An organization has been using an old version of an Apache Log4j software component in its critical software application. Which of the following should the organization use to calculate the severity of the risk from using this component?
Comprehensive and Detailed Step-by-Step Explanation:
CWE (A): Common Weakness Enumeration lists software flaws but doesn’t provide risk severity ratings.
CVSS (B): Common Vulnerability Scoring System is used to evaluate and score the severity of software vulnerabilities, helping prioritize remediation efforts.
CWSS (C): Common Weakness Scoring System evaluates software weaknesses but is less commonly used compared to CVSS for vulnerability scoring.
CVE (D): Common Vulnerabilities and Exposures identifies and catalogs vulnerabilities but does not calculate severity.
[Reference:CompTIA Cloud+ CV0-004 Study Guide, Objective 4.1: Identify and classify vulnerabilities in a cloud environment., , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit