Forum Discussion
CvssScore in "DeviceTvmSoftwareVulnerabilitiesKB" - What is it and is it accurate?
It is not clear what the "CvssScore" value represents. The description of the column states, including typo: "Severity score assigned to the security vulnerability under th Common Vulnerability Sco...
Bear in mind that CVSS v2 and v3 can differ by quite a bit for the same vulnerability. You don't mention which version is being used in the comparison. Tenable says CVSSv3 9.8 and CVSSv2 8.3 [https://www.tenable.com/plugins/nessus/174747] but I have seen other vulnerabilities differ by a score of 4 or more.
And I have muddled my temporal and base scores. For CVE-2023-27350 the correct scores are v2 base 10 temporal 8.3 and v3 base 9.8 temporal 9.1. Lots to choose from.