(
Common
Vulnerability
Scoring
System) A measurement of an organization's security vulnerabilities from FIRST.Org., Inc., which provides global support for incident response teams.
CVSS and CVE
The CVSS provides the scoring system, whereas the CVE (Common Vulnerabilities and Exposures) is a list of actual vulnerabilities that have been publicly disclosed. See
CVE.
CVSS Base Metrics
The Base metrics (0 to 10) are modified by Temporal and Environmental metrics. The National Vulnerability Database (NVD) classifies the base scores of each vulnerability as follows. See
National Vulnerability Database.
CVSS 2.0 CVSS 3.0
Severity Range Severity Range
None 0
Low 0-3.9 Low 0.1-3.9
Medium 4.0-6.9 Medium 4.0-6.9
High 7.0-10.0 High 7.0-8.9
Critical 9.0-10.0