Understanding severity levels for your Amazon Inspector findings
When Amazon Inspector generates a finding, it assigns a severity rating to the finding. Severity ratings help you assess and prioritize your findings. The severity rating for a finding corresponds to a numerical score and level: informational, low, medium, high, and critical. Amazon Inspector determines the severity rating for a finding based on the finding type. This section describes how Amazon Inspector determines a severity rating for each finding type.
Software package vulnerability severity
Amazon Inspector uses the NVD/CVSS score as the basis of severity scoring for software
package vulnerabilities. The NVD/CVSS score is the vulnerability severity score
published by the NVD and defined by the CVSS. The NVD/CVSS score is a composition of
security metrics, such as attack complexity, exploit code maturity, and privileges
required. Amazon Inspector produces a numerical score from 1 to 10 that reflects the
vulnerability’s severity. Amazon Inspector categorizes this as a base score because it reflects
the severity of a vulnerability according to its intrinsic characteristics, which
are constant over time. This score also assumes the reasonable worst-case impact
across different deployed environments. The CVSS v3
standard
Score |
Rating |
0 | Informational |
0.1–3.9 | Low |
4.0–6.9 | Medium |
7.0–8.9 | High |
9.0–10.0 | Critical |
Package vulnerability findings can also have a severity of Untriaged. This means that the vendor hasn't yet set a vulnerability score for the detected vulnerability. In this case, we recommend using the reference URLs for the finding to research that vulnerability and respond accordingly.
Package vulnerability findings include the following scores and associated scoring vectors as part of their finding details:
-
EPSS score
-
Inspector score
-
CVSS 3.1 from Amazon CVE
-
CVSS 3.1 from NVD
-
CVSS 2.0 from NVD (where applicable)
Code vulnerability severity
For code vulnerability findings Amazon Inspector uses the severity levels defined by the Amazon CodeGuru detectors that generated the finding. Each detector is assigned a severity using the CVSS v3 scoring system. For an explanation of the severities CodeGuru uses see Severity definitions in the CodeGuru guide. For a list of detectors by severity, select from the supported programming languages below:
Network reachability severity
Amazon Inspector determines the severity for a network reachability vulnerability based on the service, ports, and protocols that are exposed and by the type of open path. The following table defines these severity ratings. The value in the Open path rating column represents open paths from virtual gateways, peered VPCs, and Amazon Direct Connect networks. All other exposed services, ports, and protocols have an Informational severity rating.
Service |
TCP ports |
UDP ports |
Internet path rating |
Open path rating |
DHCP | 67, 68, 546, 547 | 67, 68, 546, 547 | Medium | Informational |
Elasticsearch | 9300, 9200 | NA | Medium | Informational |
FTP | 21 | 21 | High | Medium |
Global catalog LDAP | 3268 | NA | Medium | Informational |
Global catalog LDAP over TLS | 3269 | NA | Medium | Informational |
HTTP | 80 | 80 | Low | Informational |
HTTPS | 443 | 443 | Low | Informational |
Kerberos | 88, 464, 543, 544, 749, 751 | 88, 464, 749, 750, 751, 752 | Medium | Informational |
LDAP | 389 | 389 | Medium | Informational |
LDAP over TLS | 636 | NA | Medium | Informational |
MongoDB | 27017, 27018, 27019, 28017 | NA | Medium | Informational |
MySQL | 3306 | NA | Medium | Informational |
NetBIOS | 137, 139 | 137, 138 | Medium | Informational |
NFS | 111, 2049, 4045, 1110 | 111, 2049, 4045, 1110 | Medium | Informational |
Oracle | 1521, 1630 | NA | Medium | Informational |
PostgreSQL | 5432 | NA | Medium | Informational |
Print services | 515 | NA | High | Medium |
RDP | 3389 | 3389 | Medium | Low |
RPC | 111, 135, 530 | 111, 135, 530 | Medium | Informational |
SMB | 445 | 445 | Medium | Informational |
SSH | 22 | 22 | Medium | Low |
SQL Server | 1433 | 1434 | Medium | Informational |
Syslog | 601 | 514 | Medium | Informational |
Telnet | 23 | 23 | High | Medium |
WINS | 1512, 42 | 1512, 42 | Medium | Informational |