Web application security - the fast guide Chapter 3: Vulnerabilities And Threat Models | Page 13

CVSS (cont)
BaseScore = round_to_1_decimal(((0.6*Impact)+(0.4*Exploitability)–
1.5)*f(Impact))
Impact = 10.41*(1-(1-ConfImpact)*(1-IntegImpact)*(1-AvailImpact))
Authentication = case Authentication of
requires multiple instances of authentication: 0.45
requires single instance of authentication: 0.56
requires no authentication: 0.704
f(impact)= 0 if Impact=0, 1.176 otherwise ConfImpact = case ConfidentialityImpact of
none: 0.0
partial: 0.275
complete: 0.660
AccessVector = case AccessVector of requires
local access: 0.395
adjacent network accessible: 0.646
network accessible: 1.0 IntegImpact= case IntegrityImpact of
none: 0.0
partial: 0.275
complete: 0.660
AccessComplexity = case AccessComplexity of
high: 0.35
medium: 0.61
low: 0.71 AvailImpact= case AvailabilityImpact of
none: 0.0
partial: 0.275
complete: 0.660
Exploitability = 20* AccessVector*AccessComplexity*Authentication
2017-05-10
Web Application Security Fast Guide (book slides)
By Dr.Sami Khiami
Slide 13