nist-gov/nvd.nist.gov/general/news/retire-cvss-v2

<!DOCTYPE html>

<html lang="en">
<head>



<title>Retirement of CVSS v2</title>

<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv="content-style-type" content="text/css" />
<meta http-equiv="content-script-type" content="text/javascript" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />


<link href="/site-scripts/font-awesome/css/font-awesome.min.css"
	type="text/css" rel="stylesheet" />
<link href="/site-media/bootstrap/css/bootstrap.min.css"
	type="text/css" rel="stylesheet" />
<link href="/site-media/bootstrap/css/bootstrap-theme.min.css"
	type="text/css" rel="stylesheet" />
<link
	href="/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css"
	type="text/css" rel="stylesheet" />


<link href="/site-media/css/nist-fonts.css" type="text/css"
	rel="stylesheet" />
<link href="/site-media/css/base-style.css" type="text/css"
	rel="stylesheet" />
<link href="/site-media/css/media-resize.css" type="text/css"
	rel="stylesheet" />


<meta name="theme-color" content="#000000">


<script src="/site-scripts/jquery/dist/jquery.min.js"
	type="text/javascript"></script>
<script src="/site-scripts/jquery-visible/jquery.visible.min.js"
	type="text/javascript"></script>
<script src="/site-scripts/underscore/underscore-min.js"
	type="text/javascript"></script>
<script src="/site-media/bootstrap/js/bootstrap.js"
	type="text/javascript"></script>
<script src="/site-scripts/moment/min/moment.min.js"
	type="text/javascript"></script>
<script
	src="/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js"
	type="text/javascript"></script>


<script src="/site-media/js/megamenu.js" type="text/javascript"></script>
<script src="/site-media/js/nist-exit-script.js"
	type="text/javascript"></script>
<script src="/site-media/js/forms.js" type="text/javascript"></script>

<script
	src="/site-media/js/federated-analytics.all.min.js?agency=NIST&amp;subagency=nvd&amp;pua=UA-37115410-41&amp;yt=true"
	type="text/javascript" id="_fed_an_js_tag"></script>

<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-4KKFZP12LQ"></script>
<script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-4KKFZP12LQ'); </script>


<style id="antiClickjack">
body>* {
	display: none !important;
}

#antiClickjack {
	display: block !important;
}
</style>
<noscript>
	<style id="antiClickjackNoScript">
body>* {
	display: block !important;
}

#antiClickjack {
	display: none !important;
}
</style>
</noscript>
<script type="text/javascript" id="antiClickjackScript">
	if (self === top) {
		// no clickjacking
		var antiClickjack = document.getElementById("antiClickjack");
		antiClickjack.parentNode.removeChild(antiClickjack);
	} else {
		setTimeout(tryForward(), 5000);
	}

	function tryForward() {
		top.location = self.location;
	}
</script>
<meta charset="UTF-8">

<link href="/site-media/css/nvd-style.css" type="text/css"
	rel="stylesheet" />
<link href="/site-media/images/favicons/apple-touch-icon.png"
	rel="apple-touch-icon" type="image/png" sizes="180x180" />
<link href="/site-media/images/favicons/favicon-32x32.png"
	rel="icon" type="image/png" sizes="32x32" />
<link href="/site-media/images/favicons/favicon-16x16.png"
	rel="icon" type="image/png" sizes="16x16" />
<link href="/site-media/images/favicons/manifest.json"
	rel="manifest" />
<link href="/site-media/images/favicons/safari-pinned-tab.svg"
	rel="mask-icon" color="#000000" />
<link href="/site-media/images/favicons/favicon.ico"
	rel="shortcut icon" />
<meta name="msapplication-config" content="/site-media/images/favicons/browserconfig.xml" />
<link href="/site-media/images/favicons/favicon.ico"
	rel="shortcut icon" type="image/x-icon" />
<link href="/site-media/images/favicons/favicon.ico" rel="icon"
	type="image/x-icon" />
<meta charset="UTF-8">

