From 2d777fb28f524cda27ce0c647cc9f81c07843db8 Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:08:56 +0200 Subject: [PATCH 1/8] Tests - addresses parts of oasis-tcs/csaf#341 - backport testfiles for 6.1.8 from CSAF 2.1 --- ...oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json | 50 ++++++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json | 49 ++++++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json | 51 +++++++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json | 51 +++++++++++++++++++ ...oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json | 50 ++++++++++++++++++ csaf_2.0/test/validator/data/testcases.json | 24 ++++++++- csaf_2.0/test/validator/run_tests.sh | 12 ++--- 7 files changed, 280 insertions(+), 7 deletions(-) create mode 100644 csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json create mode 100644 csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json create mode 100644 csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json create mode 100644 csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json create mode 100644 csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json new file mode 100644 index 000000000..b7ff86f21 --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json @@ -0,0 +1,50 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (failing example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-02", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5 + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json new file mode 100644 index 000000000..c97d21998 --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json @@ -0,0 +1,49 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (failing example 3)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-03", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", + "baseScore": 6.5 + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json new file mode 100644 index 000000000..9c8d493e0 --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json @@ -0,0 +1,51 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 1)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-11", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json new file mode 100644 index 000000000..53dc8face --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json @@ -0,0 +1,51 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 2)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-12", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json new file mode 100644 index 000000000..089b9cb1d --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json @@ -0,0 +1,50 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 3)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-13", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "scores": [ + { + "products": [ + "CSAFPID-9080700" + ], + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", + "baseScore": 6.5 + } + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/testcases.json b/csaf_2.0/test/validator/data/testcases.json index f626f2c2f..90cc47dca 100644 --- a/csaf_2.0/test/validator/data/testcases.json +++ b/csaf_2.0/test/validator/data/testcases.json @@ -127,6 +127,28 @@ { "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-01.json", "valid": false + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json", + "valid": false + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json", + "valid": false + } + ], + "valid": [ + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-11.json", + "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-12.json", + "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json", + "valid": true } ] }, @@ -1371,4 +1393,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/csaf_2.0/test/validator/run_tests.sh b/csaf_2.0/test/validator/run_tests.sh index 980362ecc..f26816455 100755 --- a/csaf_2.0/test/validator/run_tests.sh +++ b/csaf_2.0/test/validator/run_tests.sh @@ -1,7 +1,7 @@ #!