You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current implementation is still invalid for both CVSS v2 and v4.0.
CVSS v2.0
Vectors like AV:A/AC:L/Au:N/A:C/I:C/C:C are invalid due to invalid metric order (C, I then A is valid, anything else is not).
The current implementation validates such inputs, which makes it inconsistent and non-compliant according to the FIRST.ORG spec.
CVSS v4.0
Vectors like CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:H/CR:X should produce a score of 4.1 according to the official FIRST.ORG calculator, but the current implementation returns a 4.7.
Same impact as for v2, inconsistency and non-compliance.
Moreover, it is a big issue for Vulnerability Management policies, as many of them considers CVSS scores thresholds for prioritization. Those large deltas could pollute the security efforts of the consumers.
The text was updated successfully, but these errors were encountered:
Hey, follow up on #1230, #1232 and its comments.
The current implementation is still invalid for both CVSS v2 and v4.0.
CVSS v2.0
Vectors like
AV:A/AC:L/Au:N/A:C/I:C/C:Care invalid due to invalid metric order (C,IthenAis valid, anything else is not).The current implementation validates such inputs, which makes it inconsistent and non-compliant according to the FIRST.ORG spec.
CVSS v4.0
Vectors like
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:H/CR:Xshould produce a score of 4.1 according to the official FIRST.ORG calculator, but the current implementation returns a 4.7.Same impact as for v2, inconsistency and non-compliance.
Moreover, it is a big issue for Vulnerability Management policies, as many of them considers CVSS scores thresholds for prioritization. Those large deltas could pollute the security efforts of the consumers.
The text was updated successfully, but these errors were encountered: