Term of the Moment

buffer


Look Up Another Term


Definition: CVSS


(Common Vulnerability Scoring System) A measurement of an organization's security vulnerabilities from FIRST.Org., Inc., which provides global support for incident response teams.

CVSS and CVE
The CVSS provides the scoring system, whereas the CVE (Common Vulnerabilities and Exposures) is a list of actual vulnerabilities that have been publicly disclosed. See CVE.

CVSS Base Metrics
The Base metrics (0 to 10) are modified by Temporal and Environmental metrics. The National Vulnerability Database (NVD) classifies the base scores of each vulnerability as follows. See National Vulnerability Database.

  CVSS 2.0             CVSS 3.0

  Severity  Range      Severity   Range

                       None         0
   Low       0-3.9     Low       0.1-3.9
   Medium  4.0-6.9     Medium    4.0-6.9
   High    7.0-10.0    High      7.0-8.9 
                       Critical  9.0-10.0