Calculate vulnerability severity scores using the Common Vulnerability Scoring System. Select a version below to begin your assessment.
Score updates in real-time
Reflects the context by which vulnerability exploitation is possible
The vulnerable system is bound to the network stack and the attacker's path is through OSI layer 3
The vulnerable system is bound to a protocol stack, but attack is limited at protocol level to a logically adjacent topology
The vulnerable system is not bound to the network stack and the attacker's path is via read/write/execute capabilities
The attack requires the attacker to physically touch or manipulate the vulnerable system
Describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability
Specialized access conditions or extenuating circumstances do not exist
A successful attack depends on conditions beyond the attacker's control
Captures the prerequisite deployment and execution conditions or variables of the vulnerable system
No specialized pre-conditions are necessary for exploitation
Some specialized pre-conditions must be present for exploitation
Describes the level of privileges an attacker must possess before successfully exploiting the vulnerability
The attacker is unauthorized prior to attack
The attacker requires privileges that provide basic user capabilities
The attacker requires privileges that provide significant control over system resources
Captures the requirement for a human user, other than the attacker, to participate in the successful compromise
The vulnerable system can be exploited without interaction from any human user
Successful exploitation requires limited interaction by the targeted user
Successful exploitation requires specific user interaction
Measures the impact to the confidentiality of the information managed by the vulnerable system
There is no loss of confidentiality within the vulnerable system
There is some loss of confidentiality
There is a total loss of confidentiality
Measures the impact to integrity of a successfully exploited vulnerability
There is no loss of integrity within the vulnerable system
Modification of data is possible, but the attacker does not have control
There is a total loss of integrity
Measures the impact to the availability of the vulnerable system
There is no impact to availability within the vulnerable system
Performance is reduced or there are interruptions in resource availability
There is a total loss of availability
Measures the impact to the confidentiality of subsequent systems
There is no impact to confidentiality of subsequent systems
There is some loss of confidentiality in subsequent systems
There is a total loss of confidentiality in subsequent systems
Measures the impact to integrity of subsequent systems
There is no impact to integrity of subsequent systems
Modification of data in subsequent systems is possible
There is a total loss of integrity in subsequent systems
Measures the impact to the availability of subsequent systems
There is no impact to availability of subsequent systems
Performance is reduced or there are interruptions in subsequent systems
There is a total loss of availability in subsequent systems
CVSS v4.0
Vector
