Top 5 This Week

Related Posts

CVSS v2 vs CVSS v3

Getting your Trinity Audio player ready...

Understanding CVSS: A Comparative Analysis of Versions 2 and 3



The Common Vulnerability Scoring System (CVSS) has been a cornerstone in vulnerability management for over a decade. This article provides a detailed CVSS Score Comparison, focusing on the transition from CVSSv2 to CVSSv3, and highlights the critical changes and implications for cybersecurity practitioners.

CVSS Evolution: From V1 to V3

The journey of CVSS began with the US National Infrastructure Advisory Council (NIAC) developing CVSSv1 in 2005, subsequently leading to CVSSv2 in 2007, and eventually evolving into CVSSv3 in 2015, with its latest iteration being CVSSv3.1 in 2019. Each version aimed to refine and enhance vulnerability assessment standards.

Shortcomings and Revisions in CVSSv2

CVSSv2, despite its wide adoption, faced criticism for requiring extensive knowledge of vulnerabilities’ impact and its inadequacy in differentiating various vulnerability types. This led to the development of CVSSv3, aimed at addressing these gaps.

Detailed CVSS Score Comparison Between v2 and v3

CVSSv3 introduced significant modifications in its scoring system, particularly in the Base and Environmental metric groups. Notable changes include the addition of User Interaction (UI) and Privileges Required (PR) metrics, and the introduction of Modified Base Scores in the Environmental group.

Scoring Scale Differences: v2 vs. v3

The qualitative severity ratings in CVSSv3 were expanded to five categories, as opposed to three in CVSSv2. This change in the scoring scale led to a notable increase in the average severity of vulnerabilities, as observed in various studies.


While CVSS Score Comparison reveals substantial advancements, CVSSv3 still has areas for improvement, particularly in data confidentiality impact ratings. It remains an essential tool in vulnerability management, providing a standardized language for discussing vulnerability severity.

For more insights on cybersecurity and CVSS scoring, explore related articles and resources on our website. Incorporate these scores thoughtfully in your infosec programs, considering the unique aspects of your organizational environment.

Cogeanu Marius
Cogeanu Marius
Marius Cogeanu is a distinguished IT consultant and cybersecurity virtuoso based in Prague, Czechia. With a rich 20-year journey in the IT realm, Marius has carved a niche in network security and technological solutions, adeptly harmonizing tech with business requirements. His experience spans from Kyndryl to IBM, and as a valued independent consultant, where he's renowned for his innovative approaches in enhancing business operations with cutting-edge tech.Marius's forte lies in demystifying complex IT concepts, ensuring clarity and alignment for stakeholders at all levels. His commitment to staying at the forefront of industry trends and seeking innovative solutions cements his status as a go-to expert in cybersecurity. Driven by a fervent passion for technology and its potential to revolutionize businesses, Marius thrives on tackling challenging ventures, applying his prowess in network design, IT service management, and strategic planning.Currently, Marius is focused on leading-edge IT project management, infrastructure design, and fortifying cybersecurity, guiding clients through the intricate digital landscape with unmatched expertise and insight.Discover more on


Please enter your comment!
Please enter your name here

Popular Articles