Base metrics measure the impact and exploitability of a vulnerability, which include the attack vector (AV), attack complexity (AC), privileges required (PR), user interaction (UI), scope (S), confidentiality impact (C), integrity impact (I), and availability impact (A).
To learn more about the base metrics, see https://www.first.org/cvss/calculator/3.0.
Enabling the CVSS Calculator
To enable the CVSS calculator:
-
Select the required program and go to Settings.
-
Click the Submissions tab.
-
In the CVSSv3 section, move the slider to right for the Common Vulnerability Scoring System v3 Calculator option.
The “Enabled CVSS Calculation” message is displayed.
After you enable the calculator, you can go to any submission to add a CVSS score.
Adding a CVSS Score
CVSS scores can be added to any submission using the calculator.
The CVSS score is not visible to researchers.
To add a CVSS score to a submission:
-
Within a submission, go to CVSS Base v3 section and click the Edit icon.
-
When the calculator appears, specify the values for each metric. To learn more about the metrics, go to https://www.first.org/cvss/calculator/3.0.
-
Click Save to save your changes.
After you save your changes, the CVSS score is added to the submission along with the values you have assigned for each metric.