The Common Vulnerability Scoring System (CVSS) provides a consistent way to score findings that can then be translated into a qualitative rating such as low, medium, high, and critical. This can help companies accurately evaluate and prioritize findings within their vulnerability management processes.

Scoring consists of three metric groups Base – access vector, access complexity, impact to CIA, etc. Temporal – exploitability, available remediation measure, vulnerability report confidence Environmental – collateral damage, target distribution, CIA impact

Learn more by reviewing the user guide: https://www.first.org/cvss/user-guide, the FAQ https://www.first.org/cvss/v2/faq, and the calculator https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator