Impact Classification
This table provides a self-assessment of the expected impact of non-compliance with the security guidelines, offered to help intuitively understand the necessity of each item and for reference in policy establishment.
Critical
Low cost of attack (does not require much time or effort to succeed in a real attack) and
the vulnerability causes high-impact problems.
High
An attacker can succeed in an attack that causes obvious problems in service operation.
Even if the cost of the attack is high, the severity is considered "high" if the impact of the attack is very high.
Medium
An attacker can perform unintended actions on the service, and these actions can affect service operation. However, there are some constraints for a real attack to succeed.
Low
An attacker can perform unintended actions on the service, but
the action does not have a significant impact or the success rate of the attack is very low.
Informational
Potential threats and recommendations that do not lead to immediate security issues.
Patches are recommended to improve code quality and service stability.
Last updated