Data Theorem's CVSS scoring system leverages the Results API and generates a score for each issue, based on the type of issue, its severity, exploit-ability, etc. Below are the details on how the scoring works:
- Severity
- Critical (P1)
- High
- Medium
- Low
- Exploitability
- Hard
- Moderate
- Easy
- Issue Type
- Data At-Rest Exposure
- Data In-Transit Exposure
- Data Loss to Attackers
- Data Exposure to Third Party Apps
- Unauthorized Data Collection
Script
To generate the CVSS score for a specific finding returned by the Results API and Data Theorem's Python client, use the following Python script:
...
| language | py |
|---|
...
CVSS scores for each issue are directly available from the the Results API, when fetching the security findings.
The following fields can be used and are referenced within the API documentation:
- cvss_score
- cvss_vector