CINXE.COM

NVD - Vulnerability Metrics

<!DOCTYPE html> <html lang="en"> <head><script type="text/javascript" src="/_static/js/bundle-playback.js?v=HxkREWBo" charset="utf-8"></script> <script type="text/javascript" src="/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("https://nvd.nist.gov/vuln-metrics/cvss","20231127153939","https://web.archive.org/","web","/_static/", "1701099579"); </script> <link rel="stylesheet" type="text/css" href="/_static/css/banner-styles.css?v=S1zqJCYt" /> <link rel="stylesheet" type="text/css" href="/_static/css/iconochive.css?v=3PDvdIFv" /> <!-- End Wayback Rewrite JS Include --> <title>NVD - Vulnerability Metrics</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"/> <meta http-equiv="content-style-type" content="text/css"/> <meta http-equiv="content-script-type" content="text/javascript"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"/> <link href="/web/20231127153939cs_/https://nvd.nist.gov/site-scripts/font-awesome/css/font-awesome.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20231127153939cs_/https://nvd.nist.gov/site-media/bootstrap/css/bootstrap.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20231127153939cs_/https://nvd.nist.gov/site-media/bootstrap/css/bootstrap-theme.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20231127153939cs_/https://nvd.nist.gov/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css" type="text/css" rel="stylesheet"/> <link href="/web/20231127153939cs_/https://nvd.nist.gov/site-media/css/nist-fonts.css" type="text/css" rel="stylesheet"/> <link href="/web/20231127153939cs_/https://nvd.nist.gov/site-media/css/base-style.css" type="text/css" rel="stylesheet"/> <link href="/web/20231127153939cs_/https://nvd.nist.gov/site-media/css/media-resize.css" type="text/css" rel="stylesheet"/> <meta name="theme-color" content="#000000"> <script src="/web/20231127153939js_/https://nvd.nist.gov/site-scripts/jquery/dist/jquery.min.js" type="text/javascript"></script> <script src="/web/20231127153939js_/https://nvd.nist.gov/site-scripts/jquery-visible/jquery.visible.min.js" type="text/javascript"></script> <script src="/web/20231127153939js_/https://nvd.nist.gov/site-scripts/underscore/underscore-min.js" type="text/javascript"></script> <script src="/web/20231127153939js_/https://nvd.nist.gov/site-media/bootstrap/js/bootstrap.js" type="text/javascript"></script> <script src="/web/20231127153939js_/https://nvd.nist.gov/site-scripts/moment/min/moment.min.js" type="text/javascript"></script> <script src="/web/20231127153939js_/https://nvd.nist.gov/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js" type="text/javascript"></script> <script src="/web/20231127153939js_/https://nvd.nist.gov/site-media/js/megamenu.js" type="text/javascript"></script> <script src="/web/20231127153939js_/https://nvd.nist.gov/site-media/js/nist-exit-script.js" type="text/javascript"></script> <script src="/web/20231127153939js_/https://nvd.nist.gov/site-media/js/forms.js" type="text/javascript"></script> <script src="/web/20231127153939js_/https://nvd.nist.gov/site-media/js/federated-analytics.all.min.js?agency=NIST&amp;subagency=nvd&amp;pua=UA-37115410-41&amp;yt=true" type="text/javascript" id="_fed_an_js_tag"></script> <!-- Google tag (gtag.js) --> <script async src="https://web.archive.org/web/20231127153939js_/https://www.googletagmanager.com/gtag/js?id=G-4KKFZP12LQ"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-4KKFZP12LQ'); </script> <style id="antiClickjack"> body>* { display: none !important; } #antiClickjack { display: block !important; } </style> <noscript> <style id="antiClickjackNoScript"> body>* { display: block !important; } #antiClickjack { display: none !important; } </style> </noscript> <script type="text/javascript" id="antiClickjackScript"> if (self === top) { // no clickjacking var antiClickjack = document.getElementById("antiClickjack"); antiClickjack.parentNode.removeChild(antiClickjack); } else { setTimeout(tryForward(), 5000); } function tryForward() { top.location = self.location; } </script> <meta charset="UTF-8"> <link href="/web/20231127153939cs_/https://nvd.nist.gov/site-media/css/nvd-style.css" type="text/css" rel="stylesheet"/> <link href="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/favicons/apple-touch-icon.png" rel="apple-touch-icon" type="image/png" sizes="180x180"/> <link href="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/favicons/favicon-32x32.png" rel="icon" type="image/png" sizes="32x32"/> <link href="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/favicons/favicon-16x16.png" rel="icon" type="image/png" sizes="16x16"/> <link