On May 18, 2018 Flexera’s Secunia Research began entering all new CVSS scores using the v3 standard. After a CVSSv3 score is entered, the score appears in the User Interface (UI), API, XML, email notifications, and PDF reports.
In the UI
The CVSSv3 score is noted with a green “v3” after the score.
In the API
API calls returning CVSS data return a second set of values for CVSSv3, so that you can programmatically differentiate between CVSSv2 and CVSSv3 scores. When CVSSv3 scores are available, the cvss_score value is blank and the value will appear as cvss3_score. The label cvss_score represents CVSSv2 (it was not renamed to avoid breaking existing scripts).
In the XML
A change to the schema is necessary to add specific values for CVSSv3 scores. As with the json API values above, a second cvss3 labeled value was added to distinguish v3 scores. Depending on how any scripts or processes consuming this data parse the information, this has the potential to result in a breaking change.
In Email Notifications
Emails contain CVSSv2 (displayed as CVSS) and CVSSv3 (displayed as CVSS3) labels. The CVSSv3 value will be empty until a v3 value is entered, at which time the v2 (CVSS) value will be empty.
In a PDF Report
PDF reports containing CVSS values will show CVSSv2 (displayed as CVSS) or CVSSv3 (displayed as CVSS3) as appropriate.
Software Vulnerability Research Help LibraryMay 2019 |
Copyright Information | Flexera |