CVSS v2 (Common Vulnerability Scoring System) is a standard that is defined by the Forum of Incident Response and Security Teams (FIRST). FIRST, whose Web site is http://www.first.org/cvss, defines methods for scoring and rating the computer vulnerabilities. The National Vulnerability Database (NVD) defines and publishes the CVSS base scores and vector strings for the most known vulnerabilities.
NVD publishes the vulnerability summaries that provide detailed information, which includes the CVSS base score and vector strings. These vulnerability summaries can be accessed using the CVE (Common Vulnerabilities and Exposures) identifier (ID) for a given vulnerability.
CCS lets you import the CVE 2.0 and store the CVSS base scores and vector string data in the database. Links to the NVD vulnerability summaries through the CVE IDs are displayed for the SCAP evaluation result details.
CCS uses the CVE-CVSS standard in the following manner:
Imports the CVE list independent of the SCAP data stream.