For RHEL CVEs, why is there sometimes a difference between NVD and Red Hat CVSS base scores?
Environment
- Red Hat Enterprise Linux (RHEL)
Issue
- For Red Hat CVEs, why is there sometimes a difference between NVD and Red Hat CVSS base scores?
Resolution
The following two links best describe why there is sometimes a difference between NVD and Red Hat CVSS base scores.
https://access.redhat.com/security/updates/classification/ at the bottom under "Differences Between NVD and Red Hat Scores"
https://access.redhat.com/blogs/766093/posts/CVSSv3/
Starting in June 2016 Red Hat Product Security began scoring vulnerabilities using the new CVSSv3 standard.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments