Rescore all vulnerabilities for a product version

As you know, the base CVSS score isn't tailored to your particular product's environment and usage. To ensure that you're spending your limited time resolving the vulnerabilities that matter most to your company, patient safety and your bottom line, you can create and apply rescore profiles to your various product versions.

Automatically update CVSS temporal metrics across product version

While applying a rescore profile to rescore all vulnerabilities across a product version, you can eliminate the need to manually track and update any exploitability changes, which are reflected in the CVSS v3 Temporal metrics. If there is any change to the metrics of Exploit Code Maturity, Remediation Level, and/or Report Confidence, your vulnerabilities will be automatically rescored based on this updated data.

After setting the Temporal and Environmental metrics that apply to particular product version, you can preview a sample of vulnerabilities to see how this will impact their scores, as well as how many vulnerabilities will be rescored. You can then apply it all vulnerabilities associated with this version.

Rescore all vulnerabilities in a product version

I haven't applied any rescore profile yet
  1. In the product/version selection bar, click the Rescore drop-down link > Create rescore profile. This will display the Create rescore profile panel.

  2. Specify a profile name and description.

  3. Click the Temporal score section to expand it. If you've used the CVSS 3.1 calculator before, our rescoring calculator should look very familiar!

  4. Select any Temporal metric values you'd like to apply across the product version.

  5. Click the Environmental score section to expand it.

  6. Select any Environmental metric value changes you'd like to apply across the product version.

  7. Click the Preview vulnerabilities tab to view a sample of five vulnerabilities to assess how the rescoring will impact them.

  8. On the Save & apply button, you'll see the number of vulnerabilities associated with this product version (Save & apply to x vulnerabilities). Click Save & apply x vulnerabilities. You'll see a success message and will also see a new Rescore column with the rescored CVSS value for each vulnerability.

I've already applied a rescore profile to this product version
  1. In the product/version selection bar, click the Rescore drop-down link > Edit rescore profile. This will display the Edit rescore profile panel.

  2. Specify a profile name and description for the copy.

  3. Click the Temporal score section to expand it. If you've used the CVSS 3.1 calculator before, our rescoring calculator should look very familiar!

  4. Select any Temporal metric values you'd like to apply across the product version.

  5. Click the Environmental score section to expand it.

  6. Select any Environmental metric value changes you'd like to apply across the product version.

  7. Click the Preview vulnerabilities tab to view a sample of five vulnerabilities to assess how the rescoring will impact them.

  8. On the Save & apply button, you'll see the number of vulnerabilities associated with this product version (Save & apply to x vulnerabilities). Click Save & apply x vulnerabilities. You'll see a success message and will also see an updated score in the Rescore column for each vulnerability.

Streamline vulnerability management

Enabling this auto-update feature streamlines your vulnerability management processes, reduces manual effort, and ensures your CVSS severity scores are accurate and up-to-date:

  • Reduced effort: Save time and effort spent manually tracking and updating these metrics for each vulnerability.

  • Improved accuracy: Ensure that the CVSS Temporal metrics accurately reflect your vulnerabilities' current state, reducing the risk of human error during manual updates.

  • Simplified tracking: Eliminate the need to add information to the Evidence field for manual changes to these metrics.

Enable or disable automatic update of exploitability changes:

You can enable or disable the auto-updating of these Temporal exploitability metrics either while you're creating or editing a rescore profile. To do so:

  1. Select the product and version, then click the Rescore drop-down button.

  2. Choose the Edit rescore profile option. This will display the rescore panel.

  3. In the Temporal section, toggle the Auto-update this vulnerability with exploitability changes switch. If you enable auto-update, the Temporal score metrics will become read-only, as they will be automatically updated based on exploitability changes. You can still individually rescore any vulnerability associated with this product, if desired. Note that the last change to a vulnerability, whether by a rescore profile or an individual rescore, will take precedence.

  4. Click Save and apply changes.

Last updated

© Copyright MedCrypt 2024, All rights reserved.

#294: EOL release docs

Change request updated