Skip to main content
All CollectionsScanningScans
Severity levels in findings
Severity levels in findings

Understand the severity levels set by Probely to classify findings of target scans.

Jaime Vasconcelos avatar
Written by Jaime Vasconcelos
Updated over a week ago

Probely sets a severity level for each finding to sum up its overall risk based on the following:

  • The likelihood of the vulnerability being found and exploited.

  • The skills required to exploit the vulnerability.

  • And the impact of exploiting the vulnerability.

For example, a vulnerability that is easy to find, easy to exploit, and with a high impact will likely be classified with a high severity.

Different findings for the same vulnerability can have different severity levels depending on the context in which Probely finds the vulnerabilities. Multiple factors can influence this context, which Probely takes into consideration to lower or raise the severity level. For example, the severity of a finding can be higher or lower depending on whether the scanned website or application has authentication.

The following table describes the different severity levels:

Severity

Description

Examples

These findings may have a direct impact on the application security, either clients or service owners, for instance, by granting the attacker access to sensitive information.

- SQL Injection

- OS Command Injection

Medium findings don't usually have an immediate impact alone, but combined with other findings, may lead to a successful compromise of the application.

- Cross-site Request Forgery

- Unencrypted Communications

Findings where either the exploit is not trivial, or the finding cannot be exploited by itself.

- Directory Listing

- Clickjacking

To learn more about findings, read this article on how to interpret target scan results.

Did this answer your question?