Calculating CVSS

Gupta Bless
5 min readMay 1, 2021

· What are Common Vulnerability Scoring System/CVSS

In application security, the most common term we hear is vulnerability that means weakness in the system that can be exploited and which poses a threat to an infrastructure or organization but there are few parameters that decide how severe a vulnerability is, these parameters combined decides the CVSS of the vulnerability. Greater the CVSS score, severe the vulnerability.

CVSS stands for common vulnerability scoring system where an organization or pen tester can use different parameters to rate the vulnerabilities and decide its severity. CVSS is a numerical representation of vulnerability’s severity also known as “Base score”. Value of the base score varies from 0 to 10. So if any vulnerability has a base score near to 10 it means that vulnerability is critical 0 represents a vulnerability with no risk. Hierarchy is like this:

Based on different vectors, we can calculate CVSS score.

If your, CVSS score lies:

i. Critical: Greater than 9 to less than 10

ii. High: Greater than 7 to less than 9

iii. Medium: Greater than 4 to less than 7

iv. Low: Greater than 0 to less than 4

--

--

Gupta Bless
Gupta Bless

Written by Gupta Bless

Security enthusiast working to secure web for others.

No responses yet

What are your thoughts?