๐ Exploitability Metrics
๐ Attack Vector (AV)How the vulnerability is exploited
๐งฉ Attack Complexity (AC)Conditions beyond attacker's control
๐ Privileges Required (PR)Level of access needed before attack
๐ฅ User Interaction (UI)Human user participation required
๐ฏ Scope & Impact
๐ Scope (S)Impact beyond vulnerable component
๐ Confidentiality Impact (C)Information disclosure impact
โ๏ธ Integrity Impact (I)Data modification impact
โก Availability Impact (A)Service disruption impact
โฑ๏ธ Temporal & Environmental
๐ป Exploit Code Maturity (E)Likelihood of successful exploitation
๐ง Remediation Level (RL)Availability of remediation
๐ Report Confidence (RC)Confidence in vulnerability existence
๐ Confidentiality Requirement (CR)Importance of confidentiality to organization
๐ก๏ธ Integrity Requirement (IR)Importance of integrity to organization
โก Availability Requirement (AR)Importance of availability to organization
๐ Environmental Metrics (Modified Base)
๐ Modified Attack Vector (MAV)Modified attack vector for environment
๐งฉ Modified Attack Complexity (MAC)Modified attack complexity for environment
๐ Modified Privileges Required (MPR)Modified privileges required for environment
๐ฅ Modified User Interaction (MUI)Modified user interaction for environment
๐ Modified Scope (MS)Modified scope for environment
๐ Modified Confidentiality (MC)Modified confidentiality impact for environment
โ๏ธ Modified Integrity (MI)Modified integrity impact for environment
โก Modified Availability (MA)Modified availability impact for environment
