Vulnerabilities

CVSS (Common Vulnerability Scoring System)

CVSS is an open framework for communicating the severity of software vulnerabilities. A CVSS v3 base score from 0 to 10 reflects factors like attack vector, complexity, privileges required, and impact on confidentiality, integrity, and availability. Scores ≥ 9.0 are Critical; ≥ 7.0 are High.

Explore CVSS (Common Vulnerability Scoring System) tools on isMalicious

Frequently Asked Questions

What is CVSS (Common Vulnerability Scoring System)?

CVSS is an open framework for communicating the severity of software vulnerabilities. A CVSS v3 base score from 0 to 10 reflects factors like attack vector, complexity, privileges required, and impact on confidentiality, integrity, and availability. Scores ≥ 9.0 are Critical; ≥ 7.0 are High.

How is CVSS (Common Vulnerability Scoring System) related to CVE (Common Vulnerabilities and Exposures)?

CVSS (Common Vulnerability Scoring System) and CVE (Common Vulnerabilities and Exposures) are both key concepts in threat intelligence. CVE is a public catalogue of known cybersecurity vulnerabilities, maintained by MITRE and sponsored by CISA. Each entry has a unique CVE ID (e.g., CVE-2024-12345), a description, and references. CVE IDs are the universal language for tracking and patching specific vulnerabilities.

Related Terms

CVE (Common Vulnerabilities and Exposures)EPSS (Exploit Prediction Scoring System)KEV (CISA Known Exploited Vulnerabilities)
← Back to Glossary