CVSSv3 07/27/2022

CVSSv3 Base

≤10
≤20
≤31
≤435
≤514
≤623
≤78
≤82
≤95
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤435
≤514
≤624
≤79
≤81
≤94
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤437
≤515
≤620
≤710
≤82
≤93
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤62
≤71
≤82
≤91
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2052003.53.5
 
 
 
 
Lucene-Search Plugin Query Parameter cross site scripting0.000.00885CVE-2022-36922
2051994.34.3
 
 
 
 
Coverity Plugin cross-site request forgery0.110.00885CVE-2022-36920
2051984.34.3
 
 
 
 
Openstack Heat Plugin cross-site request forgery0.040.00885CVE-2022-36911
2051974.34.3
 
 
 
 
OpenShift Deployer Plugin Controller File System cross-site request forgery0.000.00885CVE-2022-36908
2051964.34.3
 
 
 
 
OpenShift Deployer Plugin cross-site request forgery0.000.00885CVE-2022-36906
2051953.53.5
 
 
 
 
Maven Metadata Plugin for Jenkins CI Server URL Validation cross site scripting0.000.00885CVE-2022-36905
2051943.53.5
 
 
 
 
Dynamic Extended Choice Parameter Plugin Moded Extended Choice cross site scripting0.000.00885CVE-2022-36902
2051934.34.3
 
 
 
 
Job Configuration History Plugin System Configuration cross-site request forgery0.000.00885CVE-2022-36887
2051924.34.3
 
 
 
 
External Monitor Job Type Plugin cross-site request forgery0.000.00885CVE-2022-36886
2051913.53.5
 
 
 
 
OX Software OX App Suite E-Mail Message appHandler cross site scripting0.000.00885CVE-2022-23101
2051903.53.5
 
 
 
 
OX Software OX App Suite cross site scripting0.000.00885CVE-2022-23099
2051895.55.5
 
 
 
 
Coverity Plugin authorization0.000.00885CVE-2022-36921
2051883.53.5
 
 
 
 
Coverity Plugin authorization0.000.00885CVE-2022-36919
2051873.53.5
 
 
 
 
Buckminster Plugin Controller File System authorization0.000.00885CVE-2022-36918
2051863.53.5
 
 
 
 
Android Signing Plugin authorization0.000.00885CVE-2022-36915
2051853.53.5
 
 
 
 
Files Found Trigger Plugin Controller File System authorization0.000.00885CVE-2022-36914
2051845.55.5
 
 
 
 
Openstack Heat Plugin Controller File System authorization0.000.00885CVE-2022-36913
2051835.55.5
 
 
 
 
Openstack Heat Plugin authorization0.000.00885CVE-2022-36912
2051823.53.5
 
 
 
 
Lucene-Search Plugin HTTP Endpoint authorization0.080.00885CVE-2022-36910
2051815.55.5
 
 
 
 
OpenShift Deployer Plugin Controller File System authorization0.000.00885CVE-2022-36909
2051805.55.5
 
 
 
 
OpenShift Deployer Plugin permission0.000.00885CVE-2022-36907
2051793.53.5
 
 
 
 
Repository Connector Plugin Controller File System authorization0.000.00885CVE-2022-36904
2051783.53.5
 
 
 
 
Repository Connector Plugin authorization0.040.00885CVE-2022-36903
2051773.53.5
 
 
 
 
HTTP Request Plugin Controller File System credentials storage0.000.00885CVE-2022-36901
2051765.55.5
 
 
 
 
Compuware zAdviser API Plugin protection mechanism0.000.02485CVE-2022-36900
2051753.53.5
 
 
 
 
Compuware Xpediter Code Coverage Plugin Configuration authorization0.000.00885CVE-2022-36897
2051743.53.5
 
 
 
 
Compuware Topaz Utilities Plugin Configuration authorization0.000.00885CVE-2022-36895
2051735.55.5
 
 
 
 
CLIF Performance Testing Plugin Controller File System path traversal0.050.00885CVE-2022-36894
2051723.53.5
 
 
 
 
rpmsign-plugin authorization0.060.00885CVE-2022-36893
2051713.53.5
 
 
 
 
rhnpush-plugin Plugin authorization0.000.00885CVE-2022-36892
2051703.53.5
 
 
 
 
Deployer Framework Plugin Deployment Log authorization0.000.00885CVE-2022-36891
2051693.53.5
 
 
 
 
Deployer Framework Plugin Controller File System path traversal0.000.00885CVE-2022-36890
2051685.55.5
 
 
 
 
Deployer Framework Plugin Application Path path traversal0.000.00885CVE-2022-36889
2051673.53.5
 
 
 
 
HashiCorp Vault Plugin authorization0.000.00885CVE-2022-36888
2051663.53.5
 
 
 
 
GitHub Plugin timing discrepancy0.090.00885CVE-2022-36885
2051654.34.3
 
 
 
 
Git Plugin Webhook Endpoint information disclosure0.060.00885CVE-2022-36884
2051644.34.3
 
 
 
 
Git Plugin Build cross-site request forgery0.080.00885CVE-2022-36882
2051633.73.7
 
 
 
 
Git Client Plugin SSH Host Key Verification key exchange without entity authentication0.060.00885CVE-2022-36881
2051625.55.5
 
 
 
 
OX Software OX App Suite Documentconverter API server-side request forgery0.000.00885CVE-2022-24406
2051615.55.5
 
 
 
 
OX Software OX App Suite Documentconverter API os command injection0.000.01005CVE-2022-24405
2051605.55.5
 
 
 
 
OX Software OX App Suite Email Attachment Documentconverter os command injection0.220.01005CVE-2022-23100
2051593.53.5
 
 
 
 
Sims addNotifyServlet cross site scripting0.000.00885CVE-2022-34550
2051588.16.3
 
9.9
 
 
hestiacp os command injection0.040.01005CVE-2022-2550
2051574.63.5
 
5.7
 
 
GPAC null pointer dereference0.000.00885CVE-2022-2549
2051564.34.3
 
 
 
 
Google Cloud Backup Plugin Manual Backup cross-site request forgery0.000.00885CVE-2022-36916
2051553.53.5
 
 
 
 
Compuware ISPW Operations Plugin protection mechanism0.000.02485CVE-2022-36899
2051543.53.5
 
 
 
 
Compuware ISPW Operations Plugin Configuration authorization0.000.00885CVE-2022-36898
2051533.53.5
 
 
 
 
Compuware Source Code Download Configuration authorization0.000.00885CVE-2022-36896
2051524.34.3
 
 
 
 
Adobe Acrobat Reader out-of-bounds0.060.00885CVE-2022-35669
2051514.43.5
 
5.4
 
 
Nico Amarilla BxSlider WP Plugin cross site scripting0.000.00885CVE-2022-33943

39 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!