Skip to content

Provider Urgency

Provider Urgency v1.0.0

Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional "pass-through" Supplemental Metric called Provider Urgency is available.

Value Definition
Not Defined This metric value is not defined. See CVSS documentation for details.
Clear Provider has assessed the impact of this vulnerability as having no urgency (Informational).
Green Provider has assessed the impact of this vulnerability as having a reduced urgency.
Amber Provider has assessed the impact of this vulnerability as having a moderate urgency.
Red Provider has assessed the impact of this vulnerability as having the highest urgency.
Provider Urgency v1.0.0 JSON Example 
{
  "namespace": "cvss",
  "version": "1.0.0",
  "schemaVersion": "1-0-1",
  "key": "U",
  "name": "Provider Urgency",
  "description": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.",
  "values": [
    {
      "key": "X",
      "name": "Not Defined",
      "description": "This metric value is not defined. See CVSS documentation for details."
    },
    {
      "key": "C",
      "name": "Clear",
      "description": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)."
    },
    {
      "key": "G",
      "name": "Green",
      "description": "Provider has assessed the impact of this vulnerability as having a reduced urgency."
    },
    {
      "key": "A",
      "name": "Amber",
      "description": "Provider has assessed the impact of this vulnerability as having a moderate urgency."
    },
    {
      "key": "R",
      "name": "Red",
      "description": "Provider has assessed the impact of this vulnerability as having the highest urgency."
    }
  ]
}