THREATLENS
FIRST.org CVSS v3.1 specification

CVSS calculator

Compute base scores from CVSS v3.1 metrics, or paste a vector string to decode an existing score.

Adjust metrics to recompute the base score in real time.

Base score
9.8
CRITICAL
Impact
5.9
Exploitability
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

AV

Attack Complexity

AC

Privileges Required

PR

User Interaction

UI

Scope

S

Confidentiality

C

Integrity

I

Availability

A

Score breakdown

Scope: Unchanged

How each metric selection feeds the 9.8 base score. Exploitability and Impact sub-scores are combined per the CVSS v3.1 formula.

Exploitability sub-score
3.9
8.22 × AV × AC × PR × UI
  • Attack Vector (AV)Network · ×0.85

    Reachable over the network — maximum exploitability multiplier (0.85).

  • Attack Complexity (AC)Low · ×0.77

    No special conditions — full exploitability (0.77).

  • Privileges Required (PR)None · ×0.85

    No privileges required — maximum exploitability (0.85).

  • User Interaction (UI)None · ×0.85

    No user action needed — full exploitability (0.85).

Impact sub-score
5.9
6.42 × ISSISS = 1 − (1−C)(1−I)(1−A) = 0.915
  • Confidentiality (C)High · ×0.56

    Total loss of confidentiality — full impact contribution (0.56).

  • Integrity (I)High · ×0.56

    Total loss of integrity — full impact contribution (0.56).

  • Availability (A)High · ×0.56

    Total loss of availability — full impact contribution (0.56).

Scope

Unchanged Impact is contained to the vulnerable component (Unchanged).

Final base score

BaseScore = roundUp( min( Impact + Exploitability, 10 ) )

= roundUp(5.9 + 3.9) = 9.8 (CRITICAL)

Feedback

How was this page?

Spotted something off, or have an idea? Let us know.

0/1000