Web application security - the fast guide Chapter 3: Vulnerabilities And Threat Models | Page 15

CVSS (cont)
EnvironmentalScore = round_to_1_decimal((AdjustedTemporal+(10-
AdjustedTemporal) *CollateralDamagePotential)*TargetDistribution)
AdjustedTemporal = TemporalScore recomputed with the BaseScore’s
Impact sub-equation replaced with the AdjustedImpact equation
AdjustedImpact = min(10,10.41*(1-(1-ConfImpact*ConfReq)*(1-
IntegImpact*IntegReq)*(1-AvailImpact*AvailReq)))
CollateralDamagePotential = case CollateralDamagePotential of
none: 0
low: 0.1
low-medium: 0.3
medium-high: 0.4
high: 0.5
not defined: 0
TargetDistribution = case TargetDistribution of
none: 0
low: 0.25
medium: 0.75
high: 1.00
not defined: 1.00
2017-05-10
ConfReq = case ConfReq of
low: 0.5
medium: 1.0
high: 1.51
not defined: 1.0
IntegReq = case IntegReq of
low: 0.5
medium: 1.0
high: 1.51
not defined: 1.0
AvailReq= case AvailReq of
low:0.5
medium:1.0
high:1.51
not defined: 1.0
Web Application Security Fast Guide (book slides)
By Dr.Sami Khiami
Slide 15