I scanned one system by using two Greenbone Security Assistant(GSA) after updating the vulnerability DB.
One is version 22.5 of GSA installed on one Kali Linux server
and another is version 20.8.1 of GSA installed on another Kali Linux server.
After scanning it, the following vulnerability was detected in both versions.
NVT: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS OID: 18.104.22.168.4.1.25622.214.171.124031
However, CVSS was different as follows.
Version 22.5: CVSS 7.5 (High)
Version 20.8.1: CVSS 5.0 (Medium)
It seems Version 20.8.1’s CVSS looks correct from the following page.
The question is : The reason why the CVSS is different depending on the version, and which CVSS is correct.