The Risk Score is a metric that accurately represents the risk of a given vulnerability in your data center. It does so by combining CVSS information with proprietary threat data and advanced modeling from Kenna Security.

Measures of Risk

Carbon Black Cloud partners with Kenna Security to leverage the largest database of vulnerability, exploit, and event threat data in the industry. This data is distilled into three main measures of risk:

  • Active Internet Breach: Presence of a near-real-time exploitation.
  • Malware Exploitable: Availability of an exploit module in a weaponized exploit kit.
  • Easily Exploitable: Availability of a recorded exploit.

There are few metrics defined for Common Vulnerability Scoring System (CVSS). Few of the metrics are about the attack method itself, whereas the others depend on how the application assesses impact - the direct consequence of a successful exploit. To learn more about CVSS, visit

Risk Score

Every vulnerability is assigned a risk score of between 0.0 (no risk) and 10.0 (maximum risk). The risk score range and severity are defined as follows.
Score Range Severity
0.0–3.9 Low
4.0–6.9 Moderate
7.0–8.9 Important
9.0–10.0 Critical

To learn more about how the risk is calculated, refer the Kenna Security documentation available at