Skip to content

Provider Urgency

Provider Urgency (cvss:U:1.0.0)

Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional "pass-through" Supplemental Metric called Provider Urgency is available.

Value Key Definition
Not Defined X This metric value is not defined. See CVSS documentation for details.
Clear C Provider has assessed the impact of this vulnerability as having no urgency (Informational).
Green G Provider has assessed the impact of this vulnerability as having a reduced urgency.
Amber A Provider has assessed the impact of this vulnerability as having a moderate urgency.
Red R Provider has assessed the impact of this vulnerability as having the highest urgency.
Provider Urgency (cvss:U:1.0.0) JSON Example
{
  "namespace": "cvss",
  "key": "U",
  "version": "1.0.0",
  "name": "Provider Urgency",
  "definition": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.",
  "schemaVersion": "2.0.0",
  "values": [
    {
      "key": "X",
      "name": "Not Defined",
      "definition": "This metric value is not defined. See CVSS documentation for details."
    },
    {
      "key": "C",
      "name": "Clear",
      "definition": "Provider has assessed the impact of this vulnerability as having no urgency (Informational)."
    },
    {
      "key": "G",
      "name": "Green",
      "definition": "Provider has assessed the impact of this vulnerability as having a reduced urgency."
    },
    {
      "key": "A",
      "name": "Amber",
      "definition": "Provider has assessed the impact of this vulnerability as having a moderate urgency."
    },
    {
      "key": "R",
      "name": "Red",
      "definition": "Provider has assessed the impact of this vulnerability as having the highest urgency."
    }
  ]
}