topic Re: OpenVuln API - CVSS vector string in Services Discussions

OpenVuln API - CVSS vector string

justaylo — Mon, 15 Oct 2018 14:53:05 GMT

Team,

Is is possible to pull the CVSS vector string from the OpenVuln API? The strings are available in the CVRF downloads for the individual advisories, but I'm not seeing it in the API.

An example is the CVRF download of CVE-2018-15408. When I download the XML, I get the following CVSS vector string - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</VectorV3>
</ScoreSetV3>

But when I call https://api.cisco.com/security/advisories/cvrf/cve/CVE-2018-15408, the above vector string is not included in the output.

Is there a way to pull this information via API?

Thanks in advance for your guidance,

Justin

Re: OpenVuln API - CVSS vector string

Omar Santos — Tue, 16 Oct 2018 16:53:00 GMT

Hi Justin,

The CVSS vector is not displayed by default in the JSON. We are tracking this as a future enhancement. However, it can be extracted from the CVRF file:

 <CVSSScoreSets>
   <ScoreSetV3>
      <BaseScoreV3>7.8</BaseScoreV3
 <VectorV3>CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</VectorV3>
      </ScoreSetV3>
    </CVSSScoreSets>

Re: OpenVuln API - CVSS vector string

justaylo — Tue, 16 Oct 2018 17:49:30 GMT

Thanks Omar.

Having the capability in the OpenVuln API would be a useful feature enhancement as my customer parses directly against the CVSS vector string for scoring.

Re: OpenVuln API - CVSS vector string

Darren Parkinson — Thu, 11 Apr 2024 09:21:29 GMT

Any update on this feature request? It would be pretty useful to not have to make another call (or process XML😆)