Base score calculation

The base score is calculated using the following attributes that are assigned to each check:

See Check risk attributes.

The formula that is used to calculate the base score is as follows:

Base score = round_to_1_decimal (((0.6*Impact) + (0.4*Exploitability) - 1.5) * f(Impact))

The Impact, Exploitability, and the f(Impact) values in the base score formula are calculated from the check attributes as follows:

Impact = 10.41 * (1- (1-Confidentiality Impact) * (1-Integrity Impact) * (1-Availability Impact))

Exploitability = 20 * (Access Vector) * (Access Complexity) * (Authentication)

f(impact) = 0 if Impact = 0, f(impact) = 1.176 if Impact is not equal to 0.

The range of the base score values is from 0.0-10.0.

More Information

About risk calculations