Remediation Level
Remediation Level v1.1.0
This metric measures the remediation status of a vulnerability.
| Value | Definition |
|---|---|
| Official Fix | A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available. |
| Temporary Fix | There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround. |
| Workaround | There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set. |
| Unavailable | There is either no solution available or it is impossible to apply. |
| Not Defined | This metric value is not defined. See CVSS documentation for details. |
Remediation Level v1.1.0 JSON Example
{
"namespace": "cvss",
"version": "1.1.0",
"schemaVersion": "1-0-1",
"key": "RL",
"name": "Remediation Level",
"description": "This metric measures the remediation status of a vulnerability.",
"values": [
{
"key": "OF",
"name": "Official Fix",
"description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available."
},
{
"key": "TF",
"name": "Temporary Fix",
"description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround."
},
{
"key": "W",
"name": "Workaround",
"description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set."
},
{
"key": "U",
"name": "Unavailable",
"description": "There is either no solution available or it is impossible to apply."
},
{
"key": "X",
"name": "Not Defined",
"description": "This metric value is not defined. See CVSS documentation for details."
}
]
}
Previous Versions
Following are the previous versions of the decision point:
Remediation Level v1.0.0
This metric measures the remediation status of a vulnerability.
| Value | Definition |
|---|---|
| Official Fix | A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available. |
| Temporary Fix | There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround. |
| Workaround | There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set. |
| Unavailable | There is either no solution available or it is impossible to apply. |
Remediation Level v1.0.0 JSON Example
{
"namespace": "cvss",
"version": "1.0.0",
"schemaVersion": "1-0-1",
"key": "RL",
"name": "Remediation Level",
"description": "This metric measures the remediation status of a vulnerability.",
"values": [
{
"key": "OF",
"name": "Official Fix",
"description": "A complete vendor solution is available. Either the vendor has issued the final, official patch which eliminates the vulnerability or an upgrade that is not vulnerable is available."
},
{
"key": "TF",
"name": "Temporary Fix",
"description": "There is an official but temporary fix available. This includes instances where the vendor issues a temporary hotfix, tool or official workaround."
},
{
"key": "W",
"name": "Workaround",
"description": "There is an unofficial, non-vendor solution available. In some cases, users of the affected technology will create a patch of their own or provide steps to work around or otherwise mitigate against the vulnerability. When it is generally accepted that these unofficial fixes are adequate in plugging the hole for the mean time and no official remediation is available, this value can be set."
},
{
"key": "U",
"name": "Unavailable",
"description": "There is either no solution available or it is impossible to apply."
}
]
}