We're seeing CVITs created that do not have a risk rating assigned. We suspect that it has to do with the fact NVD has yet to assign a rating, yet the vendor has. We've upgraded our NVD plug-in to the latest version, same issue. Anyone else seeing this?
