Back

Glossary

Common Vulnerability Scoring System (CVSS)

Common Vulnerability Scoring System (CVSS)

The Common Vulnerability Scoring System (CVSS) is a standardized metric to assess and classify security gaps and vulnerabilities. CVSS was developed to provide a standardized method. This makes it easier to prioritize measures to eliminate or mitigate vulnerabilities.

Determine the severity of a vulnerability and fix it

CVSS evaluates vulnerabilities based on parameters such as exploitability, impact or confidentiality and then calculates a numerical score for the severity of the vulnerability. The CVSS score can be between 0.0 and 10.0.

A low CVSS score could indicate that the vulnerability exists but has a low impact and can therefore possibly be treated with lower priority.

In contrast, a high CVSS score indicates a serious vulnerability that requires immediate attention. IT admins then perform a comprehensive risk assessment to understand the potential impact of the vulnerability on their specific system, network or overall infrastructure.

On this basis, they plan appropriate countermeasures, including the prompt application of available patches, changed system configurations or even adjustments to firewalls or intrusion detection systems (IDS).