Introduce CVSS data
rxerium opened this issue · comments
Rishi commented
Hey again,
I think it would be very useful if CVEMAP provided the following data:
Generally this would be helpful information. One of the use cases for me would be to filter vulnerabilities by user-interaction
set to none
as this would allow me to create a list of CVEs from which I can start creating templates for.
Many thanks,
Rishi
Sandeep Singh commented
for 1) echo CVE-2023-43770 | cvemap -j
it's already available in JSONL.
for 2) there is dedicated filter for it.
cvemap -h re
Navigate the CVE jungle with ease.
Usage:
cvemap [flags]
Flags:
-re, -remote display remotely exploitable cves (AV:N & PR:N | PR:L) (default true)
Rishi commented
thanks @ehsandeep!
While yes, I could read this from CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
wouldn't it be easier to read if it were listed as shown on the NVD NIST page?
- I did see that but I feel
UI:N
would be useful too as the majority of vulns I'm looking at that require user interaction I can't create a template/script to detect if its vulnerable for them. Is this possible to filter for this within CVEMAP?