</head>
<body>
	<header role="banner" title="Site Banner">
		<div id="antiClickjack" style="display: none">
			<h1>You are viewing this page in an unauthorized frame window.</h1>
			<p>
		This is a potential security issue, you are being redirected to 
		<a href="https://nvd.nist.gov">https://nvd.nist.gov</a>
	</p>
		</div>
		<div>
		<section class="usa-banner" aria-label="Official government website">
		    <div class="usa-accordion container">
		        <header class="usa-banner__header">
		            <noscript>
		                <p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p>
		            </noscript>
		            <img class="usa-banner__header-flag" 
		            	src="/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag">
		            &nbsp;
		            <span class="usa-banner__header-text">An official website of the United States government</span>
		
		            <button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="false" aria-controls="gov-banner">
		                <span class="usa-banner__button-text">Here's how you know</span>
		            </button>
		        </header>
		        <div class="usa-banner__content usa-accordion__content collapse" role="tabpanel" id="gov-banner" aria-expanded="true">
		            <div class="row">
		                <div class="col-md-5 col-sm-12">
		                    <div class="row">
		                        <div class="col-sm-2 col-xs-3">
		                            <img class="usa-banner__icon usa-media-block__img" 
		                            	src="/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov">
		                        </div>
		                        <div class="col-sm-10 col-xs-9">
		                            <p>
		                                <strong>Official websites use .gov</strong>
		                                <br>
		                                A <strong>.gov</strong> website belongs to an official government organization in the United States.
		                            </p>
		                        </div>
		                    </div>
		                </div>
		                <div class="col-md-5 col-sm-12">
		                    <div class="row">
		                        <div class="col-sm-2 col-xs-3">
		                            <img class="usa-banner__icon usa-media-block__img" 
		                            	src="/site-media/images/usbanner/icon-https.svg" alt="Https">
		                        </div>
		                        <div class="col-sm-10 col-xs-9">
		                        <p>
		                            <strong>Secure .gov websites use HTTPS</strong>
		                            <br>
		                            A <strong>lock</strong> (<img class="usa-banner__lock" 
		                            	src="/site-media/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
		                        </p>
		                        </div>
		                    </div>
		                </div>
		            </div>
		        </div>
		    </div>
		</section>
	</div>
		<div>
		<div>
	<nav id="navbar" class="navbar">
		<div id="nist-menu-container" class="container">
			<div class="row">
				<!-- Brand -->
				<div class="col-xs-6 col-md-4 navbar-header"
					style="height:104px">
					<a class="navbar-brand" 
						href="https://www.nist.gov" 
						target="_blank" rel="noopener noreferrer"
						id="navbar-brand-image"
						style="padding-top: 36px">

						<img alt="National Institute of Standards and Technology" 
										src="/site-media/images/nist/nist-logo.svg" 
										width="110" height="30">
					</a>
				</div>
				<div class="col-xs-6 col-md-8 navbar-nist-logo">
					<span id="nvd-menu-button" class="pull-right" style="margin-top: 26px"> <a href="#">
							<span class="fa fa-bars"></span> <span id="nvd-menu-full-text"><span
								class="hidden-xxs">NVD </span>MENU</span>
					</a>
					</span>
				</div>
			</div>
		</div>

		<div class="main-menu-row container">
			<!-- Collect the nav links, forms, and other content for toggling -->
			<div id="main-menu-drop" class="col-lg-12" style="display: none;">
				<ul>

