The Risk Score combines publicly available CVSS information with proprietary threat data and advanced modeling to produce a metric that accurately represents the risk of a given vulnerability in your data center.

AppDefense partners with Kenna Security to leverage the largest database of vulnerability, exploit, and event threat data in the industry. This data is distilled into three main measures of risk:

  • Active Internet Breach: Presence of a near-real-time exploitation.
  • Malware Exploitable: Availability of an exploit module in a weaponized exploit kit.
  • Easily Exploitable: Availability of a recorded exploit.

Use the Risk Score to determine which vulnerabilities must be patched first, which need additional protections, and which ones can be saved for later. Following is an example.

Risk Details
Easily Exploitable              Yes
Malware Exploitable             Yes
Active Internet Breach          Yes
CVSS Details
Access Complexity               Medium
Access Vector                   Network
Authentication                  None required
Availability Impact             Complete
Confidentiality Impact          Complete
Integrity Impact                Complete
Score                           9.3
Exploit Subscore                8.6
Impact Subscore                 10.0
Vector                          AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
V3 Score                        7.8
V3 Exploit Subscore             Not available
V3 Impact Subscore              Not available
V3 Vector                       CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

For more information about how the risk is calculated, see the Kenna Security documentation available at https://www.kennasecurity.com/resources/understanding-vulnerability-risk-score.

For more information about CVSS, visit https://www.first.org/cvss/specification-document.