Vulnerabilities
CVSS (Common Vulnerability Scoring System)
Also known as: CVSS score
Definition
An open framework, maintained by FIRST, that produces a 0–10 severity score for a vulnerability based on its exploitation characteristics and impact.
Examples
- CVE-2021-44228 (Log4Shell) — CVSS v3.1 Base 10.0 (Critical).
- CVE-2014-0160 (Heartbleed) — CVSS v2 Base 5.0 (Medium).
Related terms
Vulnerability
A weakness in a system, application, or process that an attacker can exploit to violate confidentiality, integrity, or availability.
CVE (Common Vulnerabilities and Exposures)
A public catalogue that assigns a unique identifier to each disclosed software or hardware vulnerability so they can be referenced unambiguously across the industry.
EPSS (Exploit Prediction Scoring System)
A data-driven model, maintained by FIRST, that estimates the probability a given CVE will be exploited in the wild within the next 30 days.
Known Exploited Vulnerability (KEV)
A CVE that the U.S. CISA confirms is being actively exploited and adds to its public KEV Catalog, triggering remediation deadlines for U.S. federal agencies.
Vulnerability Assessment
A systematic review of an environment to identify, classify, and prioritize security weaknesses, typically without active exploitation.
Patch Management
The end-to-end process of identifying, testing, deploying, and verifying software updates that fix vulnerabilities or bugs.