					<li><a href="/general"> General <span
							class="expander fa fa-plus" id="nvd-header-menu-general"
							data-expander-name="general" data-expanded="false"> <span
								class="element-invisible">Expand or Collapse</span>
						</span>
					</a>
						<div style="display: none;" class="sub-menu"
							data-expander-trigger="general">
							<div class="row">
								<div class="col-lg-4">
									<p>
										<a href="/general/nvd-dashboard">NVD Dashboard</a>
									</p>
									<p>
										<a href="https://www.nist.gov/itl/nvd">News and Status Updates</a>
									</p>
								</div>
								<div class="col-lg-4">
									<p>
										<a href="/general/faq">FAQ</a>
									</p>
								</div>
								<div class="col-lg-4">
									<p>
										<a href="/general/visualizations">Visualizations</a> 
									</p>
									<p>
										<a href="/general/legal-disclaimer">Legal Disclaimer</a> 
									</p>
								</div>
							</div>
						</div></li>
					<li><a href="/vuln"> Vulnerabilities <span
							class="expander fa fa-plus"
							id="nvd-header-menu-vulnerabilities"
							data-expander-name="vulnerabilities" data-expanded="false">
								<span class="element-invisible">Expand or Collapse</span>
						</span>
					</a>
						<div style="display: none;" class="sub-menu"
							data-expander-trigger="vulnerabilities">
							<div class="row">
								<div class="col-lg-4">
									<p>
										<a href="/vuln/search">Search &amp; Statistics</a>
									</p>
									<p>
										<a href="/vuln/categories">Weakness Types</a>
									</p>
								</div>
								<div class="col-lg-4">
									<p>
										<a href="/vuln/data-feeds">Legacy Data Feeds</a>
									</p>
									<p>
										<a href="/vuln/vendor-comments">Vendor Comments</a>
									</p>
								</div>
								<div class="col-lg-4">
									<p>
										<a href="/vuln/cvmap">CVMAP</a>
									</p>
								</div>
							</div>
						</div></li>
					<li><a href="/vuln-metrics/cvss#"> Vulnerability Metrics <span
							class="expander fa fa-plus" id="nvd-header-menu-metrics"
							data-expander-name="metrics" data-expanded="false"> <span
								class="element-invisible">Expand or Collapse</span>
						</span>
					</a>
						<div style="display: none;" class="sub-menu"
							data-expander-trigger="metrics">
							<div class="row">
								<div class="col-lg-4">
									<p>
										<a href="/vuln-metrics/cvss/v4-calculator">CVSS v4.0
											Calculators</a>
									</p>
								</div>
								<div class="col-lg-4">
									<p>
										<a href="/vuln-metrics/cvss/v3-calculator">CVSS v3.x
											Calculators</a>
									</p>
								</div>
								<div class="col-lg-4">
									<p>
										<a href="/vuln-metrics/cvss/v2-calculator">CVSS v2.0
											Calculator</a>
									</p>

								</div>
							</div>
						</div></li>
					<li><a href="/products"> Products <span
							class="expander fa fa-plus" id="nvd-header-menu-products"
							data-expander-name="products" data-expanded="false"> <span
								class="element-invisible">Expand or Collapse</span>
						</span>
					</a>
						<div style="display: none;" class="sub-menu"
							data-expander-trigger="products">
							<div class="row">
								<div class="col-lg-4">
									<p>
										<a href="/products/cpe">CPE Dictionary</a>
									</p>
									<p>
										<a href="/products/cpe/search">CPE Search</a>
									</p>

								</div>
								<div class="col-lg-4">
									<p>
										<a href="/products/cpe/statistics">CPE Statistics</a>
									</p>
									<p>
										<a href="/products/swid">SWID</a>
									</p>

								</div>
								<div class="col-lg-4"></div>
							</div>
						</div></li>
					<li>
						<a href="/developers">Developers<span
								class="expander fa fa-plus" id="nvd-header-menu-developers"
								data-expander-name="developers" data-expanded="false"> <span
									class="element-invisible">Expand or Collapse</span>
							</span>
						</a>
						<div style="display: none;" class="sub-menu"
							data-expander-trigger="developers">
							<div class="row">
								<div class="col-lg-4">
									<p>
										<a href="/developers/start-here">Start Here</a>
									</p>
									<p>
										<a href="/developers/request-an-api-key">Request an API Key</a>
									</p>

								</div>
								<div class="col-lg-4">
									<p>
										<a href="/developers/vulnerabilities">Vulnerabilities</a>
									</p>
									<p>
										<a href="/developers/products">Products</a>
									</p>

								</div>
								<div class="col-lg-4">
									<p>
										<a href="/developers/data-sources">Data Sources</a>
									</p>
									<p>
										<a href="/developers/terms-of-use">Terms of Use</a>
									</p>
								</div>
							</div>
						</div>
					</li>
					<li><a href="/contact"> Contact NVD </a></li>
					<li><a href="/other"> Other Sites <span
							class="expander fa fa-plus" id="nvd-header-menu-othersites"
							data-expander-name="otherSites" data-expanded="false"> <span
								class="element-invisible">Expand or Collapse</span>
						</span>
					</a>
						<div style="display: none;" class="sub-menu"
							data-expander-trigger="otherSites">
							<div class="row">
								<div class="col-lg-4">
									<p>
										<a href="https://ncp.nist.gov">Checklist (NCP) Repository</a>
									</p>
									<p>
										<a href="https://ncp.nist.gov/cce">Configurations (CCE)</a>
									</p>
									<p>
										<a href="https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a>
									</p>
								</div>
								<div class="col-lg-4">
									<p>
										<a
											href="https://csrc.nist.gov/projects/scap-validation-program">SCAP
											Validated Tools</a>
									</p>
									<p>
										<a
											href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a>
									</p>
								</div>
								<div class="col-lg-4">
									<p>
										<a
											href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a>
									</p>
								</div>
							</div>
						</div></li>

