The Common Vulnerability Scoring System (CVSS) is used for estimating the severity of discovered vulnerabilities. In addition to the risk scores that are defined in CVSS, the Unknown category displays in the Carbon Black Cloud console.
For more information about CVSS, see Risk Evaluation for Container Images.
On various Carbon Black Cloud console pages, color bars for the different vulnerabilities risk scores are displayed. The color bars correspond to the following ratings:
Color Name | Color Bar | Rating (refer to CVSS) |
---|---|---|
Green | None | |
Yellow | Low | |
Orange | Medium | |
Red | High | |
Dark Red | Critical | |
Gray | Unknown |
The numbers inside the color bars represent number of vulnerabilities and number of fixes.
Note: The risk rating for container image vulnerabilities is different than the risk severity for workloads because they are evaluated using different scales. For more information about Kubernetes workloads risk scores, see
Kubernetes Risk Severity Scoring.