Severity Definitions for Security Vulnerabilities


The severity definitions below will assist Sitecore customers and developers to assess the security impact of known software vulnerabilities.

The vulnerability ratings provide an indication of the severity without assessing the likelihood of its exploitation given the software's usage. Customers should independently assess the severity for their particular use of the software.

Rating Definition
Critical A vulnerability which could allow unauthorized code execution.
Sitecore recommends that customers apply Critical updates immediately.
High A vulnerability whose exploitation does not require authentication and could result in the compromise of the confidentiality, integrity, reliability or availability of the data.
Sitecore recommends that customers apply important updates at the earliest opportunity.
Medium A vulnerability whose impact is mitigated to a significant degree by factors such as authentication requirements or applicability only to non-default configurations.
Sitecore recommends that customers consider applying the security update.
Low A vulnerability that has minimal impact and is extremely difficult to exploit.
Sitecore recommends that customers evaluate whether to apply the security update.