href="/web/20231127153939/https://nvd.nist.gov/site-media/images/favicons/manifest.json" rel="manifest"/> <link href="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/favicons/safari-pinned-tab.svg" rel="mask-icon" color="#000000"/> <link href="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/favicons/favicon.ico" rel="shortcut icon"/> <meta name="msapplication-config" content="/site-media/images/favicons/browserconfig.xml"/> <link href="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/favicons/favicon.ico" rel="shortcut icon" type="image/x-icon"/> <link href="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/favicons/favicon.ico" rel="icon" type="image/x-icon"/> <meta charset="UTF-8"> <meta charset="UTF-8"> </head> <body> <header role="banner" title="Site Banner"> <div id="antiClickjack" style="display: none"> <h1>You are viewing this page in an unauthorized frame window.</h1> <p> This is a potential security issue, you are being redirected to <a href="https://web.archive.org/web/20231127153939/https://nvd.nist.gov/">https://nvd.nist.gov</a> </p> </div> <div> <section class="usa-banner" aria-label="Official government website"> <div class="usa-accordion container"> <header class="usa-banner__header"> <noscript> <p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p> </noscript> <img class="usa-banner__header-flag" src="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag"> &nbsp; <span class="usa-banner__header-text">An official website of the United States government</span> <button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="false" aria-controls="gov-banner"> <span class="usa-banner__button-text">Here's how you know</span> </button> </header> <div class="usa-banner__content usa-accordion__content collapse" role="tabpanel" id="gov-banner" aria-expanded="true"> <div class="row"> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Official websites use .gov</strong> <br> A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> </div> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/usbanner/icon-https.svg" alt="Https"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Secure .gov websites use HTTPS</strong> <br> A <strong>lock</strong> (<img class="usa-banner__lock" src="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </div> </section> </div> <div> <div> <nav id="navbar" class="navbar"> <div id="nist-menu-container" class="container"> <div class="row"> <!-- Brand --> <div class="col-xs-6 col-md-4 navbar-header" style="height:104px"> <a class="navbar-brand" href="https://web.archive.org/web/20231127153939/https://www.nist.gov/" target="_blank" id="navbar-brand-image" style="padding-top: 36px"> <img alt="National Institute of Standards and Technology" src="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/nist/nist-logo.svg" width="110" height="30"> </a> </div> <div class="col-xs-6 col-md-8 navbar-nist-logo"> <span id="nvd-menu-button" class="pull-right" style="margin-top: 26px"> <a href="#"> <span class="fa fa-bars"></span> <span id="nvd-menu-full-text"><span class="hidden-xxs">NVD </span>MENU</span> </a> </span> </div> </div> </div> <div class="main-menu-row container"> <!-- Collect the nav links, forms, and other content for toggling --> <div id="main-menu-drop" class="col-lg-12" style="display: none;"> <ul> <li><a href="/web/20231127153939/https://nvd.nist.gov/general"> General <span class="expander fa fa-plus" id="nvd-header-menu-general" data-expander-name="general" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="general"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/general/nvd-dashboard">NVD Dashboard</a> </p> <p> <a href="/web/20231127153939/https://nvd.nist.gov/general/news">News</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/general/email-list">Email List</a> </p> <p> <a href="/web/20231127153939/https://nvd.nist.gov/general/faq">FAQ</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/general/visualizations">Visualizations</a> </p> <p> <a href="/web/20231127153939/https://nvd.nist.gov/general/legal-disclaimer">Legal Disclaimer</a> </p> </div> </div> </div></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/vuln"> Vulnerabilities <span class="expander fa fa-plus" id="nvd-header-menu-vulnerabilities" data-expander-name="vulnerabilities" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="vulnerabilities"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/vuln/search">Search &amp; Statistics</a> </p> <p> <a href="/web/20231127153939/https://nvd.nist.gov/vuln/categories">Weakness Types</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/vuln/data-feeds">Legacy Data Feeds</a> </p> <p> <a href="/web/20231127153939/https://nvd.nist.gov/vuln/vendor-comments">Vendor Comments</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/vuln/cvmap">CVMAP</a> </p> </div> </div> </div></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/vuln-metrics/cvss"> Vulnerability Metrics <span class="expander fa fa-plus" id="nvd-header-menu-metrics" data-expander-name="metrics" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="metrics"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator">CVSS V3 Calculator</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator">CVSS V2 Calculator</a> </p> </div> <div class="col-lg-4"></div> </div> </div></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/products"> Products <span class="expander fa fa-plus" id="nvd-header-menu-products" data-expander-name="products" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="products"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/products/cpe">CPE Dictionary</a> </p> <p> <a href="/web/20231127153939/https://nvd.nist.gov/products/cpe/search">CPE Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/products/cpe/statistics">CPE Statistics</a> </p> <p> <a href="/web/20231127153939/https://nvd.nist.gov/products/swid">SWID</a> </p> </div> <div class="col-lg-4"></div> </div> </div></li> <li> <a href="/web/20231127153939/https://nvd.nist.gov/developers">Developers<span class="expander fa fa-plus" id="nvd-header-menu-developers" data-expander-name="developers" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="developers"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/developers/start-here">Start Here</a> </p> <p> <a href="/web/20231127153939/https://nvd.nist.gov/developers/request-an-api-key">Request an API Key</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/developers/vulnerabilities">Vulnerabilities</a> </p> <p> <a href="/web/20231127153939/https://nvd.nist.gov/developers/products">Products</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/developers/data-sources">Data Sources</a> </p> <p> <a href="/web/20231127153939/https://nvd.nist.gov/developers/terms-of-use">Terms of Use</a> </p> </div> </div> </div> </li> <li><a href="/web/20231127153939/https://nvd.nist.gov/info"> Contact NVD </a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/other"> Other Sites <span class="expander fa fa-plus" id="nvd-header-menu-othersites" data-expander-name="otherSites" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="otherSites"> <div class="row"> <div class="col-lg-4"> <p> <a href="https://web.archive.org/web/20231127153939/https://ncp.nist.gov/">Checklist (NCP) Repository</a> </p> <p> <a href="https://web.archive.org/web/20231127153939/https://ncp.nist.gov/cce">Configurations (CCE)</a> </p> <p> <a href="https://web.archive.org/web/20231127153939/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://web.archive.org/web/20231127153939/https://csrc.nist.gov/projects/scap-validation-program">SCAP Validated Tools</a> </p> <p> <a href="https://web.archive.org/web/20231127153939/https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://web.archive.org/web/20231127153939/https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a> </p> </div> </div> </div></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/search"> Search <span class="expander fa fa-plus" id="nvd-header-menu-search" data-expander-name="search" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="search"> <div class="row"> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/vuln/search">Vulnerability Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/web/20231127153939/https://nvd.nist.gov/products/cpe/search">CPE Search</a> </p> </div> </div> </div></li> </ul> </div> <!-- /#mobile-nav-container --> </div> </nav> <section id="itl-header" class="has-menu"> <div class="container"> <div class="row"> <div class="col-sm-12 col-md-8"> <h2 class="hidden-xs hidden-sm"> <a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/itl" target="_blank">Information Technology Laboratory</a> </h2> <h1 class="hidden-xs hidden-sm"> <a id="nvd-header-link" href="/web/20231127153939/https://nvd.nist.gov/">National Vulnerability Database</a> </h1> <h1 class="hidden-xs text-center hidden-md hidden-lg">National Vulnerability Database</h1> <h1 class="hidden-sm hidden-md hidden-lg text-center">NVD</h1> </div> <div class="col-sm-12 col-md-4"> <a style="width: 100%; text-align: center; display: block;padding-top: 14px"> <img id="img-logo-nvd-lg" alt="National Vulnerability