Reference documentation and code samples for the Security Command Center Management V1 API module Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding::Severity.
The severity of the finding.
Constants
SEVERITY_UNSPECIFIED
value: 0 Default value. This value is unused.
CRITICAL
value: 1 For vulnerabilities: A critical vulnerability is easily discoverable by
an external actor, exploitable, and results in the direct ability to
execute arbitrary code, exfiltrate data, and otherwise gain additional
access and privileges to cloud resources and workloads. Examples include
publicly accessible unprotected user data and public SSH access with weak
or no passwords.
For threats: Indicates a threat that is able to access, modify, or delete
data or execute unauthorized code within existing resources.
HIGH
value: 2 For vulnerabilities: A high-risk vulnerability can be easily discovered
and exploited in combination with other vulnerabilities in order to gain
direct access and the ability to execute arbitrary code, exfiltrate data,
and otherwise gain additional access and privileges to cloud resources
and workloads. An example is a database with weak or no passwords that is
only accessible internally. This database could easily be compromised by
an actor that had access to the internal network.
For threats: Indicates a threat that is able to create new computational
resources in an environment but not able to access data or execute code
in existing resources.
MEDIUM
value: 3 For vulnerabilities: A medium-risk vulnerability could be used by an
actor to gain access to resources or privileges that enable them to
eventually (through multiple steps or a complex exploit) gain access and
the ability to execute arbitrary code or exfiltrate data. An example is a
service account with access to more projects than it should have. If an
actor gains access to the service account, they could potentially use
that access to manipulate a project the service account was not intended
to.
For threats: Indicates a threat that is able to cause operational impact
but may not access data or execute unauthorized code.
LOW
value: 4 For vulnerabilities: A low-risk vulnerability hampers a security
organization's ability to detect vulnerabilities or active threats in
their deployment, or prevents the root cause investigation of security
issues. An example is monitoring and logs being disabled for resource
configurations and access.
For threats: Indicates a threat that has obtained minimal access to an
environment but is not able to access data, execute code, or create
resources.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Security Command Center Management V1 API - Module Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding::Severity (v1.4.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.4.0 (latest)](/ruby/docs/reference/google-cloud-security_center_management-v1/latest/Google-Cloud-SecurityCenterManagement-V1-SimulatedFinding-Severity)\n- [1.3.1](/ruby/docs/reference/google-cloud-security_center_management-v1/1.3.1/Google-Cloud-SecurityCenterManagement-V1-SimulatedFinding-Severity)\n- [1.2.0](/ruby/docs/reference/google-cloud-security_center_management-v1/1.2.0/Google-Cloud-SecurityCenterManagement-V1-SimulatedFinding-Severity)\n- [1.1.0](/ruby/docs/reference/google-cloud-security_center_management-v1/1.1.0/Google-Cloud-SecurityCenterManagement-V1-SimulatedFinding-Severity)\n- [1.0.1](/ruby/docs/reference/google-cloud-security_center_management-v1/1.0.1/Google-Cloud-SecurityCenterManagement-V1-SimulatedFinding-Severity)\n- [0.4.0](/ruby/docs/reference/google-cloud-security_center_management-v1/0.4.0/Google-Cloud-SecurityCenterManagement-V1-SimulatedFinding-Severity)\n- [0.3.0](/ruby/docs/reference/google-cloud-security_center_management-v1/0.3.0/Google-Cloud-SecurityCenterManagement-V1-SimulatedFinding-Severity)\n- [0.2.1](/ruby/docs/reference/google-cloud-security_center_management-v1/0.2.1/Google-Cloud-SecurityCenterManagement-V1-SimulatedFinding-Severity)\n- [0.1.0](/ruby/docs/reference/google-cloud-security_center_management-v1/0.1.0/Google-Cloud-SecurityCenterManagement-V1-SimulatedFinding-Severity) \nReference documentation and code samples for the Security Command Center Management V1 API module Google::Cloud::SecurityCenterManagement::V1::SimulatedFinding::Severity.\n\nThe severity of the finding.\n\nConstants\n---------\n\n### SEVERITY_UNSPECIFIED\n\n**value:** 0 \nDefault value. This value is unused.\n\n### CRITICAL\n\n**value:** 1 \nFor vulnerabilities: A critical vulnerability is easily discoverable by\nan external actor, exploitable, and results in the direct ability to\nexecute arbitrary code, exfiltrate data, and otherwise gain additional\naccess and privileges to cloud resources and workloads. Examples include\npublicly accessible unprotected user data and public SSH access with weak\nor no passwords.\n\n\n\u003cbr /\u003e\n\nFor threats: Indicates a threat that is able to access, modify, or delete\ndata or execute unauthorized code within existing resources.\n\n### HIGH\n\n**value:** 2 \nFor vulnerabilities: A high-risk vulnerability can be easily discovered\nand exploited in combination with other vulnerabilities in order to gain\ndirect access and the ability to execute arbitrary code, exfiltrate data,\nand otherwise gain additional access and privileges to cloud resources\nand workloads. An example is a database with weak or no passwords that is\nonly accessible internally. This database could easily be compromised by\nan actor that had access to the internal network.\n\n\n\u003cbr /\u003e\n\nFor threats: Indicates a threat that is able to create new computational\nresources in an environment but not able to access data or execute code\nin existing resources.\n\n### MEDIUM\n\n**value:** 3 \nFor vulnerabilities: A medium-risk vulnerability could be used by an\nactor to gain access to resources or privileges that enable them to\neventually (through multiple steps or a complex exploit) gain access and\nthe ability to execute arbitrary code or exfiltrate data. An example is a\nservice account with access to more projects than it should have. If an\nactor gains access to the service account, they could potentially use\nthat access to manipulate a project the service account was not intended\nto.\n\n\n\u003cbr /\u003e\n\nFor threats: Indicates a threat that is able to cause operational impact\nbut may not access data or execute unauthorized code.\n\n### LOW\n\n**value:** 4 \nFor vulnerabilities: A low-risk vulnerability hampers a security\norganization's ability to detect vulnerabilities or active threats in\ntheir deployment, or prevents the root cause investigation of security\nissues. An example is monitoring and logs being disabled for resource\nconfigurations and access.\n\n\n\u003cbr /\u003e\n\nFor threats: Indicates a threat that has obtained minimal access to an\nenvironment but is not able to access data, execute code, or create\nresources."]]
