top | item 27424736

(no title)

scinerio | 4 years ago

These ratings are intended to serve as a baseline for the severity of the issue at hand. If you expect a base CVSS score to provide the answer to "how does this affect me" then you need to learn more about CVSS.

Namely, you should be taking the base CVSS score and including the temporal and environment metrics to actually determine your organizational risk. A base 9.x could easily be driven to low based on the access, exploitability, and CIA requirements for the system at hand.

discuss

No comments yet.