Database" src="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/F_NIST-Logo-NVD-white.svg" width="500" height="100"> </a> </div> </div> </div> </section> </div> </div> </header> <main> <div> <div id="body-section" class="container"> <div> <div class="row"> <nav title="Side Menu" role="navigation" class="col-lg-3 col-md-4 hidden-sm hidden-xs hidden-xxs"> <ul class="side-nav"> <li><a href="/web/20231127153939/https://nvd.nist.gov/general">General<span class="expander fa fa-plus" id="nvd-side-menu-general" data-expander-name="generalSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="generalSide"> <ul> <li><a href="/web/20231127153939/https://nvd.nist.gov/general/nvd-dashboard">NVD Dashboard</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/general/news">News</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/general/email-list">Email List</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/general/faq">FAQ</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/general/visualizations">Visualizations</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/general/legal-disclaimer">Legal Disclaimer</a></li> </ul> </div></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/vuln"> Vulnerabilities <span class="expander fa fa-plus" id="nvd-side-menu-vulnerabilities" data-expander-name="vulnerabilitiesSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="vulnerabilitiesSide"> <ul> <li><a href="/web/20231127153939/https://nvd.nist.gov/vuln/search">Search &amp; Statistics</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/vuln/categories">Weakness Types</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/vuln/data-feeds">Legacy Data Feeds</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/vuln/vendor-comments">Vendor Comments</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/vuln/cvmap">CVMAP</a></li> </ul> </div></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/vuln-metrics/cvss"> Vulnerability Metrics <span class="expander fa fa-plus" id="nvd-side-menu-metrics" data-expander-name="metricsSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="metricsSide"> <ul> <li><a href="/web/20231127153939/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator">CVSS V3 Calculator</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator">CVSS V2 Calculator</a></li> </ul> </div></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/products"> Products <span class="expander fa fa-plus" id="nvd-side-menu-products" data-expander-name="productsSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="productsSide"> <ul> <li><a href="/web/20231127153939/https://nvd.nist.gov/products/cpe">CPE Dictionary</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/products/cpe/search">CPE Search</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/products/cpe/statistics">CPE Statistics</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/products/swid">SWID</a></li> </ul> </div></li> <li> <a href="/web/20231127153939/https://nvd.nist.gov/developers">Developers<span class="expander fa fa-plus" id="nvd-side-menu-developers" data-expander-name="developersSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="developersSide"> <ul> <li><a href="/web/20231127153939/https://nvd.nist.gov/developers/start-here">Start Here</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/developers/request-an-api-key">Request an API Key</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/developers/vulnerabilities">Vulnerabilities</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/developers/products">Products</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/developers/data-sources">Data Sources</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/developers/terms-of-use">Terms of Use</a></li> </ul> </div> </li> <li><a href="/web/20231127153939/https://nvd.nist.gov/info"> Contact NVD </a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/other"> Other Sites <span class="expander fa fa-plus" id="nvd-side-menu-othersites" data-expander-name="otherSitesSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="otherSitesSide"> <ul> <li><a href="https://web.archive.org/web/20231127153939/https://ncp.nist.gov/">Checklist (NCP) Repository</a></li> <li><a href="https://web.archive.org/web/20231127153939/https://ncp.nist.gov/cce">Configurations (CCE)</a></li> <li><a href="https://web.archive.org/web/20231127153939/https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a></li> <li><a href="https://web.archive.org/web/20231127153939/https://csrc.nist.gov/projects/scap-validation-program">SCAP Validated Tools</a></li> <li><a href="https://web.archive.org/web/20231127153939/https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a></li> <li><a