30Kas
Vulnerable Components CVSS Score
How do you map vulnerable components' CVSS scores? Do you use the CVE CVSS score? Do you calculate again?
For example: A host is using a component that has a CVE for a high vulnerability.
Do you report it as a HIGH vulnerability (like the CVE) or do you take another approach?