CWSS Calc
CWSS Score
CWSS Score severity thresholds
CWSS severity levels
92.6
of 100.0
Base Finding
Technical Impact
*
Critical
High
Medium
Low
None
Default
Unknown
Not Applicable
Quantified
Acquired Privilege
*
Administrator
Partially-Privileged User
Regular User
Limited / Guest
None
Default
Unknown
Not Applicable
Quantified
Acquired Privilege Layer
*
Application
System
Network
Enterprise Infrastructure
Default
Unknown
Not Applicable
Quantified
Internal Control Effectiveness
*
None
Limited
Moderate
Indirect (Defense-in-Depth)
Best-Available
Complete
Default
Unknown
Not Applicable
Quantified
Finding Confidence
*
Proven True
Proven Locally True
Proven False
Default
Unknown
Not Applicable
Quantified
Attack Surface
Required Privilege
*
None
Limited / Guest
Regular User
Partially-Privileged User
Administrator
Default
Unknown
Not Applicable
Quantified
Required Privilege Layer
*
Application
System
Network
Enterprise Infrastructure
Default
Unknown
Not Applicable
Quantified
Access Vector
*
Internet
Intranet
Private Network
Adjacent Network
Local
Physical
Default
Unknown
Not Applicable
Quantified
Authentication Strength
*
Strong
Moderate
Weak
None
Default
Unknown
Not Applicable
Quantified
Level of Interaction
*
Automated
Typical/Limited
Moderate
Opportunistic
High
No Interaction
Default
Unknown
Not Applicable
Quantified
Deployment Scope
*
All
Moderate
Rare
Potentially Reachable
Default
Unknown
Not Applicable
Quantified
Environmental
Business Impact
*
Critical
High
Medium
Low
None
Default
Unknown
Not Applicable
Quantified
Likelihood of Discovery
*
High
Medium
Low
Default
Unknown
Not Applicable
Quantified
Likelihood of Exploit
*
High
Medium
Low
None
Default
Unknown
Not Applicable
Quantified
External Control Effectiveness
*
None
Limited
Moderate
Indirect (Defense-in-Depth)
Best-Available
Complete
Default
Unknown
Not Applicable
Quantified
Prevalence
*
Widespread
High
Common
Limited
Default
Unknown
Not Applicable
Quantified