Vulnerability priority

P1 – Critical: Vulnerabilities that cause a privilege escalation from unprivileged to admin or allow for remote code execution, financial theft, etc.

P2 – High: Vulnerabilities that affect the security of the software and impact the processes it supports.

P3 – Medium: Vulnerabilities that affect multiple users and require little or no user interaction to trigger.

P4 – Low: Vulnerabilities that affect singular users and require interaction or significant prerequisites to trigger (MitM) to trigger.

P5 – Informational: Non-exploitable vulnerabilities in functionality. Vulnerabilities that are by design or are deemed acceptable business risk to the customer.