AnsweredAssumed Answered

QID Severity Level changes

Question asked by jmur116 on Jun 1, 2015
Latest reply on Jun 2, 2015 by Robert Dell'Immagine

The severity level for QID 38601 SSL/TLS use of weak RC4 cipher was upgrade from level 2 to level 3 on 5/4/2015, as listed in the notes in the threat field of the QID. Is there a location, or a report, that identifies QIDs that have a severity level increase or decrease? We derive metrics based on level 3/4/5 vulnerabilities and to see a month over month increase in the 10's of thousands without an explanations is disconcerting. Fortunately, one of the analysts casually mentioned that QID 38601 went from a 2 to a 3, so we were able to identify the bulk of the changes without too much additional work, but is there a centralized list for these changes?

Outcomes