The Common Vulnerability Scoring System (CVSS) is an industry standard that is used to rate the potential severity of vulnerabilities.
The National Vulnerability Database (NVD) is one source for CVSS assessments. For more information, see Vulnerability Metrics on the NVD website.
Mandiant Advantage Threat Intelligence (MATI) uses the following CVSS scores:
- CVSS v3.1 Base Metrics: This metric group represents the intrinsic characteristics of a Vulnerability that are constant over time and across user environments.
- CVSS v3.1 Temporal Metrics: This metric group represents the intrinsic characteristics of a Vulnerability that are constant over time but not across user environments.
- CVSS v2.0 Base Metrics: This metric group represents the intrinsic characteristics of a Vulnerability that are constant over time and across user environments.
- CVSS v2.0 Temporal Metrics: This metric group represents the intrinsic characteristics of a Vulnerability that are constant over time but not across user environments.
CVSS v4.0 is available only through the MATI API. See Threat Intelligence API v4 for more information.
Mandiant Vulnerability Intelligence occasionally modifies CVSS scores when the intelligence Mandiant collects differs from the NVD's understanding. Therefore, you may see a different CVSS score listed in MATI than you see elsewhere, because our analysts have curated the CVSS score to accurately reflect Mandiant-specific intelligence.
Mandiant Advantage Attack Surface Management (MA-ASM) does not leverage the MATI-curated CVSS scores.