Automox Feature Update: Improved Severity Classifications for Patches

The Automox team has been hard at work upgrading our ability to classify patches based on severity level. This update leverages the National Vulnerability Database (NVD) CVSS v3.0 scoring model, which is the industry standard for evaluating vulnerabilities and correctly scoring them based on how exploitable they are and what their impact will be on a system or device.

Automox Patch Management: Severity Levels

The new Automox severity levels for patches are: Critical, High, Medium, Low and None. The addition of “High” allows a bit more nuance in the evaluation of vulnerabilities with “Critical” being restricted to only the most impactful and exploitable of vulnerabilities. The addition of “None” is to account for a vulnerability that has a score of 0.0.

We also introduce “Unknown” for any CVE that is awaiting analysis, does not have enough information to receive a score, etc. Remember that a CVE can be “Unknown” to start, but later have a severity level assigned that is then deployed according to your Severity or Advanced policy. “Unknown” replaces the current severity level “Other,” so you no longer see this severity level once the updates are made.

What to Expect With the Automox Severity Level Update

All of your policies and patches automatically show the new severity levels as options. For those who previously had “Critical” checked in your severity-related policies, you now have both “High” and “Critical” checked.

Your Severity and Advanced policies operate as they have in the past and now show “Unknown,” instead of “Other.” We encourage you to review your policies to ensure your environment is optimized.

Since our new severity service ingests more information about CVEs, the console may show additional patches matching your policies. More information means better patching for you and your company.

The Software page now has the ability to search for CVEs. Simply search for the specific CVE, ex: “CVE-2019-0708”.

The icons related to Severity have been removed from the Severity policy and Reports.

For additional information about how Automox manages severity level data in the console, see our Knowledge Base article: Understanding Automox Severity Data. Please feel free to contact Automox customer support for any additional assistance at

About Automox Automated Patch Management Platform

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Dive deeper into this topic