CVSS stands for The Common Vulnerability Scoring System and is an industry open standard designed to convey vulnerability severity and risk. CVSS was commissioned by the National Infrastructure Advisory Council (NIAC) tasked in support of the global Vulnerability Disclosure Framework. It is currently maintained by FIRST (Forum of Incident Response and Security Teams).
We support CVSS Version 2 and CVSS Version 3.
CVSS standards - http://www.first.org/cvss/
CVSS Version 2 standards specification - https://www.first.org/cvss/v2/guide
CVSS Version 3 standards specification - https://www.first.org/cvss/v3.0/user-guide
CVSS Version 3.1 standards specification - https://www.first.org/cvss/v3.1/user-guide
Enable the CVSS Scoring feature within the VM application. Go to VM/VMDR > Reports > Setup > CVSS (Manager role is needed). Once enabled, CVSS values are displayed for confirmed and potential vulnerabilities (they are not shown for Information Gathered).