Report Export Templates
API Documentation
PlexTrac.com

CVSS Scoring

The Common Vulnerability Scoring System (CVSS) is an industry benchmark for evaluating the seriousness of identified vulnerabilities. It calculates a CVSS score by considering three metric categories (base, temporal, and environmental) encompassing various aspects of a vulnerability's impact and ability to persist in different contexts.

PlexTrac allows users to input or adjust scores when generating or revising findings, facilitating precise vulnerability assessment.

CVSS is owned by FIRST and used with permission. This calculator is based on FIRST CVSS documentation.

Entering a Findings Score

Step 1: From the Findings tab, click Edit under the "Actions" column of the finding to modify.

Step 2: On the Finding Details tab, select the applicable standard from the Score type pulldown menu (information specifically on CVSS v3.1 is located further below on this page). If not using CVSS, click General.

Step 3: Enter values in the provided fields.

These fields change if CVSSv3.1 is selected.

The score information for that finding is now displayed on the Finding Detail page.

CVSS v3.1 Calculator

PlexTrac has a built-in CVSS v3.1 calculator that generates a CVSS score based on input values. It also generates a CVSS vector and assigns severity to a finding based on the information selected and calculated score.

Users can create a value by clicking through the provided calculator, typing in a vector, or combining both actions.

The calculator is available when "CVSS v3.1" is selected from the "Score type" field.

If the value in the Severity field is manually changed at any point after a CVSSv3.1 score has been created, a warning message will appear:

Entering a Score Manually

If the CVSS v3.1 score is already known, it can be entered in the "Score" field, and the finding's severity will update to match the score.

Entering a Vector Manually

If the CVSS vector is known, entering the value in the "Vectore" field will dynamically set the finding severity.

Using the Calculator

Step 1: In the "Score type" field, select CVSS v3.1, then click Calculate Score.

Step 2: Select values by clicking in the fields provided.

After selecting all fields, a severity score, severity value, and vector value are populated.

Validation is performed on multiple fields to ensure accurate score and severity using vector string and record, which must be kept in sync.

The vector record string updates whenever a field is clicked in the calculator. However, the string only displays if all base values are selected. Then, the option to save will show up.

When the vector string has changed, the string is then validated. If the string is valid, the record and selected values are updated in the calculator modal. If not, a warning message is displayed, and the save button is disabled.

Step 3: For more advanced scoring options, expand "Show temporal and environmental scoring."

Step 5: When finished, scroll to the bottom of the modal and click Save. The information is populated in the appropriate fields on the Findings Details tab.

CVSS 3.1 scores can also be viewed on the Findings tab of a report or client if that field has been configured to appear in the table.

PreviousCreating Jira TicketsNextAffected Assets

Last updated

Resources

Privacy PolicyTerms of UseVulnerability Policy

© 2024 PlexTrac, Inc. All rights reserved.