CVSS score
This page displays the rating for each threat based on the CVSS scores. It is an alternative to attack potential rating and attack tree modeling.
The CVSS score refers to the Common Vulnerability Scoring System value assigned to a vulnerability. The CVSS score is a numeric value from 0 to 10, as defined in ISO/SAE 21434, where higher values indicate more critical vulnerabilities.
|
Severity Rating |
CVSS Score |
|---|---|
| None | 0.0 |
| Low | 0.1 – 3.9 |
| Medium | 4.0 – 6.9 |
|
High |
7.0 – 8.9 |
|
Critical |
9.0 – 10.0 |
You can configure the parameters below for each threat to measure the severity of software vulnerabilities:
- Attack Vector
- Attack Complexity
- Privilege Required
- User Interaction
The "CVSS" page removes the Attack trees, Technical attack trees, Circumvent trees, and Attack leaves tabs from the Attack potential method and the Likelihood estimation tab from the Likelihood estimation method.
Fig. 2: CVSS score