Base Metrics
Required
Attack Vector (AV)
Network (N)
0.85
Adjacent (A)
0.62
Local (L)
0.55
Physical (P)
0.2
Attack Complexity (AC)
Low (L)
0.77
High (H)
0.44
Privileges Required (PR)
None (N)
0.85
Low (L)
0.62
High (H)
0.27
User Interaction (UI)
None (N)
0.85
Required (R)
0.62
Scope (S)
Unchanged (U)
0.0
Changed (C)
1.0
Confidentiality Impact (C)
None (N)
0.0
Low (L)
0.22
High (H)
0.56
Integrity Impact (I)
None (N)
0.0
Low (L)
0.22
High (H)
0.56
Availability Impact (A)
None (N)
0.0
Low (L)
0.22
High (H)
0.56
Temporal Metrics
Optional
Exploit Code Maturity
Not Defined (X)
1.0
Unproven (U)
0.91
Proof of Concept (P)
0.94
Functional (F)
0.97
High (H)
1.0
Remediation Level
Not Defined (X)
1.0
Official Fix (O)
0.95
Temporary Fix (T)
0.96
Workaround (W)
0.97
Unavailable (U)
1.0
Report Confidence
Not Defined (X)
1.0
Unknown (U)
0.92
Reasonable (R)
0.96
Confirmed (C)
1.0
Environmental Metrics
Optional
Confidentiality Requirement
Not Defined (X)
1.0
Low (L)
0.5
Medium (M)
1.0
High (H)
1.5
Integrity Requirement
Not Defined (X)
1.0
Low (L)
0.5
Medium (M)
1.0
High (H)
1.5
Availability Requirement
Not Defined (X)
1.0
Low (L)
0.5
Medium (M)
1.0
High (H)
1.5
Modified Attack Vector
Network (N)
0.85
Adjacent (A)
0.62
Local (L)
0.55
Physical (P)
0.2
Modified Attack Complexity
Low (L)
0.77
High (H)
0.44
Modified Privileges Required
None (N)
0.85
Low (L)
0.62
High (H)
0.27
Modified User Interaction
None (N)
0.85
Required (R)
0.62
Modified Scope
Unchanged (U)
0.0
Changed (C)
1.0
Modified Confidentiality
None (N)
0.0
Low (L)
0.22
High (H)
0.56
Modified Integrity
None (N)
0.0
Low (L)
0.22
High (H)
0.56
Modified Availability
None (N)
0.0
Low (L)
0.22
High (H)
0.56
Impact
--
--
Exploitability
--
--
Auto-calculation enabled
CVSS Converter
Quick Examples
CVSS Severity Levels
None
0.0No vulnerability
Low
0.1 - 3.9Low risk, difficult to exploit
Medium
4.0 - 6.9Moderate risk
High
7.0 - 8.9High risk, easy to exploit
Critical
9.0 - 10.0Critical risk, immediate action