The base score is calculated using the following attributes that are assigned to each check:
Confidentiality Impact ©)
Integrity Impact (I)
Availability Impact (A)
Access Vector (Av)
Access Complexity (Ac)
See Check risk attributes.
The formula that is used to calculate the base score is as follows:
Base score = round_to_1_decimal (((0.6*Impact) + (0.4*Exploitability) - 1.5) * f(Impact))
The Impact, Exploitability, and the f(Impact) values in the base score formula are calculated from the check attributes as follows:
Impact = 10.41 * (1- (1-Confidentiality Impact) * (1-Integrity Impact) * (1-Availability Impact))
Exploitability = 20 * (Access Vector) * (Access Complexity) * (Authentication)
f(impact) = 0 if Impact = 0, f(impact) = 1.176 if Impact is not equal to 0.
The range of the base score values is from 0.0-10.0.
See About risk score calculation
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.