cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7839
Views
0
Helpful
3
Replies

OpenVuln API - CVSS vector string

justaylo
Cisco Employee
Cisco Employee

Team,

 

Is is possible to pull the CVSS vector string from the OpenVuln API?  The strings are available in the CVRF downloads for the individual advisories, but I'm not seeing it in the API.

 

An example is the CVRF download of CVE-2018-15408.  When I download the XML, I get the following CVSS vector string - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</VectorV3>
      </ScoreSetV3>

But when I call https://api.cisco.com/security/advisories/cvrf/cve/CVE-2018-15408, the above vector string is not included in the output.

 

Is there a way to pull this information via API?

 

Thanks in advance for your guidance,

Justin

3 Replies 3

Omar Santos
Cisco Employee
Cisco Employee

Hi Justin,

 

The CVSS vector is not displayed by default in the JSON.  We are tracking this as a future enhancement. However, it can be extracted from the CVRF file:
 
 
 <CVSSScoreSets>
   <ScoreSetV3>
      <BaseScoreV3>7.8</BaseScoreV3
 <VectorV3>CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</VectorV3>
      </ScoreSetV3>
    </CVSSScoreSets>
 

Thanks Omar.

 

Having the capability in the OpenVuln API would be a useful feature enhancement as my customer parses directly against the CVSS vector string for scoring. 

Any update on this feature request? It would be pretty useful to not have to make another call (or process XML)