CVSS is a standardized vulnerability scoring system established by FIRST (Forum of Incident Response and Security Teams).
The calculated score, which is between 0 and 10, reflects the severity of the vulnerability. The higher the score, the more critical it is (low, medium, high or critical level). It is evaluated according to 3 metric groups:
- a baseline score, which assesses a problem (theoretical impact of the vulnerability)
- a temporal score, representing the characteristics of a vulnerability that can evolve according to exploits present in nature, patches…
- an environmental score, which takes into account the environment and the consequences of exploiting this vulnerability. It will evolve according to existing patches, mitigating measures, etc.