How is the Severity shown in the Asset Compliance CSV when an asset has multiple CVEs with different severity levels?
Ans: When an asset has multiple vulnerabilities (CVEs) with different severity levels (Low, Medium, High, or Critical), the Asset Compliance CSV will always display the highest severity level for that asset.
This ensures that the most critical risk associated with the asset is highlighted, so you can prioritize patching effectively.
Example Scenario
Let’s take an asset Microsoft Visual Studio 2019 with the following vulnerabilities:
12 CVEs with Medium severity
47 CVEs with High severity
2 CVEs with Critical severity
In this case, the Asset Compliance CSV will display the severity as “Critical”, since that is the highest severity among all vulnerabilities on the asset.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article