Comment by bigfatkitten
13 days ago
Vendor CVSS scores are always inherently meaningless because they can't take into account the factors specific to the user's environment.
Users need to do their own assessments.
13 days ago
Vendor CVSS scores are always inherently meaningless because they can't take into account the factors specific to the user's environment.
Users need to do their own assessments.
This comment over generalises the problem, but is inherently absurd. There are key indicators in scoring that explain the attack itself which isn't environment specific.
I do agree that in most cases the deployment specific configuration affects the ability to be exploited and users or developers should analyse their own configuration.