Used to evaluate the criticality of the vulnerabilities found. Based on multiple criteria :
| Criteria | First Value | Second Value | Third Value | Fourth Value |
|---|---|---|---|---|
| Attack Vector | Network | Adjacent | Local | Physical |
| Attack Complexity | Low | High | ||
| Privileges Required | None | Low | High | |
| User Interaction | None | Required | ||
| Scope | Unchanged | Changed | ||
| Confidentiality | None | Low | High | |
| Integrity | None | Low | High | |
| Availability | None | Low | High | |
| The online calculator can be found here. Many reporting tools include this calculator and offer exporting templates. Sysreptor does an excellent job at doing that. |
Temporal and Environmental Score Metrics and be used to define in more details the vulnerablity evaluated. See https://www.first.org/cvss/user-guide for more info.