CVSS is a vulnerability scoring system designed to provide an open and standardized method for rating IT vulnerabilities.
There are a number of other vulnerability scoring systems managed by both commercial and non-commercial organizations (CWE for instance). They each have their merits, but they differ by what they measure.
CVSS consists of 3 groups: Base, Temporal and Environmental. Each group produces a numeric score ranging from 0 to 10, and a Vector, a compressed textual representation that reflects the values used to derive the score.
The base metric groups:
- Base Metrics
1.1. Access Vector (AV)
1.2. Access Complexity (AC)
1.3. Authentication (Au)
1.4. Confidentiality Impact (C)
1.5. Integrity Impact (I)
1.6 Availability Impact (A)
- Temporal Metrics
2.1. Exploitability (E)
2.2. Remediation Level (RL)
2.3. Report Confidence (RC)
- Environmental Metrics
3.1. Collateral Damage Potential (CDP)
3.2. Target Distribution (TD)
3.3. Security Requirements (CR, IR, AR)
For additional information on CVSS:
…tags: & category: -