					<li><a href="/search"> Search <span
							class="expander fa fa-plus" id="nvd-header-menu-search"
							data-expander-name="search" data-expanded="false"> <span
								class="element-invisible">Expand or Collapse</span>
						</span>
					</a>
						<div style="display: none;" class="sub-menu"
							data-expander-trigger="search">
							<div class="row">
								<div class="col-lg-4">
									<p>
										<a href="/vuln/search">Vulnerability Search</a>
									</p>
								</div>
								<div class="col-lg-4">
									<p>
										<a href="/products/cpe/search">CPE Search</a>
									</p>
								</div>
							</div>
						</div></li>




				</ul>
			</div>
			<!-- /#mobile-nav-container -->
		</div>

	</nav>
	<section id="itl-header" class="has-menu">
		<div class="container">
			<div class="row">
				<div class="col-sm-12 col-md-8">
					<h2 class="hidden-xs hidden-sm">
						<a href="https://www.nist.gov/itl" target="_blank" rel="noopener noreferrer">Information Technology Laboratory</a>
					</h2>
			 		<h1 class="hidden-xs hidden-sm">
						<a id="nvd-header-link"
						  href="/">National Vulnerability Database</a>
					</h1>
					<h1 class="hidden-xs text-center hidden-md hidden-lg"
						>National Vulnerability Database</h1>
					<h1 class="hidden-sm hidden-md hidden-lg text-center"
						>NVD</h1>
				
				</div>
				<div class="col-sm-12 col-md-4">
					<a style="width: 100%; text-align: center; display: block;padding-top: 14px">
						<img id="img-logo-nvd-lg" 
							alt="National Vulnerability Database" 
							src="/site-media/images/F_NIST-Logo-NVD-white.svg" 
							width="500" height="100">
					</a>
				</div>
			</div>
		</div>
	</section>

		
</div>
	</div>
	</header>
	<main>
		<div>
		<div id="body-section" class="container">
			
			<div>

		<div id="akfIntro">
			<h2>Retirement of CVSS v2</h2>
			<p>		
				As of July 13th, 2022, the NVD will no longer generate Vector Strings, Qualitative 
				Severity Ratings, or Severity Scores for CVSS v2.  Existing CVSS v2 information 
				will remain in the database but the NVD will no longer actively populate CVSS v2 for 
				new CVEs. This change comes as CISA policies that rely on NVD data fully transition 
				away from CVSS v2. 
			</p>
			<p>
				NVD analysts will continue to use the reference information provided with the CVE 
				and any publicly available information at the time of analysis to associate Reference 
				Tags, CVSS v3.1, CWE, and CPE Applicability statements. 
			</p>
			<p>
				CVSS is the result of collaboration between dozens of security professionals, 
				representing commercial, non-commercial and academic sectors.  Version 2 has been 
				included in the NVD since 2007; versions 3.0 and 3.1 have been included in the NVD 
				since their release in 2015 and 2019, respectively.  Led by FIRST’s
				<a href="https://www.first.org/cvss/">CVSS-SIG team</a>, work is already underway 
				to develop CVSS v4. The NVD expects to begin introducing components of CVSS 
				v4 in 2023.  
			</p>
			<p>
			    V/r,
			</p>
			<p>
			    The National Vulnerability Database Team
			</p>
		</div>
	</div>
		</div>
	</div>
	</main>
	<footer id="footer" role="contentinfo">
		<div class="container">

