The score in the remediation report is a bit different from the Score we give for Hosts or Individual vulnerabilities
For Each Vulnerability:
- High gets 8 points
- Medium gets 4 points
- Low gets 1 point
This is multiplied by how many assets have the same issue. This leads you to the score value you see in the remediation report.
The aim of the score here is to highlight, bring forward, which vulnerability fixing would give you the most benefit.
The formula inside the report is:
Affects * Popularity * Risk
Affects = amount of hosts affected
Popularity = how many times this vulnerability happens in the hosts in this report - 1 is one time, 1000, means 1000 times in this report
Risk = a value of either 1, 4, or 8