Tool
CWSS* Calculator 1.0.1
0.0
CWSS Score
LOW
BrownPipe Priority
TI:D/AP:D/AL:D/IC:D/FC:D/RP:D/RL:D/AV:D/AS:D/IN:D/SC:D/BI:D/DI:D/EX:D/EC:D/P:D Select the metric values below to calculate the CWSS score.
Base Finding 0.00
TI — Technical Impact: The potential result that can be produced by the weakness, assuming it can be successfully reached and exploited.
AP — Acquired Privilege: The type of privileges that are obtained by an attacker who successfully exploits the weakness.
AL — Acquired Privilege Layer: The operational layer to which the attacker gains privileges by successfully exploiting the weakness.
IC — Internal Control Effectiveness: The ability of the control to prevent the weakness from being exploited by an attacker.
FC — Finding Confidence: The confidence that the reported issue is a weakness that can be utilized by an attacker.
Attack Surface 0.00
RP — Required Privilege: The type of privileges that an attacker must already have in order to reach the code/functionality that contains the weakness.
RL — Required Privilege Layer: The operational layer at which the attacker must have privileges in order to attempt to exploit the weakness.
AV — Access Vector: The channel through which an attacker must communicate to reach the code or functionality that contains the weakness.
AS — Authentication Strength: The strength of the authentication routine that protects the code/functionality that contains the weakness.
IN — Level of Interaction: The actions that must be performed by the human victim(s) to enable a successful attack.
SC — Deployment Scope: Whether the weakness is present in all deployable instances of the software, or if it is limited to a subset of platforms and/or configurations.
Environmental 0.00
BI — Business Impact: The potential impact to the business or mission if the weakness is successfully exploited.
DI — Likelihood of Discovery: The likelihood that an attacker will discover the weakness.
EX — Likelihood of Exploit: The likelihood that, if the weakness is discovered, an attacker with the required privileges will successfully exploit it.
EC — External Control Effectiveness: The ability of controls or mitigations outside of the software to make it more difficult for an attacker to reach and/or trigger the weakness.
P — Prevalence: How often this type of weakness appears in software.
* CWSS™ (Common Weakness Scoring System) is a trademark of The MITRE Corporation. This calculator was implemented based on the CWSS version 1.0.1 specification.