The remediation level metric indicates the level of fixes, patches, or workarounds available in order to mitigate the vulnerability. It can help in prioritizing vulnerability fixes:
|
Parameter |
Description |
|
Not defined |
Assigning this value to the metric will not affect the score. It simply indicates the scoring equation to skip this metric. |
|
Unavailable |
No solution exists or it's impossible to apply the solution. |
|
Workaround |
An unofficial, non-vendor fix exists; this may be in the form of an in-house patch. |
|
Temporary fix |
Official, yet temporary, fix exists; it may be in the form of quick-fix/hot-fix. |
|
Official fix |
A complete and tested fix is available and officially released by the vendor. |
The environmental metrics are used only if the analyst needs to customize the CVSS score in the specific area of the impacted organization. You can read more about the environmental metrics at https://www.first.org/cvss/cvss-v30-specification-v1.8.pdf.