Review severity settings of policies to make sure you are patching at the scope you want.
The severity level High was added to the Automox console with CSVSSv3, which means you should check if your policies still include the level of patching you are expecting. The scope of Critical has a different range (9.0–10.0). If you require the full span of 7.0–10.0, you will need to include High in your policy.
Other (Not scored)
Note: If an Ubuntu or RedHat-related software package does not have any CVEs associated with it, Automox displays the severity score No Known CVEs. This only applies to Ubuntu and RedHat devices in Automox.
How to review your policies
Find out if your policies are covering your minimum requirements and adjust the scope.
From the Automox console, go to Manage → Policies.
For each severity-related policy (Advanced and By Severity policies), click the name of the policy to open the Edit Policy page.
The Package Targeting section depends on the type of policy:
For a By Severity policy, ensure that High is checked if you want to include it (the range 7.0–8.9).
For an Advanced Policy, make sure your rules include Is Greater Than Or Equal To and High to ensure coverage.
Click Save Policy. Repeat for each severity-related policy.
Note: If you have a policy that has Critical checked, we will automatically update your policies to check High. This policy should, however, be updated to reflect the new severity options.
Article is closed for comments.