CVSS base score?

kris29
Tera Contributor

‎03-14-2022 06:18 AM

Hi,

I have a quick question.

Where can I find a CVSS base score in instance?

Is a CVSS base score is a risk score in Vulnerable item?

find_real_file.png

Preview file
3 KB
0 Helpfuls
  • 1,351 Views
3 REPLIES 3

john_gibbons
ServiceNow Employee
ServiceNow Employee

‎03-14-2022 06:27 AM

CVSS Base score(s) V2/V3 are listed as Vulnerability Score(v3) andVulnerability Score(v2) in the "sn_vul_entry" or "sn_vul_third_party_entry" tables.  Go to Vulnerability Response>Libraries>Third-Party and expose the following fields:

find_real_file.png

Preview file
31 KB
0 Helpfuls

kris29
Tera Contributor
In response to john_gibbons

‎03-14-2022 06:37 AM

thanks @john.gibbons 

one question, which CVSS Base score is used by default from integration, v3 or v2?

I found that CVSS v3 has become the industry standard right now.

0 Helpfuls

Shivam Sarawagi
ServiceNow Employee
ServiceNow Employee
In response to kris29

‎03-14-2022 07:16 AM

The risk score field on the VIT is the derived value by using multiple attributes. You can navigate to the vulnerability calculator and check which columns are getting used and change it based on your need.

 

Thanks,

Shivam

0 Helpfuls