href="https://web.archive.org/web/20231127153939/https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a></li> </ul> </div></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/search"> Search <span class="expander fa fa-plus" id="nvd-side-menu-search" data-expander-name="searchSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="searchSide"> <ul> <li><a href="/web/20231127153939/https://nvd.nist.gov/vuln/search">Vulnerability Search</a></li> <li><a href="/web/20231127153939/https://nvd.nist.gov/products/cpe/search">CPE Search</a></li> </ul> </div></li> </ul> </nav> <div id="page-content" class="col-lg-9 col-md-8 col-sm-12 col-xs-12 col-xxs-12"> <div class="col-md-12 col-sm-12 col-xs-12 col-xxs-12"> <div id="divLinks" class="row"> <div class="col-md-6" style="padding:0px;"> <div class="text-center"> <span class="carousel-title"> <a href="/web/20231127153939/https://nvd.nist.gov/Vulnerability-Metrics/Calculator-Product-Integration"> <img alt="CVSS Calculator" src="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/vulnMetrics/calcImage800x632.png" style="width: 300px; height: 237px;" title="Product Integration with NVD CVSS Calculators"> <br/> Product Integration with NVD CVSS Calculators </a> </span> </div> </div> <div class="col-md-6" style="padding:0px;"> <div class="text-center"> <span class="carousel-title"> <a href="https://web.archive.org/web/20231127153939/https://www.first.org/cvss"> <img alt="CVSS logo" src="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/vulnMetrics/firstImage800x632.png" style="width: 300px; height: 237px;" title="CVSS"> <br/> Common Vulnerability Scoring System </a> </span> </div> </div> </div> </div> <div id="entryVULN_METRIC_INFORMATION0"> <div class="col-md-12 col-sm-12 col-xs-12 col-xxs-12"> <h1>Vulnerability Metrics</h1> <p> The Common Vulnerability Scoring System (CVSS) is a method used to supply a qualitative measure of severity. CVSS is not a measure of risk. CVSS consists of three metric groups: Base, Temporal, and Environmental. The Base metrics produce a score ranging from 0 to 10, which can then be modified by scoring the Temporal and Environmental metrics. A CVSS score is also represented as a vector string, a compressed textual representation of the values used to derive the score. Thus, CVSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent vulnerability severity scores. Two common uses of CVSS are calculating the severity of vulnerabilities discovered on one's systems and as a factor in prioritization of vulnerability remediation activities. The National Vulnerability Database (NVD) provides CVSS assessments for all published CVE records. </p> <p> The NVD supports Common Vulnerability Scoring System (CVSS) v2.0 and v3.x standards. However, per the <a href="/web/20231127153939/https://nvd.nist.gov/general/news/retire-cvss-v2">NVD CVSS v2.0 Retirement</a> announcement, we no longer provide CVSS v2.0 assessments for newly published CVE records. The NVD provides CVSS 'base scores' which represent the innate characteristics of each vulnerability. The NVD does not currently provide 'temporal scores' (metrics that change over time due to events external to the vulnerability) or 'environmental scores' (scores customized to reflect the impact of the vulnerability on your organization). However, the NVD does supply a CVSS calculator for both CVSS v2 and v3.x to allow you to add temporal and environmental score data. (See next section) </p> <p> The CVSS specifications are owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world. The official CVSS documentation can be found at <a href="https://web.archive.org/web/20231127153939/https://www.first.org/cvss/" class="external">https://www.first.org/cvss/</a>. </p> <h2>NVD CVSS Calculators</h2> <table align="center" border="0" cellpadding="1" cellspacing="1" style="width:500px;"> <tbody> <tr> <th colspan="2"> <p style="text-align: center;"> <a href="/web/20231127153939/https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator">NVD CVSS v2 Calculator</a> </p> </th> <th colspan="2"> <p style="text-align: center;"> <a href="/web/20231127153939/https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator">NVD CVSS v3 Calculator</a> </p> </th> </tr> </tbody> </table> <h2>Qualitative Severity Ratings</h2> <p> NVD notates qualitative severity ratings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.x as they are defined in the CVSS v3.0 specification. </p> <table align="center" border="0" cellpadding="1" cellspacing="1" style="width:500px;"> <tbody> <tr> <th colspan="2"> <p style="text-align: center;">CVSS v2.0 Ratings</p> </th> <th