Introduce CVSS data

Question

Introduce CVSS data

rxerium opened this issue 3 months ago · comments

Hey again,

I think it would be very useful if CVEMAP provided the following data:

Generally this would be helpful information. One of the use cases for me would be to filter vulnerabilities by user-interaction set to none as this would allow me to create a list of CVEs from which I can start creating templates for.

Many thanks,

Rishi

Sandeep Singh · Answer 1 · Tue Mar 19 2024 00:36:51 GMT+0800 (China Standard Time)

for 1) echo CVE-2023-43770 | cvemap -j it's already available in JSONL.
for 2) there is dedicated filter for it.

cvemap -h re
Navigate the CVE jungle with ease.

Usage:
  cvemap [flags]

Flags:
   -re, -remote  display remotely exploitable cves (AV:N & PR:N | PR:L) (default true)

Rishi · Answer 2 · Tue Mar 19 2024 03:16:56 GMT+0800 (China Standard Time)

thanks @ehsandeep!

Currently its listed as:

While yes, I could read this from CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N wouldn't it be easier to read if it were listed as shown on the NVD NIST page?

I did see that but I feel UI:N would be useful too as the majority of vulns I'm looking at that require user interaction I can't create a template/script to detect if its vulnerable for them. Is this possible to filter for this within CVEMAP?