The Old Classification Scheme

The New Category/Severity Scheme

1. BugFix - The fix is for a normal product defect.
2. Security - The fix is for security-related product issues.
3. Enhancement - A new hardware enablement, a new driver update or a new product feature is added.

1. For BugFix category
   
   Critical - A problem which may severely impact the customer's production systems (including the loss of production data). Such impacts could be system down or HA not functioning. A workaround is not in place.
   
   Recommendation: Immediately implement the critical patch.
   
   Important - A problem may affect functionality, or cause a system to function in a severely reduced capacity. The situation causes significant impact to portions of the business operations and productivity. The system is exposed to potential loss or interruption of services.
   
   Recommendation: Immediately plan for a maintenance window for the patch.
   
   Moderate - A problem may affect partial non-critical functionality loss. This may be a minor issue with limited loss, no loss of functionality, or impact to the client's operations and issues in which there is an easy circumvention or avoidance by the end user. This includes documentation errors.
   
   Recommendation: Implement the patch in your next maintenance window.
   
   Low - A problem is considered low or no impact to a product's functionality or a client's operations. There is no impact on quality, performance, or functionality of the product.
   
   Recommendation: Implement the patch at your convenience.
   
   
2. For security bugs
   
   Critical - Vulnerabilities that can be exploited by an unauthenticated attacker from the Internet, or those that break the guest/host Operating System isolation. The exploitation results in the complete compromise of confidentiality, integrity, and availability of user data and/or processing resources without user interaction. Exploitation could be leveraged to propagate an Internet worm or execute arbitrary code between virtual machines and/or the Host Operating System.
   
   Important - Vulnerabilities that are not rated critical, but whose exploitation results in the complete compromise of confidentiality and/or integrity of user data and/or processing resources through user assistance or by authenticated attackers. This rating also applies to those vulnerabilities, which could lead to the complete compromise of availability when exploitation is by a remote unauthenticated attacker from the Internet or through a breach of virtual machine isolation.
   
   Moderate - Vulnerabilities where the ability to exploit is mitigated to a significant degree by configuration or difficult of exploitation, but in certain deployment scenarios could still lead to the compromise of confidentiality, integrity, or availability of user data and/or processing resources.
   
   Low - All other issues that have a security impact. Vulnerabilities where exploitation is believed to be extremely difficult, or where successful exploitation would have minimal impact.
   
   
3. For Enhancement
   
   Changes in software related to enabling new hardware or enabling a feature. Only one severity value is used in representing the importance of this category.
   
   Important - A change to support hardware enablement (for example, a driver update), or a new feature for an important product capability.

Mapping of old scheme and new scheme

VUM default mapping between old scheme and new scheme for old 4.1 patches