Base metrics measure the impact and exploitability of a vulnerability, which include the attack vector (AV), attack complexity (AC), privileges required (PR), user interaction (UI), scope (S), confidentiality impact (C), integrity impact (I), and availability impact (A).
To learn more about the base metrics, see https://www.first.org/cvss/calculator/3.0.
Enabling the CVSS Calculator
To enable the CVSS V3 Calculator:
-
Go to Settings.
-
Go to the Additional Fields tab.
-
Find the Common Vulnerability Scoring System v3 Calculator option and turn it on.
The button turns blue when you enable the option.
After you enable the calculator, you can go to any submission to add a CVSS score.
Adding a CVSS Score
CVSS scores can be added to any submission using the calculator.
To add a CVSS score to a submission:
-
Find the CVSS Base v3.0 field.
-
Click the Edit icon next to the field.
-
When the calculator appears, specify the values for each metric. To learn more about the metrics and what they measure, go to https://www.first.org/cvss/calculator/3.0.
-
Save your changes.
After you save your changes, the CVSS score is added to the submission, along with the values you assigned to each metric.
The CVSS score is not visible to researchers. You can edit the field as needed.