CVSS base score?

kris29
Tera Contributor

Hi,

I have a quick question.

Where can I find a CVSS base score in instance?

Is a CVSS base score is a risk score in Vulnerable item?

find_real_file.png

3 REPLIES 3

john_gibbons
ServiceNow Employee
ServiceNow Employee

CVSS Base score(s) V2/V3 are listed as Vulnerability Score(v3) andVulnerability Score(v2) in the "sn_vul_entry" or "sn_vul_third_party_entry" tables.  Go to Vulnerability Response>Libraries>Third-Party and expose the following fields:

find_real_file.png

thanks @john.gibbons 

one question, which CVSS Base score is used by default from integration, v3 or v2?

I found that CVSS v3 has become the industry standard right now.

The risk score field on the VIT is the derived value by using multiple attributes. You can navigate to the vulnerability calculator and check which columns are getting used and change it based on your need.

 

Thanks,

Shivam