The Common Vulnerability Scoring System (CVSS) v3.1 uses three metric groups to calculate overall scores:Base,Temporal, andEnvironmental.
Base (E):Mandatory metrics assessing exploitability (e.g., attack vector) and impact (confidentiality, integrity, availability).
Temporal (A):Optional metrics reflecting the current state of the vulnerability (e.g., exploit availability, remediation level).
Environmental (F):Optional metrics tailoring the score to the organization’s context (e.g., security requirements).
B, C, D (Availability, Integrity, Confidentiality):These are subcomponents of the Base Impact metrics, not standalone groups.
G (Impact):A categorywithin Base, not a group.
H (Attack vector):A single Base metric, not a group.
[Reference:CompTIA SecurityX CAS-005 Domain 1: Risk Management – Vulnerability Assessment and Prioritization., , , ]
Submit