Is it possible to view the details of how a given CVSS score was calculated in the Qualys vulnerability management module? E.g. see parameters such as User Interaction and Attack Vector from CVSS v3.
Yes, as long as you have "Vulnerability Details" selected in the "Display Setting" for your report template. That should yield the following columns in your report:
CVSSCVSS BaseCVSS TemporalCVSS EnvironmentCVSS3CVSS3 BaseCVSS3 Temporal
Qualys isn't creating CVSS scores... They are just ingesting the data along with the cve info I believe.
If you want details about how scores are created in general: https://www.first.org/cvss/specification-document
Yes, but I was wondering if Qualys stored the data used for the CVSS calculation, or if it only has the "final" CVSS score available.
Hi All, derekv
I wanted add to this as I'm not able to see those scores even with enabled "Vulnerability Details":
Am I doing something wrong?
I have used Technical templated, tried creating my own report template, but there is no column named CVSS even in the PDF reports.
Got it - you need to enable it in the Setup.
GO to Reports, then Setup, then click on enable at the bottom.
Retrieving data ...