NormShield vs. Scanners Severity Mappings



First of all, you may change any title to any severity in NormShield. Importing scanner output files will not affect your change. While parsing scanner files, the default severity mappings are in NormShield as following;



Netsparker NormShield
Critical Critical
High High
Medium Medium
Low Low
Information Info

Some critical (normshield) titles of Netsparker:

  • ConfirmedBlindSqlInjection
  • SQL Injection
  • Boolean Based SQL Injection
  • Blind SQL Injection
  • Remote Code Execution and DoS in HTTP.sys (IIS)
  • Boolean Based SQL Injection
  • ConfirmedSqlInjection
  • Out-of-date Version (OpenSSL)
  • HighlyPossibleSqlInjection

 Note: There will be no "Urgent" vulnerability for Netsparker anymore. 


Method 1: Default: Mapping 4 severities to NormShield 5 severities

Since there is no Urgent severity in Nessus, we map the Critical ones as Urgent. 

Nessus NormShield
Critical Urgent
High Critical
Medium Medium
Low Low
None Info

Method 2: Exploit Aware: One-to-one mapping, exploits are urgent

Nessus NormShield
Critical + Exploitable Urgent
Critical + Not Exploitable Critical
High High
Medium Medium
Low Low
None Info

This mapping method is selectable in settings page. 



Vulnerability severities of Acunetix are parsed same as original. The severity mapping is same in NormShield.

Some urgent (normshield) titles of Acunetix:

  • Directory traversal
  • HTTP verb tampering
  • Session fixation
  • The GHOST Vulnerability
  • jQuery cross site scripting
  • ASP.NET padding oracle vulnerability




OpenVAS NormShield
severity >= 7 High
4 < severity < 7 Medium
0 < severity < 4 Low
0 Info


Nexpose Severity  NormShield
9,10 Urgent
7,8 Critical
5,6 High
3,4 Medium
2 Low
1 Info

Some urgent (normshield) titles of Nexpose:

  • SMTP unauthenticated 3rd-party mail relay
  • OpenSSL Memory corruption in the ASN.1 encoder (CVE-2016-2108)
  • MySQL Obsolete Version
  • Default SSH password: admin password "admin"
  • Infected by Win32/Conficker Worm


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk