Why do you rank report entries based on CVSS?

CVSS (Common Vulnerability Scoring System) is a standardized system for ranking security vulnerabilities. The score is based on multiple parameters, including:

  • How easy it is to exploit the vulnerability
  • Its potential impact

  • Whether an attack can be carried out remotely

It is not fully possible to determine the CVSS score from an outside perspective, so you need to review vulnerabilities with low CVSS scores and evaluate their impact on your system.

Further information about CVSS and a score calculator can be found at NIST (National Institute of Standards and Technology).