Understanding the difference between vulnerability and threat is a key skill that most organizations (and people) lack.
A vulnerability is most assuredly bad, but a threat much more so.
Vulnerabilities are weaknesses in a system; weaknesses which may or may not result in a compromise of that system.
Threats are vulnerabilities with a high probability of being exploited, where that imminent exploitation is likely to result in a compromise of the contents of that system.
Threats are far more damaging, and far more costly. You should pay attention to them.
True danger comes when looking at vulnerabilities in a system and attempting to prioritize. Frequently this is done without assessing real threat first, which leads to poor decisions and far greater risk.
