Re: OpenVuln API - CVSS vector string

justaylo · ‎10-15-2018

Team,

Is is possible to pull the CVSS vector string from the OpenVuln API? The strings are available in the CVRF downloads for the individual advisories, but I'm not seeing it in the API.

An example is the CVRF download of CVE-2018-15408. When I download the XML, I get the following CVSS vector string - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</VectorV3>
</ScoreSetV3>

But when I call https://api.cisco.com/security/advisories/cvrf/cve/CVE-2018-15408, the above vector string is not included in the output.

Is there a way to pull this information via API?

Thanks in advance for your guidance,

Justin

Omar Santos · ‎10-16-2018

Hi Justin,

The CVSS vector is not displayed by default in the JSON. We are tracking this as a future enhancement. However, it can be extracted from the CVRF file:

 <CVSSScoreSets>
   <ScoreSetV3>
      <BaseScoreV3>7.8</BaseScoreV3
 <VectorV3>CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</VectorV3>
      </ScoreSetV3>
    </CVSSScoreSets>

justaylo · ‎10-16-2018

Thanks Omar.

Having the capability in the OpenVuln API would be a useful feature enhancement as my customer parses directly against the CVSS vector string for scoring.

Darren Parkinson · ‎04-11-2024

Any update on this feature request? It would be pretty useful to not have to make another call (or process XML)