CSRF) Flash-Based
P5 Application-Level Denial-of-Service (DoS) App Crash Malformed Android Intents
P5 Application-Level Denial-of-Service (DoS) App Crash Malformed iOS URL Schemes
P5 Unvalidated Redirects and Forwards Open Redirect POST-Based
P5 Unvalidated Redirects and Forwards Open Redirect Header-Based
P5 Unvalidated Redirects and Forwards Open Redirect Flash-Based
P5 Unvalidated Redirects and Forwards Tabnabbing
P5 Unvalidated Redirects and Forwards Lack of Security Speed Bump Page
P5 External Behavior Browser Feature Plaintext Password Field
P5 External Behavior Browser Feature Save Password
P5 External Behavior Browser Feature Autocomplete Enabled
P5 External Behavior Browser Feature Autocorrect Enabled
P5 External Behavior Browser Feature Aggressive Offline Caching
P5 External Behavior CSV Injection
P5 External Behavior Captcha Bypass Crowdsourcing
P5 External Behavior System Clipboard Leak Shared Links
P5 External Behavior User Password Persisted in Memory
P5 Insufficient Security Configurability Weak Password Policy
P5 Insufficient Security Configurability Password Policy Bypass
P5 Insufficient Security Configurability Weak Password Reset Implementation Token is Not Invalidated After Email Change
P5 Insufficient Security Configurability Weak Password Reset Implementation Token is Not Invalidated After Password Change
P5 Insufficient Security Configurability Weak Password Reset Implementation Token Has Long Timed Expiry
P5 Insufficient Security Configurability Weak Password Reset Implementation Token is Not Invalidated After New Token is Requested
P5 Insufficient Security Configurability Weak Password Reset Implementation Token is Not Invalidated After Login
P5 Insufficient Security Configurability Verification of Contact Method not Required
P5 Insufficient Security Configurability Lack of Notification Email
P5 Insufficient Security Configurability Weak Registration Implementation Allows Disposable Email Addresses
P5 Insufficient Security Configurability Weak 2FA Implementation Missing Failsafe
P5 Insufficient Security Configurability Weak 2FA Implementation 2FA Code is Not Updated After New Code is Requested
P5 Insufficient Security Configurability Weak 2FA Implementation Old 2FA Code is Not Invalidated After New Code is Generated
P5 Using Components with Known Vulnerabilities Rosetta Flash
P5 Using Components with Known Vulnerabilities Outdated Software Version
P5 Using Components with Known Vulnerabilities Captcha Bypass OCR (Optical Character Recognition)
P5 Insecure Data Storage Sensitive Application Data Stored Unencrypted On Internal Storage
P5 Insecure Data Storage Non-Sensitive Application Data Stored Unencrypted
P5 Insecure Data Storage Screen Caching Enabled
P5 Lack of Binary Hardening Lack of Exploit Mitigations
P5 Lack of Binary Hardening Lack of Jailbreak Detection
P5 Lack of Binary Hardening Lack of Obfuscation
P5 Lack of Binary Hardening Runtime Instrumentation-Based
P5 Insecure Data Transport Executable Download Secure Integrity Check
P5 Network Security Misconfiguration Telnet Enabled
P5 Mobile Security Misconfiguration SSL Certificate Pinning Absent
P5 Mobile Security Misconfiguration SSL Certificate Pinning Defeatable
P5 Mobile Security Misconfiguration Tapjacking
P5 Mobile Security Misconfiguration Clipboard Enabled
P5 Mobile Security Misconfiguration Auto Backup Allowed by Default
P5 Client-Side Injection Binary Planting Non-Default Folder Privilege Escalation
P5 Client-Side Injection Binary Planting No Privilege Escalation
P5 Automotive Security Misconfiguration RF Hub Roll Jam
P5 Automotive Security Misconfiguration RF Hub Replay
P5 Automotive Security Misconfiguration RF Hub Relay
Varies Server Security Misconfiguration Unsafe Cross-Origin Resource Sharing
Varies Server Security Misconfiguration Path Traversal
Varies Server Security Misconfiguration Directory Listing Enabled Sensitive Data Exposure
Varies Server Security Misconfiguration SSL Attack (BREACH, POODLE etc.)
Varies Server Security Misconfiguration OAuth Misconfiguration Missing/Broken State Parameter
Varies Server Security Misconfiguration OAuth Misconfiguration Insecure Redirect URI
Varies Server Security Misconfiguration Race Condition
Varies Server Security Misconfiguration Cache Poisoning
Varies Server-Side Injection Server-Side Template Injection (SSTI) Custom
Varies Broken Authentication and Session Management Privilege Escalation
Varies Sensitive Data Exposure Cross Site Script Inclusion (XSSI)
Varies Broken Access Control (BAC) Insecure Direct Object References (IDOR)
Varies Broken Access Control (BAC) Exposed Sensitive Android Intent
Varies Broken Access Control (BAC) Exposed Sensitive iOS URL Scheme
Varies Cross-Site Request Forgery (CSRF) Action-Specific Authenticated Action
Varies Cross-Site Request Forgery (CSRF) Action-Specific Unauthenticated Action
Varies Insecure Data Transport Cleartext Transmission of Sensitive Data
Varies Indicators of Compromise