Currently in the field of information security vulnerabilities are found affecting the assets or implemented controls and which can be exploited by external or internal threats, which set a security risk that exposes organizations in its most important asset, information. In this paper, a detailed description of the CVSS (Common Vulnerability Score System) as an open standard and free use to estimate the impact generated by the presence of vulnerabilities in a computer system by quantifying the severity and allowing decision making from the organization for the treatment of risk to an acceptable level.
