A penetration tester delivers a web application vulnerability scan report to a client. The penetration tester rates a vulnerability as medium severity. The same vulnerability was reported as a critical severity finding on the previous report.
Which of the following is the MOST likely reason for the reduced severity?
A . The client has applied a hot fix without updating the version.
B . The threat landscape has significantly changed.
C . The client has updated their codebase with new features.
D . Thera are currently no known exploits for this vulnerability.
Answer: A