The formula that is used to calculate the base score is as follows:
Base score = round_to_1_decimal (((0.6*Impact) + (0.4*Exploitability) - 1.5) * f(Impact))
The Impact, Exploitability, and the f(Impact) values in the base score formula are calculated from the check attributes as follows:
Impact = 10.41 * (1- (1-Confidentiality Impact) * (1-Integrity Impact) * (1-Availability Impact))
Exploitability = 20 * (Access Vector) * (Access Complexity) * (Authentication)
f(impact) = 0 if Impact = 0, f(impact) = 1.176 if Impact is not equal to 0.
More Information