Skip to content
Fortworx

Severity Levels

Overview

Fortworx uses categorical severity levels to indicate the potential impact of a vulnerability. Severity can be assigned automatically by Fort AI when analyzing inbound reports, or set manually by a workspace member.

Severity Levels

Fortworx supports the following severity levels, from lowest to highest:

  • Undetermined — The severity has not been assessed yet. This is the default for new reports.
  • Info — Informational finding with no direct security impact.
  • Low — Minor vulnerability with limited impact.
  • Medium — Moderate vulnerability that may require attention.
  • High — Serious vulnerability that should be addressed promptly.
  • Critical — Severe vulnerability requiring immediate action.

How Severity Is Assigned

When a report is received by email, Fort AI analyzes the content and assigns an initial severity level based on the vulnerability description, affected scope, and known CVEs. You can correct the severity at any time from the report detail page.

For web form submissions, researchers can optionally select a severity level when submitting (if enabled in your form settings).

Scopes can define a maximum severity level, which caps the severity that can be assigned to reports matching that scope. See Scopes for details.