SUSE Linux Enterprise Security Rating Overview

The SUSE Security Team uses industry standard rating systems for security vulnerabilities.

Simplified rating

The simplified rating is used by various software companies to allow administrators a quick decision on whether to apply updates and at what schedule. We publish our Update Notices labeled with this rating.

Rating Definition
Critical

This rating is given to flaws that could be easily exploited by a remote unauthenticated attacker and lead to system compromise (arbitrary code execution) without requiring user interaction. These are the types of vulnerabilities that can be exploited by worms. Flaws that require an authenticated remote user, a local user, or an unlikely configuration are not classed as critical impact.

Important

This rating is given to flaws that can easily compromise the confidentiality, integrity, or availability of resources. These are the types of vulnerabilities that allow local users to gain privileges, allow unauthenticated remote users to view resources that should otherwise be protected by authentication, allow authenticated remote users to execute arbitrary code, or allow remote unauthenticated users to cause a denial of service without user interaction.

Moderate

This rating is given to flaws that may be more difficult to exploit but could still lead to some compromise of the confidentiality, integrity, or availability of resources, under certain circumstances. These are the types of vulnerabilities that could have had a critical impact or important impact but are less easily exploited based on a technical evaluation of the flaw, or affect unlikely configurations. Local, persistent (service needs to be restarted) denial of service conditions for basic system services (kernel, systemd, polkit, dbus, ...) with and without user interaction should also be rated "moderate".

Low

This rating is given to all other issues that have a security impact. These are the types of vulnerabilities that are believed to require unlikely circumstances to be able to be exploited, or where a successful exploit would give minimal consequences.

CVSS v2 rating

Another common industry scoring system is the CVSS v2 scoring, which converts the various vulnerability types, impacts and preconditions into one rating number. At this time we are using this scoring system for internal evaluation purposes only. The scores that are published by the National Vulnerability Database are also cross referenced on our CVE pages.

Request a Sales Call

Call or complete the form below to talk to a Sales representative. Looking for Support? Submit a service request.

* Required Fields

First Name is a required field
Last Name is a required field
Email is a required field
Company is a required field
Phone is a required field
City is a required field
Country is a required field
Address is a required field
Zip/Postal Code is a required field
State is a required field
Comments is a required field

Read our Privacy Policy.

Request a Call

Let's Talk

Want to talk to someone? Call our Sales team or request a call and we'll get right back to you.

  • Sales:

For support information, please visit Technical Support.

Live chat only available in the US and Canada.