I need clarifications regarding CVSS:
What is better for the references? CVSSv2 or CVSSv3? V3 is new, but V2 is mature.
Why there are differences in CVSS scores between NVD NIST repository and Red Hat repository?
For example:
https://access.redhat.com/security/cve/cve-2016-7167 CVSS v2: 4.3
https://nvd.nist.gov/vuln/detail/CVE-2016-7167 CVSS v2: 7.5