P1 – Critical: Vulnerabilities that cause a privilege escalation from unprivileged to admin or allow for remote code execution, financial theft, etc.
P2 – High: Vulnerabilities that affect the security of the software and impact the processes it supports.
P3 – Medium: Vulnerabilities that affect multiple users and require little or no user interaction to trigger.
P4 – Low: Vulnerabilities that affect singular users and require interaction or significant prerequisites to trigger (MitM) to trigger.
P5 – Informational: Non-exploitable vulnerabilities in functionality. Vulnerabilities that are by design or are deemed acceptable business risk to the customer.