colspan="2"> <p style="text-align: center;">CVSS v3.0 Ratings</p> </th> </tr> <tr> <th> <p>Severity</p> </th> <th> <p style="text-align: center;">Severity Score Range</p> </th> <th> <p>Severity</p> </th> <th> <p style="text-align: center;">Severity Score Range</p> </th> </tr> <tr> <td></td> <td></td> <td>None*</td> <td style="text-align: center;">0.0</td> </tr> <tr> <td>Low</td> <td style="text-align: center;">0.0-3.9</td> <td>Low</td> <td style="text-align: center;">0.1-3.9</td> </tr> <tr> <td>Medium</td> <td style="text-align: center;">4.0-6.9</td> <td>Medium</td> <td style="text-align: center;">4.0-6.9</td> </tr> <tr> <td>High</td> <td style="text-align: center;">7.0-10.0</td> <td>High</td> <td style="text-align: center;">7.0-8.9</td> </tr> <tr> <td></td> <td></td> <td>Critical</td> <td style="text-align: center;">9.0-10.0</td> </tr> </tbody> </table> <br/> <p> <i> *Note: The CVSS specification allows for the application of vector strings that result in a 0.0 severity score. However, the NVD does not assess CVSS vector strings that have no impacts. Per the CVE Program's <a href="https://web.archive.org/web/20231127153939/https://www.cve.org/ResourcesSupport/Glossary">definition of a vulnerability</a>, there should not be a CVE record counted that does not cause an impact to confidentiality, integrity, or availability. </i> </p> <h2>NVD Specific CVSS Information</h2> <h3>Incomplete Data</h3> <p> With some vulnerabilities, all of the information needed to assess CVSS vector strings may not be available. This typically happens when a vendor or maintainer announces a vulnerability but declines to provide certain details. In such situations, NVD analysts assign CVSS metric values using a worst case scenario approach. Thus, if a published vulnerability provides no details about the vulnerability, NVD analysts will assess that vulnerability as a 10.0 (the highest rating). </p> <h3>Collaboration with Industry</h3> <p> NVD staff are willing to work with the security community regarding CVSS assessment results. If you wish to contribute additional information or request amendments regarding NVD assessed CVSS vector strings, please send email to <a href="https://web.archive.org/web/20231127153939/mailto:nvd@nist.gov">nvd@nist.gov</a>. We actively work with users that provide us feedback. </p> <h3>Legacy CVSS Information</h3> <p> As of July 13th, 2022, the NVD no longer generates Vector Strings, Qualitative Severity Ratings, or Severity Scores for CVSS v2.0. Existing CVSS v2.0 information will remain in the database but the NVD will no longer actively populate CVSS v2.0 vector strings for new CVEs. This change comes as CISA policies that rely on NVD data fully transition away from CVSS v2.0. NVD analysts will continue to use the reference information provided with the CVE and any publicly available information at the time of analysis to associate Reference Tags, CVSS v3.1, CWE, and CPE Applicability statements. </p> <p> The NVD began supporting the CVSS v3.1 guidance on September 10th, 2019. The NVD will not be offering CVSS v3.0 and v3.1 vector strings for the same CVE. All new and re-analyzed CVE assessments will be done using the CVSS v3.1 guidance. </p> <p> Vector strings for the CVE vulnerabilities published between to 11/10/2005 and 11/30/2006 have been upgraded from CVSS version 1.0 data. CVSS v1.0 metrics did not contain the granularity of CVSS v2.0 and so they are marked as "Version 2.0 upgrade from v1.0" within NVD. While these are approximations, they are expected to be reasonably accurate CVSS v2.0 representations. </p> <p> Vector strings provided for the 13,000 CVE vulnerabilities published prior to 11/9/2005 are approximated from only partially available CVSS metric data. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: Access Complexity, Authentication, Confidentiality Impact of 'partial', Integrity Impact of 'partial', Availability Impact of 'partial', and the impact biases. </p> </div> </div> <div class="col-md-12 historical-data-area" id="historical-data-area"> <span> Created <span id="page-created-date"> <span>September 20, 2022</span> </span>, </span> Updated <span id="page-updated-date"> <span>November 6, 2023</span> </span> </div> </div> </div> </div> </div> </div> </main> <footer id="footer" role="contentinfo"> <div class="container"> <div class="row"> <div class="col-sm-12"> <ul class="social-list pull-right"> <li class="field-item service-twitter list-horiz"><a href="https://web.archive.org/web/20231127153939/https://twitter.com/NISTCyber" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> <li class="field-item