Monday , January 27 2025

FIRST CVSS 4.0
FIRST releases new vulnerability scoring system CVSS 4.0

infosecbulletin Thursday , November 2 2023 Hot Topic, International

The Forum of Incident Response and Security Teams (FIRST) has recently announced the release of CVSS v4.0, the latest version of the Common Vulnerability Scoring System (CVSS) standard. This update comes more than eight years after the release of CVSS v3.0 in June 2015.

Version 4.0 of CVSS aims to improve vulnerability assessment for both industry and the public, according to FIRST.

UnitedHealth confirms 190 million impacted by 2024 data breach

By infosecbulletin / Monday , January 27 2025
UnitedHealth confirmed that the ransomware attack on its Change Healthcare unit last February impacted about 190 million Americans, nearly double...
Read More
UnitedHealth confirms 190 million impacted by 2024 data breach

Registration Open For BCS CTF 2025

By infosecbulletin / Monday , January 27 2025
So, to test your cyber security skill, here is another chance to do that. Bangladesh computer society (BCS) is going...
Read More
Registration Open For BCS CTF 2025

New Ransomware Tactics Target VMware ESXi Via SSH Tunneling

By infosecbulletin / Sunday , January 26 2025
Sygnia's recent report highlights the changing strategies of ransomware groups targeting VMware ESXi appliances. These attackers exploit vital virtual infrastructure...
Read More
New Ransomware Tactics Target VMware ESXi Via SSH Tunneling

Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass

By infosecbulletin / Friday , January 24 2025
An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting...
Read More
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass

CISA Releases 6 ICS Advisories Detailing Security Issues

By infosecbulletin / Friday , January 24 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released 6 advisories for Industrial Control Systems (ICS), highlighting vulnerabilities in various...
Read More
CISA Releases 6 ICS Advisories Detailing Security Issues

Account Credentials for Security Vendors Found on Dark Web: Cyble Report

By infosecbulletin / Thursday , January 23 2025
# "While many leaked security credentials belong to customers, some exposed sensitive accounts suggest that security vendors too have been...
Read More
Account Credentials for Security Vendors Found on Dark Web: Cyble Report

Four Critical Ivanti CSA Vulnerabilities Exploited: CISA , FBI warns

By infosecbulletin / Thursday , January 23 2025
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory...
Read More
Four Critical Ivanti CSA Vulnerabilities Exploited: CISA , FBI warns

GitLab Releases Patch (CVE-2025-0314) for XSS Exploit

By infosecbulletin / Thursday , January 23 2025
GitLab has released update for high severity cross-site scripting (XSS) flaw. Versions 17.8.1, 17.7.3, and 17.6.4 for both Community Edition...
Read More
GitLab Releases Patch (CVE-2025-0314) for XSS Exploit

CVE-2025-20156
Cisco Fixes Meeting Management Allowing Privilege Escalation

By infosecbulletin / Thursday , January 23 2025
Cisco has released a security advisory concerning a critical privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management software. With a...
Read More
CVE-2025-20156 Cisco Fixes Meeting Management Allowing Privilege Escalation

Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack

By infosecbulletin / Wednesday , January 22 2025
Fortinet customers must apply the latest updates, as almost 50,000 management interfaces remain vulnerable to the latest zero-day exploit. The...
Read More
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack

CVSS is used to measure the severity of security vulnerabilities. It assigns a numerical score to each vulnerability, which can be translated into levels like low, medium, high, and critical. This helps organizations prioritize their vulnerability management.

In July 2019, an important update was made to CVSS v3.1. It highlighted that CVSS is meant to gauge the seriousness of a vulnerability and should not be the sole factor in evaluating risk.

CVSS v3.1 has received criticism for its scoring scale and for not properly representing health, human safety, and industrial control systems.

The new standard has added extra metrics to assess vulnerabilities. These metrics include Safety (S), Automatable (A), Recovery (R), Value Density (V), Vulnerability Response Effort (RE), and Provider Urgency (U).

It introduces new names for scoring CVSS. The new names are Base (CVSS-B), Base + Threat (CVSS-BT), Base + Environmental (CVSS-BE), and Base + Threat + Environmental (CVSS-BTE).

“The recommended approach is to emphasize that CVSS encompasses more than just the Base score, and this terminology should be employed whenever a numerical CVSS value is presented or conveyed.”

“The CVSS Base Score should be considered in conjunction with the analysis of the environment and attributes that may change over time.”

Check Also

D3FENDTM 1.0

MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology

MITRE launched D3FENDTM 1.0, a cybersecurity framework that provides a vocabulary and understanding of the …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin