CVSSv3 11/16/2022

CVSSv3 Base

≤10
≤20
≤32
≤422
≤510
≤613
≤712
≤82
≤93
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤424
≤58
≤618
≤78
≤81
≤93
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤313
≤415
≤57
≤614
≤711
≤84
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤512
≤64
≤74
≤82
≤92
≤103

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2138084.24.3
 
4.0
 
 
IBM Sterling Partner Engagement Manager insecure storage of sensitive information0.040.00885CVE-2022-34354
2138073.53.5
 
 
 
 
Zenario CMS User cross site scripting0.000.00885CVE-2022-44073
2138063.53.5
 
 
 
 
Zenario CMS Profile cross site scripting0.000.00885CVE-2022-44071
2138053.53.5
 
 
 
 
Zenario CMS News Article cross site scripting0.040.00885CVE-2022-44070
2138043.53.5
 
 
 
 
Zenario CMS Nest Library Module cross site scripting0.080.00885CVE-2022-44069
2138033.53.5
 
 
 
 
Arobas Music Guitar Pro Web Request pathname traversal0.080.00885CVE-2022-43264
2138023.03.0
 
 
 
 
Arobas Music Guitar Pro cross site scripting0.040.00885CVE-2022-43263
2138016.36.3
 
 
 
 
SeaCms index.php sql injection0.080.00885CVE-2022-43256
2138005.55.5
 
 
 
 
Hoosk PHP File attachments unrestricted upload0.050.01338CVE-2022-43234
2137996.36.3
 
 
 
 
Human Resource Management System login.php sql injection0.040.00885CVE-2022-43262
2137983.53.5
 
 
 
 
Cisco Identity Services Engine cross site scripting0.160.00000CVE-2022-20967
2137973.53.5
 
 
 
 
Cisco Identity Services Engine cross site scripting0.040.00000CVE-2022-20966
2137963.53.5
 
 
 
 
Cisco Identity Services Engine cross site scripting0.050.00000CVE-2022-20965
2137953.53.5
 
 
 
 
Cisco Identity Services Engine cross site scripting0.630.00000CVE-2022-20964
2137948.57.3
 
9.8
 
 
Sophos Mobile Managed On-Premises XML server-side request forgery0.040.01086CVE-2022-3980
2137934.93.7
 
6.1
 
 
ikus060 rdiffweb missing authentication0.000.00885CVE-2022-4018
2137926.54.3
 
8.8
 
 
Permalink Manager Lite Plugin Setting cross-site request forgery0.050.00885CVE-2022-4021
2137914.93.5
 
6.4
 
 
SVG Support Plugin SVG Upload cross site scripting0.040.00885CVE-2022-4022
2137906.36.3
 
 
 
 
Karmasis Infraskope Security Event Manager Log access control0.000.00885CVE-2022-24036
2137894.74.7
 
 
 
 
Sports Club Management System make_payments.php sql injection0.090.00885CVE-2022-4015
2137884.34.3
 
 
 
 
FeehiCMS Post My Comment Tab cross-site request forgery0.200.00885CVE-2022-4014
2137874.34.3
 
 
 
 
Hospital Management Center appointment.php cross-site request forgery0.160.00885CVE-2022-4013
2137866.36.3
 
 
 
 
Hospital Management Center patient-info.php sql injection0.040.00885CVE-2022-4012
2137856.56.5
 
 
 
 
Simple History Plugin Header neutralization for logs0.090.00954CVE-2022-4011
2137843.73.7
 
 
 
 
mastodon excessive authentication0.040.00885CVE-2022-2166
2137835.35.3
 
5.3
 
 
Hashicorp Consul/Consul Enterprise authorization0.120.00885CVE-2022-3920
2137826.36.3
 
 
 
 
ZoneMinder session fixiation0.030.00885CVE-2022-30769
2137813.53.5
 
 
 
 
ZoneMinder Logout cross site scripting0.000.00885CVE-2022-30768
2137806.45.3
 
7.5
 
 
s::can moni::tools image-relocator Module path traversal0.040.00885CVE-2020-12508
2137798.27.3
 
9.1
 
 
Micrium uC-HTTP HTTP Request heap-based overflow0.040.01978CVE-2022-24942
2137785.55.5
 
 
 
 
insyde Kernel FwBlockServiceSmm Driver Privilege Escalation0.040.00885CVE-2022-29277
2137775.55.5
 
 
 
 
Apache Mina SSHD Java deserialization0.220.00885CVE-2022-45047
2137764.34.3
 
4.3
 
 
OpenSearch Java Security Manager Policy Configuration information disclosure0.050.00885CVE-2022-41917
2137754.83.7
 
5.9
 
 
Heimdal KDC/kinit off-by-one0.040.00954CVE-2022-41916
2137747.56.3
 
8.8
 
 
s::can moni::tools sql injection0.040.00885CVE-2020-12507
2137736.36.3
 
 
 
 
OpenSearch Access Control Rules access control0.360.00885CVE-2022-41918
2137728.57.3
 
9.8
 
 
Wiesemann & Theis AT-Modem-Emulator/Com-Server HTTP GET Request missing authentication0.110.01055CVE-2022-42785
2137715.75.4
 
6.1
 
 
ESRI Portal for ArcGIS Quick Capture Web Designer redirect0.000.01055CVE-2022-38201
2137705.55.5
 
 
 
 
Canteen Management System save_user.php unrestricted upload0.050.01773CVE-2022-43265
2137695.55.5
 
 
 
 
insyde Kernel PnpSmm Privilege Escalation0.040.00885CVE-2022-30772
2137685.55.5
 
 
 
 
insyde Kernel PnpSmm memory corruption0.040.00885CVE-2022-30771
2137674.64.6
 
 
 
 
insyde Kernel UsbCoreDxe buffer overflow0.030.00885CVE-2022-30283
2137665.55.5
 
 
 
 
insyde Kernel SdMmcDevice memory corruption0.040.00885CVE-2022-29279
2137655.55.5
 
 
 
 
insyde Kernel NvmExpressDxe Driver memory corruption0.000.00885CVE-2022-29278
2137645.55.5
 
 
 
 
insyde Kernel AhciBusDxe memory corruption0.000.00885CVE-2022-29276
2137635.55.5
 
 
 
 
insyde Kernel UsbCoreDxe memory corruption0.040.00885CVE-2022-29275
2137626.36.3
 
 
 
 
LimeSurvey update.php sql injection0.000.00885CVE-2022-43279
2137613.62.4
 
4.8
 
 
Cisco FirePOWER Management Center Web-based Management Interface cross site scripting0.040.01055CVE-2022-20936
2137603.62.4
 
4.8
 
 
Cisco FirePOWER Management Center Web-based Management Interface cross site scripting0.070.01055CVE-2022-20935
2137593.62.4
 
4.8
 
 
Cisco FirePOWER Management Center Web-based Management Interface cross site scripting0.050.01055CVE-2022-20932

14 more entries are not shown

Do you know our Splunk app?

Download it now for free!