CWSS Vector and Score Generator
CWSS Vector and Score
Vector:
Score:
Qualitative Rating:
Base Finding Metric Group
Technical Impact (TI):
Critical
High
Medium
Low
None
Acquired Privilege (AP):
Administrator
Partially-Privileged User
Regular User
Limited/Guest
None
Acquired Privilege Layer (AL):
Application
System
Network
Internal Control Effectiveness (IC):
None
Limited
Moderate
Indirect
Best-Available
Complete
Finding Confidence (FC):
Proven True
Proven Locally True
Proven False
Attack Surface Metric Group
Required Privilege (RP):
None
Limited/Guest
Regular User
Partially-Privileged User
Administrator
Required Privilege Layer (RL):
Application
System
Network
Access Vector (AV):
Internet
Intranet
Private Network
Adjacent Network
Local
Physical
Authentication Strength (AS):
Strong
Moderate
Weak
None
Level of Interaction (IN):
Automated
Typical/Limited
Moderate
Opportunistic
High
Deployment Scope (SC):
All
Moderate
Rare
Potentially Reachable
Environmental Metric Group
Business Impact (BI):
Critical
High
Medium
Low
None
Likelihood of Discovery (DI):
High
Medium
Low
Likelihood of Exploit (EX):
High
Medium
Low
External Control Effectiveness (EC):
None
Limited
Moderate
Indirect
Best-Available
Complete
Prevalence (P):
Widespread
High
Common
Limited