CVSS (Common Vulnerability Scoring System)

Definition: CVSS (Common Vulnerability Scoring System)

CVSS is a standardized vulnerability scoring system established by FIRST (Forum of Incident Response and Security Teams).

The calculated score, which is between 0 and 10, reflects the severity of the vulnerability. The higher the score, the more critical it is (low, medium, high or critical level). It is evaluated according to 3 metric groups:

  • a baseline score, which assesses a problem (theoretical impact of the vulnerability)
  • a temporal score, representing the characteristics of a vulnerability that can evolve according to exploits present in nature, patches…
  • an environmental score, which takes into account the environment and the consequences of exploiting this vulnerability. It will evolve according to existing patches, mitigating measures, etc.