Changelog

Version	Date	Author	Change
0.1	1 December 2024	Christian Heinrich	Initial draft
0.2	1 December 2024	Christian Heinrich	QA

Known Issues

mkdocs does not render italics or align order lists to the left margin.

Standard	Version	Publisher	CVSS	CVSS Score (Min)	CVSS Score (Max)	Qualitative Severity Rating
Qualitative Severity Ratings		NIST	2	0.0	3.9	Low
Qualitative Severity Ratings		NIST	2	4.0	6.9	Medium
Qualitative Severity Ratings		NIST	2	7.0	10.0	High
Qualitative Severity Ratings		NIST	3	0.0	0.0	None
Qualitative Severity Ratings		NIST	3	0.1	3.9	Low
Qualitative Severity Ratings		NIST	3	4.0	6.9	Medium
Qualitative Severity Ratings		NIST	3	7.0	8.9	High
Qualitative Severity Ratings		NIST	3	9.0	10.0	Critical
Qualitative Severity Ratings		NIST	4	0.0	0.0	None
Qualitative Severity Ratings		NIST	4	0.1	3.9	Low
Qualitative Severity Ratings		NIST	4	4.0	6.9	Medium
Qualitative Severity Ratings		NIST	4	7.0	8.9	High
Qualitative Severity Ratings		NIST	4	9.0	10.0	Critical
PCI DSS	4.0.1	PCI SSC		4.0
ASV	v4.0r2	PCI SSC	3.1	0.0	3.9	Low
ASV	v4.0r2	PCI SSC	3.1	4.0	6.9	Medium
ASV	v4.0r2	PCI SSC	3.1	7.0	10.0	High

https://nvd.nist.gov/vuln-metrics/cvss

PCI DSS 4.0.1 Requirement 11.3.2.1 states "Vulnerabilities that are scored 4.0 or higher by the CVSS are resolved."

"ASVs must use CVSS version v3.1 for scoring vulnerabilites in their reports:"