Skip to main content
Skip table of contents

Legacy Mend UI - Adding CVSS 3.x Severity to an Excel Spreadsheet

If you choose to Export to Excel via the Alerts > View By Vulnerability report, currently, the Severity column is using the CVSS 2.0 rating scale:

  • Low = 0.0-3.9

  • Medium = 4.0-6.9

  • High = 7.0-10.0

The CVSS 3.x ratings modify High = 7.0-8.9 and include the new Critical = 9.0-10.0: https://www.first.org/cvss/specification-document

Note that the CVSS column in the report contains CVSS 3.0 scores

If you want to include the CVSS 3.0 Severity in the Excel spreadsheet, you can do the following:

  1. Open the Mend User Interface

  2. Select Alerts -> View by Vulnerability

  3. Select Product and Project and click Apply

  4. Click Export -> Excel

  5. Open the Excel sheet and insert a new column next to the G column named "CVSS 3.0 Severity"

  6. Add the following formula into the first cell of the newly created column (assuming H2):

    CODE 
    =IF(I2>="9", "CRITICAL", G2)

    1. This is setting the Severity to Critical if the score is 9.0 and above, if less than 9.0 then it uses the Severity value from cell G2 (CVSS 2.0 range for High/Medium/Low)

    2. The “I2” value should be the cell with the numerical CVSS score in the same row, and the “G2” value should be the cell with the existing descriptive CVSS 2.0 score in the same row

  7. Double-click the square dot at the bottom right corner of the cell to expand the formula to all rows

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close