U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVSS Version 2.0

Common Vulnerability Scoring System Calculator CVE-2016-4902

Source: NIST

This page shows the components of a CVSS assessment and allows you to refine the resulting CVSS score with additional or different metric values. Please read the CVSS standards guide to fully understand how to assess vulnerabilities using CVSS and to interpret the resulting scores. The scores are computed in sequence such that the Base Score is used to calculate the Temporal Score and the Temporal Score is used to calculate the Environmental Score.

As of July 13th, 2022, the NVD no longer generates new information for CVSS v2.0. Existing CVSS v2.0 information will remain in the database but the NVD will no longer actively populate CVSS v2.0 for new CVEs. This change comes as CISA policies that rely on NVD data fully transition away from CVSS v2.0. NVD analysts will continue to use the reference information provided with the CVE and any publicly available information at the time of analysis to associate Reference Tags, CVSS v3.1, CWE, and CPE Applicability statements.

CVSS Base Score:
Impact Subscore:
Exploitability Subscore:
CVSS Temporal Score:
CVSS Environmental Score:
Modified Impact Subscore:
Overall CVSS Score:

CVSS v2.0 Vector

Base Score Metrics

Exploitability Metrics
Access Vector (AV)*
Access Complexity (AC)*
Authentication (Au)*
Impact Metrics
Confidentiality Impact (C)*
Integrity Impact (I)*
Availability Impact (A)*

Temporal Score Metrics

Exploitability (E)
Remediation Level (RL)
Report Confidence (RC)

Environmental Score Metrics

General Modifiers
Collateral Damage Potential (CDP)
Target Distribution (TD)
Impact Subscore Modifiers
Confidentiality Requirement (CR)
Integrity Requirement (IR)
Availability Requirement (AR)