service-facebook list-horiz"><a href="https://web.archive.org/web/20231127153939/https://www.facebook.com/NIST" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-linkedin list-horiz"><a href="https://web.archive.org/web/20231127153939/https://www.linkedin.com/company/nist" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-youtube list-horiz"><a href="https://web.archive.org/web/20231127153939/https://www.youtube.com/user/USNISTGOV" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-rss list-horiz"><a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/news-events/nist-rss-feeds" target="_blank" class="social-btn social-btn--large extlink"> <i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i> </a></li> <li class="field-item service-govdelivery list-horiz last"><a href="https://web.archive.org/web/20231127153939/https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" target="_blank" class="social-btn social-btn--large extlink ext"> <i class="fa fa-envelope fa-fw"><span class="element-invisible">govdelivery</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> </ul> <span class="hidden-xs"> <a title="National Institute of Standards and Technology" rel="home" class="footer-nist-logo"> <img src="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo"/> </a> </span> </div> </div> <div class="row hidden-sm hidden-md hidden-lg"> <div class="col-sm-12"> <a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/" title="National Institute of Standards and Technology" rel="home" target="_blank" class="footer-nist-logo"> <img src="/web/20231127153939im_/https://nvd.nist.gov/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo"/> </a> </div> </div> <div class="row footer-contact-container"> <div class="col-sm-6"> <strong>HEADQUARTERS</strong> <br> 100 Bureau Drive <br> Gaithersburg, MD 20899 <br> <a href="https://web.archive.org/web/20231127153939/tel:301-975-2000">(301) 975-2000</a> <br> <br> <a href="https://web.archive.org/web/20231127153939/mailto:nvd@nist.gov">Webmaster</a> | <a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/about-nist/contact-us">Contact Us</a> | <a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/about-nist/visit" style="display: inline-block;">Our Other Offices</a> </div> <div class="col-sm-6"> <div class="pull-right" style="text-align:right"> <strong>Incident Response Assistance and Non-NVD Related<br>Technical Cyber Security Questions:</strong> <br> US-CERT Security Operations Center <br> Email: <a href="https://web.archive.org/web/20231127153939/mailto:soc@us-cert.gov">soc@us-cert.gov</a> <br> Phone: 1-888-282-0870 </div> </div> </div> <div class="row"> <nav title="Footer Navigation" role="navigation" class="row footer-bottom-links-container"> <!-- https://github.com/usnistgov/nist-header-footer/blob/nist-pages/boilerplate-footer.html --> <p> <a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/oism/site-privacy">Site Privacy</a> | <a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/oism/accessibility">Accessibility</a> | <a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/privacy">Privacy Program</a> | <a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/oism/copyrights">Copyrights</a> | <a href="https://web.archive.org/web/20231127153939/https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a> | <a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a> | <a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/foia">FOIA</a> | <a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/environmental-policy-statement">Environmental Policy</a> | <a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a> | <a href="https://web.archive.org/web/20231127153939/https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a> | <a href="https://web.archive.org/web/20231127153939/https://www.commerce.gov/">Commerce.gov</a> | <a href="https://web.archive.org/web/20231127153939/https://www.science.gov/">Science.gov</a> | <a href="https://web.archive.org/web/20231127153939/https://www.usa.gov/">USA.gov</a> </p> </nav> </div> </div> </footer> </body> </html><!-- FILE ARCHIVED ON 15:39:39 Nov 27, 2023 AND RETRIEVED FROM THE INTERNET ARCHIVE ON 20:26:05 Dec 13, 2024. JAVASCRIPT APPENDED BY WAYBACK MACHINE, COPYRIGHT INTERNET ARCHIVE. ALL OTHER CONTENT MAY ALSO BE PROTECTED BY COPYRIGHT (17 U.S.C. SECTION 108(a)(3)). --> <!-- playback timings (ms): captures_list: 0.563 exclusion.robots: 0.028 exclusion.robots.policy: 0.016 esindex: 0.012 cdx.remote: 14.021 LoadShardBlock: 159.4 (3) PetaboxLoader3.datanode: 83.458 (4) PetaboxLoader3.resolve: 139.279 (2) load_resource: 108.763 -->

Pages: 1 2 3 4 5 6 7 8 9 10