			<div class="row">
				<div class="col-sm-12">
					<ul class="social-list pull-right">
						<li class="field-item service-twitter list-horiz"><a
							href="https://twitter.com/NISTCyber" target="_blank" rel="noopener noreferrer"
							class="social-btn social-btn--large extlink ext"> <i
								class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span
								class="ext"><span class="element-invisible"> (link
										is external)</span></span>
						</a></li>
						<li class="field-item service-facebook list-horiz"><a
							href="https://www.facebook.com/NIST" target="_blank" rel="noopener noreferrer"
							class="social-btn social-btn--large extlink ext"> <i
								class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span
								class="ext"><span class="element-invisible"> (link
										is external)</span></span></a></li>
						<li class="field-item service-linkedin list-horiz"><a
							href="https://www.linkedin.com/company/nist" target="_blank" rel="noopener noreferrer"
							class="social-btn social-btn--large extlink ext"> <i
								class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span
								class="ext"><span class="element-invisible"> (link
										is external)</span></span></a></li>
						<li class="field-item service-youtube list-horiz"><a
							href="https://www.youtube.com/user/USNISTGOV" target="_blank" rel="noopener noreferrer"
							class="social-btn social-btn--large extlink ext"> <i
								class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span
								class="ext"><span class="element-invisible"> (link
										is external)</span></span></a></li>
						<li class="field-item service-rss list-horiz"><a
							href="https://www.nist.gov/news-events/nist-rss-feeds"
							target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink">
								<i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i>
						</a></li>
						<li class="field-item service-govdelivery list-horiz last"><a
							href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3"
							target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext">
								<i class="fa fa-envelope fa-fw"><span
									class="element-invisible">govdelivery</span></i><span class="ext"><span
									class="element-invisible"> (link is external)</span></span>
						</a></li>
					</ul>
					<span class="hidden-xs"> <a
						title="National Institute of Standards and Technology" rel="home"
						class="footer-nist-logo"> <img
							src="/site-media/images/nist/nist-logo.png"
							alt="National Institute of Standards and Technology logo" />
					</a>
					</span>
				</div>
			</div>
			<div class="row hidden-sm hidden-md hidden-lg">
				<div class="col-sm-12">
					<a href="https://www.nist.gov"
						title="National Institute of Standards and Technology" rel="home"
						target="_blank" rel="noopener noreferrer" class="footer-nist-logo"> <img
						src="/site-media/images/nist/nist-logo.png"
						alt="National Institute of Standards and Technology logo" />
					</a>
				</div>
			</div>

			<div class="row footer-contact-container">
				<div class="col-sm-6">
					<strong>HEADQUARTERS</strong>
					<br>
					100 Bureau Drive
					<br>
					Gaithersburg, MD 20899
					<br>
					<a href="tel:301-975-2000">(301) 975-2000</a>
					<br>
					<br>
					<a href="mailto:nvd@nist.gov">Webmaster</a> | <a
						href="https://www.nist.gov/about-nist/contact-us">Contact Us</a>
					| <a href="https://www.nist.gov/about-nist/visit"
						style="display: inline-block;">Our Other Offices</a>
				</div>
				<div class="col-sm-6">
					<div class="pull-right"
						style="text-align:right">
						<strong>Incident Response Assistance and Non-NVD Related<br>Technical Cyber Security Questions:</strong>
						<br>
						US-CERT Security Operations Center
						<br> Email: <a href="mailto:soc@us-cert.gov">soc@us-cert.gov</a>
						<br> Phone:	1-888-282-0870
					</div>
				</div>
			</div>

			<div class="row">
			    <nav title="Footer Navigation" role="navigation"
			    	 class="row footer-bottom-links-container">
			    <!-- https://github.com/usnistgov/nist-header-footer/blob/nist-pages/boilerplate-footer.html -->
      				<p>
			          <a href="https://www.nist.gov/oism/site-privacy">Site Privacy</a>
			        |
			          <a href="https://www.nist.gov/oism/accessibility">Accessibility</a>
			        |
			          <a href="https://www.nist.gov/privacy">Privacy Program</a>
			        |
			          <a href="https://www.nist.gov/oism/copyrights">Copyrights</a>
			        |
			          <a href="https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a>
			        |
			          <a href="https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a>
			        |
			          <a href="https://www.nist.gov/foia">FOIA</a>
			        |
			          <a href="https://www.nist.gov/environmental-policy-statement">Environmental Policy</a>
					|
			          <a href="https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a>
			        |
			          <a href="https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a>
			        |
			          <a href="https://www.commerce.gov/">Commerce.gov</a>
			        |
			          <a href="https://www.science.gov/">Science.gov</a>
			        |
			          <a href="https://www.usa.gov/">USA.gov</a>
            		</p>
    			</nav>
			</div>
		</div>
	</footer>
</body>
</html>