/bin/bash STRICT_BUILD=csaf_2.0/build -ORIG_SCHEMA=csaf_2.0/json_schema/csaf_json_schema.json +ORIG_SCHEMA=csaf_2.0/json_schema/csaf_json_schema.json CSAF_STRICT_SCHEMA=${STRICT_BUILD}/csaf_strict_schema.json CVSS_20_STRICT_SCHEMA=csaf_2.0/referenced_schema/first/cvss-v2.0_strict.json CVSS_30_STRICT_SCHEMA=csaf_2.0/referenced_schema/first/cvss-v3.0_strict.json @@ -9,7 +9,7 @@ CVSS_31_STRICT_SCHEMA=csaf_2.0/referenced_schema/first/cvss-v3.1_strict.json VALIDATOR=csaf_2.0/test/validator.py STRICT_GENERATOR=csaf_2.0/test/generate_strict_schema.py TESTPATH=csaf_2.0/test/validator/data/$1/*.json -EXCLUDE=oasis_csaf_tc-csaf_2_0-2021-6-1-08-01.json +EXCLUDE='oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json' EXCLUDE_STRICT=oasis_csaf_tc-csaf_2_0-2021-6-2-20-01.json FAIL=0 @@ -29,23 +29,23 @@ validate() { } test_all() { - for i in $(ls -1 ${TESTPATH} | grep -v $EXCLUDE) + for i in $(ls -1 ${TESTPATH} | grep -Ev $EXCLUDE) do validate $i done } test_all_strict() { - for i in $(ls -1 ${TESTPATH} | grep -v $EXCLUDE | grep -v ${EXCLUDE_STRICT}) + for i in $(ls -1 ${TESTPATH} | grep -Ev $EXCLUDE | grep -v ${EXCLUDE_STRICT}) do validate $i done -} +} SCHEMA=$ORIG_SCHEMA test_all - + printf "%s" "Generating strict schema ... " mkdir -p ${STRICT_BUILD} python3 "${STRICT_GENERATOR}" "${ORIG_SCHEMA}" > "${CSAF_STRICT_SCHEMA}" From b39cd0b8de0ab7792596d430dd927f04293a418e Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:15:45 +0200 Subject: [PATCH 2/8] Tests - addresses parts of oasis-tcs/csaf#754, oasis-tcs/csaf#341 - add valid testfile for 6.1.8 in CSAF 2.0 and CSAF 2.1 that does not contain CVSS --- ...oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json | 44 ++++++++++++++++ csaf_2.0/test/validator/data/testcases.json | 4 ++ ...oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json | 50 +++++++++++++++++++ csaf_2.1/test/validator/data/testcases.json | 4 ++ 4 files changed, 102 insertions(+) create mode 100644 csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json create mode 100644 csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json diff --git a/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json new file mode 100644 index 000000000..89c0bbc30 --- /dev/null +++ b/csaf_2.0/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json @@ -0,0 +1,44 @@ +{ + "document": { + "category": "csaf_base", + "csaf_version": "2.0", + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 4)", + "tracking": { + "current_release_date": "2021-07-21T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.0-2021-6-1-08-14", + "initial_release_date": "2021-07-21T10:00:00.000Z", + "revision_history": [ + { + "date": "2021-07-21T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "notes": [ + { + "category": "summary", + "text": "A vulnerability without CVSS passes the test as well." + } + ] + } + ] +} diff --git a/csaf_2.0/test/validator/data/testcases.json b/csaf_2.0/test/validator/data/testcases.json index 90cc47dca..7c066987a 100644 --- a/csaf_2.0/test/validator/data/testcases.json +++ b/csaf_2.0/test/validator/data/testcases.json @@ -149,6 +149,10 @@ { "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-13.json", "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_0-2021-6-1-08-14.json", + "valid": true } ] }, diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json new file mode 100644 index 000000000..b3488ed17 --- /dev/null +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json @@ -0,0 +1,50 @@ +{ + "$schema": "https://docs.oasis-open.org/csaf/csaf/v2.1/csaf_json_schema.json", + "document": { + "category": "csaf_base", + "csaf_version": "2.1", + "distribution": { + "tlp": { + "label": "CLEAR" + } + }, + "publisher": { + "category": "other", + "name": "OASIS CSAF TC", + "namespace": "https://csaf.io" + }, + "title": "Mandatory test: Invalid CVSS (valid example 5)", + "tracking": { + "current_release_date": "2024-01-24T10:00:00.000Z", + "id": "OASIS_CSAF_TC-CSAF_2.1-2024-6-1-08-15", + "initial_release_date": "2024-01-24T10:00:00.000Z", + "revision_history": [ + { + "date": "2024-01-24T10:00:00.000Z", + "number": "1", + "summary": "Initial version." + } + ], + "status": "final", + "version": "1" + } + }, + "product_tree": { + "full_product_names": [ + { + "product_id": "CSAFPID-9080700", + "name": "Product A" + } + ] + }, + "vulnerabilities": [ + { + "notes": [ + { + "category": "summary", + "text": "A vulnerability without CVSS passes the test as well." + } + ] + } + ] +} diff --git a/csaf_2.1/test/validator/data/testcases.json b/csaf_2.1/test/validator/data/testcases.json index e87ad5430..315205fb7 100644 --- a/csaf_2.1/test/validator/data/testcases.json +++ b/csaf_2.1/test/validator/data/testcases.json @@ -189,6 +189,10 @@ { "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json", "valid": true + }, + { + "name": "mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-15.json", + "valid": true } ] }, From 6e41a7a3f5cd20157e264c38e61b0aea36a2f44e Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:50:18 +0200 Subject: [PATCH 3/8] Tests - addresses parts of oasis-tcs/csaf#754 - fix copy paste error (wrong filenames) --- csaf_2.0/test/validator/run_tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csaf_2.0/test/validator/run_tests.sh b/csaf_2.0/test/validator/run_tests.sh index f26816455..3f306806d 100755 --- a/csaf_2.0/test/validator/run_tests.sh +++ b/csaf_2.0/test/validator/run_tests.sh @@ -9,7 +9,7 @@ CVSS_31_STRICT_SCHEMA=csaf_2.0/referenced_schema/first/cvss-v3.1_strict.json VALIDATOR=csaf_2.0/test/validator.py STRICT_GENERATOR=csaf_2.0/test/generate_strict_schema.py TESTPATH=csaf_2.0/test/validator/data/$1/*.json -EXCLUDE='oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json|oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json' +EXCLUDE='oasis_csaf_tc-csaf_2_0-2021-6-1-08-01.json|oasis_csaf_tc-csaf_2_0-2021-6-1-08-02.json|oasis_csaf_tc-csaf_2_0-2021-6-1-08-03.json' EXCLUDE_STRICT=oasis_csaf_tc-csaf_2_0-2021-6-2-20-01.json FAIL=0 From 259bd7d4df6b09e9cf0443ab94fa3f81704e8c9d Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Jul 2024 15:31:21 +0200 Subject: [PATCH 4/8] Metrics - addresses parts of oasis-tcs/csaf#624 - rename scores to metrics - add new level `content` to group scores (and metrics) - add `source` as URI --- csaf_2.1/json_schema/csaf_json_schema.json | 87 +++++++++++++--------- 1 file changed, 51 insertions(+), 36 deletions(-) diff --git a/csaf_2.1/json_schema/csaf_json_schema.json b/csaf_2.1/json_schema/csaf_json_schema.json index 2000db6a3..6cdd283c0 100644 --- a/csaf_2.1/json_schema/csaf_json_schema.json +++ b/csaf_2.1/json_schema/csaf_json_schema.json @@ -1201,6 +1201,57 @@ } } }, + "metrics": { + "title": "List of metrics", + "description": "Contains metric objects for the current vulnerability.", + "type": "array", + "minItems": 1, + "uniqueItems": true, + "items": { + "title": "metric", + "description": "Contains all metadata about the metric including products it applies to and the source and the content itself.", + "type": "object", + "required": [ + "content", + "products" + ], + "properties": { + "content": { + "title": "Content", + "description": "Specifies information about (at least one) metric or score for the given products regarding the current vulnerability.", + "type": "object", + "minProperties": 1, + "properties": { + "cvss_v2": { + "$ref": "https://www.first.org/cvss/cvss-v2.0.json" + }, + "cvss_v3": { + "oneOf": [ + { + "$ref": "https://www.first.org/cvss/cvss-v3.0.json" + }, + { + "$ref": "https://www.first.org/cvss/cvss-v3.1.json" + } + ] + }, + "cvss_v4": { + "$ref": "https://www.first.org/cvss/cvss-v4.0.json" + } + } + }, + "products": { + "$ref": "#/$defs/products_t" + }, + "source": { + "title": "Source", + "description": "Contains the URL of the source that originally determined the metric.", + "type": "string", + "format": "uri" + } + } + } + }, "notes": { "title": "Vulnerability notes", "description": "Holds notes associated with this vulnerability item.", @@ -1362,42 +1413,6 @@ } } }, - "scores": { - "title": "List of scores", - "description": "Contains score objects for the current vulnerability.", - "type": "array", - "minItems": 1, - "items": { - "title": "Score", - "description": "Specifies information about (at least one) score of the vulnerability and for which products the given value applies.", - "type": "object", - "minProperties": 