CVSSv3 04/23/2022

CVSSv3 Base

≤10
≤20
≤30
≤40
≤54
≤61
≤710
≤82
≤91
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤40
≤54
≤61
≤710
≤83
≤90
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤41
≤53
≤61
≤710
≤82
≤91
≤102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤52
≤61
≤79
≤83
≤90
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1984357.57.3
 
7.7
 
 
mruby mrb_obj_is_kind_of out-of-bounds read0.00CVE-2022-1427
1984344.34.3
 
 
 
 
MCMS saveOrUpdateRole.do cross-site request forgery0.00CVE-2022-27340
1984337.37.3
 
7.3
 
 
Lenovo System Update Command Prompt Local Privilege Escalation0.09CVE-2022-0354
1984326.76.7
 
6.7
 
 
Lenovo Notebook Legacy BIOS Mode Driver input validation0.09CVE-2021-4212
1984316.76.7
 
6.7
 
 
Lenovo Desktop/ThinkStation/ThinkEdge SMBIOS Event Log Driver input validation0.05CVE-2021-4211
1984306.76.7
 
6.7
 
 
Lenovo Desktop/ThinkStation/ThinkEdge SMI Callback input validation0.05CVE-2021-4210
1984296.76.7
 
6.7
 
 
Lenovo Notebook LenovoVariable SMI input validation0.05CVE-2021-3970
1984285.55.5
 
5.5
 
 
Lenovo PCManager out-of-bounds write0.09CVE-2021-3721
1984275.05.0
 
5.0
 
 
Lenovo Thin Installer buffer overflow0.09CVE-2022-0636
1984268.18.8
 
7.3
 
 
Lenovo PCManager uncontrolled search path0.23CVE-2022-0192
1984256.76.7
 
6.7
 
 
Lenovo Notebook BIOS code0.14CVE-2021-3972
1984246.76.7
 
6.7
 
 
Lenovo Notebook Driver code0.14CVE-2021-3971
1984234.93.1
 
6.8
 
 
Lenovo Device Help/Ready For Communication Channel certificate validation0.81CVE-2021-3898
1984225.05.0
 
5.0
 
 
Lenovo PCManager Configuration File default permission0.17CVE-2021-3722
1984216.36.3
 
 
 
 
JFinalCMS Article Management sql injection0.07CVE-2022-27341
1984206.76.7
 
6.7
 
 
Lenovo ThinkPad X1 Fold SMI LenovoFlashDeviceInterface input validation0.05CVE-2022-1108
1984196.36.3
 
 
 
 
Link-Admin DictRest.ResponseResult sql injection0.06CVE-2022-27342
1984186.76.7
 
6.7
 
 
Lenovo ThinkPad SmmOEMInt15 SMI input validation0.18CVE-2022-1107
1984179.89.8
 
9.8
 
 
Lenovo Fan Power Controller2/System Management Module Internal Service authentication bypass0.24CVE-2021-3897
1984169.89.8
 
9.8
 
 
Lenovo Fan Power Controller2/System Management Module authentication bypass0.15CVE-2021-3849

Do you know our Splunk app?

Download it now for free!