Sevco Glossary > Common Vulnerability Scoring System (CVSS)

Common Vulnerability Scoring System (CVSS)

A Common Vulnerability Scoring System (CVSS) score is a numerical value between 0 and 10 that indicates the severity of a vulnerability in a computing system. The CVSS was created by the National Infrastructure Advisory Council (NIAC) in 2005 and is currently maintained by the Forum of Incident Response and Security Teams (FIRST). The current version is CVSSv4.0, which was released in November 2023.

A Common Vulnerability Scoring System (CVSS) score is a numerical value between 0 and 10 that indicates the severity of a vulnerability in a computing system:

  • 0.0: None
  • 0.1–3.9: Low
  • 4.0–6.9: Medium
  • 7.0–8.9: High
  • 9.0–10.0: Critical

The CVSS is a standardized framework that helps organizations prioritize security threats by assessing their potential impact. The score is based on three main metrics:

  1. Base: The inherent characteristics of the vulnerability
  2. Temporal: How those characteristics may change over time
  3. Environmental: How the vulnerability could affect a specific environment

Cybersecurity professionals use CVSS scores in conjunction with the Common Vulnerabilities and Exposures (CVE) glossary, which is a list of publicly known security flaws. 

Additional Resources

About Us

Sevco is the exposure assessment platform that finds, normalizes, prioritizes, and enables remediation of all types of vulnerabilities across an organization’s attack surface. Sevco integrates and centralizes asset data from siloed tools to provide real-time visibility into the devices, identities, software, vulnerabilities, and mitigating controls. Sevco enriches this asset data with threat intelligence and business context to provide the intelligence security teams require to confidently assess and prioritize risks, automate remediation workflows, and validate remediation efforts in order to mitigate threats.

BOOK Demo

Contact Info

Follow Us

Linkedin

Join Our Newsletter