Severity Level Classification

The Eucalyptus Security Team rates the potential impact of each vulnerability that affects Eucalyptus software using a four point scale, similarly to other software vendors. All vulnerabilities are rated as either Critical, Important, Moderate, or Low impact. The rating of each vulnerability is based on a technical evaluation and the actual risk may vary depending on your deployment environment. The severity rating in a Eucalyptus Security Advisory (ESA) is intended as a guide to help you recognize the most important updates, and the description of the issue in the advisory should be used to determine the impact on your system .

  • Critical — Exploitation may allow to gain administrative privileges either in the cloud or on the machines hosting Eucalyptus. Preconditions for the exploitation can be easily met and exploitation is relatively straightforward.

  • Important — Exploitation does not result in elevated privileges, or if it does, exploitation is non-trivial and may require several preconditions to be met.

  • Moderate — Exploitation of the vulnerability is mitigated by a number of preconditions that are difficult to meet, such as nonstandard configuration parameters or a successful social engineering attack, and/or the exploitation has a limited impact.

  • Low — Any other security-related issue that might be assigned a higher severity rating, but the exploitation of the issue requires unlikely conditions or configuration or has an extremely minimal impact.

View the full list of advisories