Vulnerability Severity
info
The English user guide is currently in beta preview. Most of the documents have been automatically translated from the Japanese version. Should you find any inaccuracies, please reach out to Flatt Security.
When Takumi performs security assessments, the output report includes a list of vulnerabilities (this applies to all security assessments including chat-based requests, Active Takumi, etc.). Each vulnerability is assigned a severity level, which is classified into the following 5 levels.
| Severity | Description |
|---|---|
| Critical | Vulnerabilities that may have a critical impact on business continuity, such as large-scale personal information leakage or impacts on payments and entire systems. |
| High | Vulnerabilities that may have a significant impact on business continuity, such as irrecoverable personal information leakage or tampering with important information. |
| Medium | Vulnerabilities that may impact business continuity, such as recoverable information leakage. |
| Low | Vulnerabilities that may have minor impacts on business continuity, or configuration issues that may exacerbate the occurrence of other vulnerabilities or their resulting damage. |
| None | Configuration issues or unintended behaviors that have no impact on business continuity. |
Below are some examples.
- Critical: Personal information stored in the database is leaked due to SQL injection.
- High: Part of the web application stops due to a specific request, making it impossible to provide related functionality.
- Medium: CSRF allows legitimate users to be forced to request unintended changes.
- Low: Introspection queries are allowed in GraphQL API.
- None: Security-enhancing headers are not set.