Questions tagged [cvss]

use `cvss` if your question is related to Common Vulnerability Scoring System

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of three metric groups: Base, Temporal, and Environmental. The Base group represents the intrinsic qualities of a vulnerability that are constant over time and across user environments, the Temporal group reflects the characteristics of a vulnerability that change over time, and the Environmental group represents the characteristics of a vulnerability that are unique to a user's environment.

59 questions
26
votes
5 answers

Is unauthorised deletion an integrity or availability issue?

During a web application test I have discovered a parameter tampering issue that allows a user to delete comments left by other users. They can't modify the content of other users' comments, and they can only view them where this is intentional. I'm…
paj28
  • 32,736
  • 8
  • 92
  • 130
20
votes
5 answers

Can a network vulnerability be exploited locally?

I've been looking for information about vulnerability classification and it's not completely clear to me. Reading the CVSS documentation (2.1.1. Access Vector) I observe the following explanation about the N (Network) value for AV (Access…
vuln newbie
  • 321
  • 2
  • 4
7
votes
2 answers

SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection- medium or low risk?

This is a Nessus finding, which is considered medium by default. Basically it may allow for some plaintext injection which may allow for some man in the middling. My question is, has these been exploited in the wild? Are there to tools to take…
Sonny Ordell
  • 3,476
  • 9
  • 33
  • 56
7
votes
5 answers

Vulnerability scoring systems

Our company is developing a web app that is used for e-commerce. We want to establish a more formal scoring system for any security related issues eventually reported by us or by our clients. The purpose is to prioritize the patch development and in…
Lachezar Balev
  • 537
  • 1
  • 3
  • 10
6
votes
1 answer

Can any of the INTEL-SA-00086 vulnerabilities be exploited by an unprivileged user?

Several of the latest Intel Management Engine vulnerabilities are listed as local vulnerabilities, allowing code executing on the system to elevate its privileges to ME context. One of them (CVE-2017-5708) claims it allows an unauthorized process to…
forest
  • 64,616
  • 20
  • 206
  • 257
6
votes
1 answer

What does "scope" mean in CVSS v3?

In CVSS v3, the "scope" indicates whether a vulnerability in an application impacts resources beyond its means. It can have the values "changed" or "unchanged". I don't fully understand when the scope is changed. For example, in the CVSS examples,…
Sjoerd
  • 28,707
  • 12
  • 74
  • 102
6
votes
1 answer

Why does the CVSS3 score increase when the confidentiality impact decreases?

Consider these two cases: 1) Impact on Confidentiality as High 2) Impact on Confidentiality as Low Please note all other parameters are unchanged and environmental parameters are set as High. Now, the score for Case 1 is 9.0, but Case 2 is 9.1. This…
one
  • 1,781
  • 3
  • 18
  • 45
5
votes
1 answer

API to Get CVE Info

I'm working on a project that uses an API which gives back CVE IDs. We need to programmatically fetch details about those CVEs. The main thing we need is the CVSS v2 base vector (e.g. AV:A/AC:H/Au:M/C:C/I:C/A:P). A brief description or summary of…
5
votes
2 answers

How to convert risk scores (CVSSv1, CVSSv2, CVSSv3, OWASP Risk Severity)?

Is there an accurate method or formula to convert risk scores between the OWASP Risk Rating Methodology (Overall Risk Severity) and the CVSS v1, v2 and v3 models) base score)? As well as converting scores between the different CVSS versions? For…
Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
4
votes
1 answer

Why is logjam rated as "None" for confidentiality impact in CVSS?

The CVSS score for Logjam is (AV:N/AC:M/Au:N/C:N/I:P/A:N). As noted in that nice dynamic image interpretation, the Impact metric "Confidentiality" is described as "None" (C:N). But the description at Logjam notes "there is a passive network…
nealmcb
  • 20,544
  • 6
  • 69
  • 116
4
votes
1 answer

How are CVSS scores used in security risk management products?

From CVSS v2 complete guide : "Security (Risk) Management: Security Risk Management firms use CVSS scores as input to calculating an organization's risk or threat level. These firms use sophisticated applications that often integrate with an…
sashank
  • 511
  • 5
  • 17
4
votes
2 answers

Why CVSS range 8 to 9 is almost inexistent

According to cvedetail graph Vulnerability Distribution By CVSS Scores, we can see that CVE with a CVSS in range 8 to 9 are the less represented of all range. Even compared to the low score ranges which seems to be generally less populated. It's…
Whysmerhill
  • 562
  • 4
  • 14
4
votes
1 answer

Why doesn't CVSSv2 consider XSS to have a confidentiality impact?

From the CVSSv2 specification: SCORING TIP #2: When scoring a vulnerability, consider the direct impact to the target host only. For example, consider a cross-site scripting vulnerability: the impact to a user's system could be much greater than…
tim
  • 29,018
  • 7
  • 95
  • 119
4
votes
1 answer

Does the ability to delete data impact availability in CVSS v2?

NIST SP 800-33 2.0.1 says that "availability" part of the CIA triad protects against intentional or accidental attempts to either: perform unauthorized deletion of data or otherwise cause a denial of service or data This makes it pretty clear…
Wrycu
  • 420
  • 4
  • 7
4
votes
2 answers

Does CVSS v3 evaluate the impact of vulnerability on the host?

Recently after checking out the Heartbleed vulnerability I was taking a look at its CVSS score (AV:N/AC:L/Au:N/C:P/I:N/A:N) and noticed the following (partial) addendum: CVSS V2 scoring evaluates the impact of the vulnerability on the host where…
Juxhin
  • 143
  • 4
1
2 3 4