[email protected] +1.303.779.0344

Security Update Severity Levels

OnePager periodically releases security updates to guard against vulnerabilities in its own applications, in third-party components, in third-party integrations, or with supported operating systems.

While OnePager recommends installing all security updates as soon as reasonably possible, we recognize that constant patching can lead to other issues, especially in light of the fact that some vulnerabilities inherently carry more risk than others.

As a result, we have established a four-tier severity level rating that we assign to all security updates. All release notes containing a security update will reference one of these four severity levels, which customers can use to help decide the urgency and priority of applying a specific security update.

Severity Level

Criteria

Recommended Action *

Critical

A vulnerability for which there has been a known exploitation.

OnePager strongly recommends that customers apply Critical updates immediately.

Important

A vulnerability where exploitation is not known to have occurred, but is likely to occur if left unpatched. Vulnerability could be exploited by an unauthenticated user. Such exploit could result in compromise of the confidentiality, integrity, or availability of user data.

OnePager recommends that customers apply Important updates at the earliest opportunity

Moderate

Likelihood of the vulnerability being exploited is mitigated to a significant degree by factors such as authentication requirements, standard security practices, or applicability only to non-default configurations. The vulnerability requires authentication, requires one or more preceding exploits, or is unlikely to be the the primary exploit vector.

OnePager recommends that customers apply Moderate security updates.

Low

A vulnerability's likelihood of being exploited is mitigated by the other security measures that are employed by the affected component.

OnePager recommends that customers apply Low security updates.


* Recommended actions should be used as a guide only, and should not be the sole basis for any security update decision. Always consult with your own information security personnel before making a decision regarding as to when or whether you should install a security update.


Last Updated: June 4, 2021