Attackers can exploit the defect in the widely deployed pac4j with relative ease, but researchers haven’t observed active exploitation in the wild.

The Common Vulnerability Scoring System has a lot of critics, but experts say it’s still the best unified way to share the severity of cybersecurity flaws.