2, - "required": [ - "products" - ], - "properties": { - "cvss_v2": { - "$ref": "https://www.first.org/cvss/cvss-v2.0.json" - }, - "cvss_v3": { - "oneOf": [ - { - "$ref": "https://www.first.org/cvss/cvss-v3.0.json" - }, - { - "$ref": "https://www.first.org/cvss/cvss-v3.1.json" - } - ] - }, - "cvss_v4": { - "$ref": "https://www.first.org/cvss/cvss-v4.0.json" - }, - "products": { - "$ref": "#/$defs/products_t" - } - } - } - }, "threats": { "title": "List of threats", "description": "Contains information about a vulnerability that can change with time.", From 8de4e064efa0b89977218879f747425e7739a13c Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Jul 2024 16:19:09 +0200 Subject: [PATCH 5/8] Metrics - addresses parts of oasis-tcs/csaf#624 - adopt prose in section 3 to reflect schema --- ...ma-elements-02-props-04-vulnerabilities.md | 134 +++++++++++------- 1 file changed, 79 insertions(+), 55 deletions(-) diff --git a/csaf_2.1/prose/edit/src/schema-elements-02-props-04-vulnerabilities.md b/csaf_2.1/prose/edit/src/schema-elements-02-props-04-vulnerabilities.md index cc3a59365..af56fb699 100644 --- a/csaf_2.1/prose/edit/src/schema-elements-02-props-04-vulnerabilities.md +++ b/csaf_2.1/prose/edit/src/schema-elements-02-props-04-vulnerabilities.md @@ -16,8 +16,8 @@ The Vulnerability item of value type `object` with 1 or more properties is a con a single vulnerability in the document. Any vulnerability MAY provide the optional properties Acknowledgments (`acknowledgments`), Common Vulnerabilities and Exposures (CVE) (`cve`), Common Weakness Enumeration (CWE) (`cwes`), Discovery Date (`discovery_date`), Flags (`flags`), IDs (`ids`), Involvements (`involvements`), -Notes (`notes`), Product Status (`product_status`), References (`references`), Release Date (`release_date`), Remediations (`remediations`), -Scores (`scores`), Threats (`threats`), and Title (`title`). +Metrics (`metrics`), Notes (`notes`), Product Status (`product_status`), References (`references`), Release Date (`release_date`), +Remediations (`remediations`), Threats (`threats`), and Title (`title`). ``` "properties": { @@ -42,6 +42,9 @@ Scores (`scores`), Threats (`threats`), and Title (`title`). "involvements": { // ... }, + "metrics": { + // ... + }, "notes": { // ... }, @@ -57,9 +60,6 @@ Scores (`scores`), Threats (`threats`), and Title (`title`). "remediations": { // ... }, - "scores": { - // ... - }, "threats": { // ... }, @@ -392,6 +392,80 @@ The use of this status by a vendor indicates that future updates from the vendor Summary of involvement (`summary`) of value type `string` with 1 or more characters contains additional context regarding what is going on. +#### Vulnerabilities Property - Metrics + +List of metrics (`metrics`) of value type `array` with 1 or more unique items (a set) of value type `object` Contains metric objects for the current vulnerability. + +``` + "metrics": { + // ... + "items": { + // ... + } + }, +``` + +Every Metric item of value type `object` with the mandatory properties `content` and `products` and the optional property `source` contains all metadata about the metric including products it applies to and the source and the content itself. + +``` + "properties": { + "content": { + // ... + }, + "products": { + // ... + }, + "source": { + // ... + } + } +``` + +##### Vulnerabilities Property - Metrics - Content + +Content (`content`) of value type `object` with the optional properties CVSS v2 (`cvss_v2`), CVSS v3 (`cvss_v3`) and CVSS v4 (`cvss_v4`) specifies information about (at least one) metric or score for the given products regarding the current vulnerability. +A Content object has at least 1 property. + +``` + "properties": { + "cvss_v2": { + // ... + }, + "cvss_v3": { + "oneOf": [ + // ... + ] + }, + "cvss_v4": { + // ... + } + } +``` + +The property CVSS v2 (`cvss_v2`) holding a CVSS v2.0 value abiding by the schema at +[https://www.first.org/cvss/cvss-v2.0.json](https://www.first.org/cvss/cvss-v2.0.json). + +The property CVSS v3 (`cvss_v3`) holding a CVSS v3.x value abiding by one of the schemas at +[https://www.first.org/cvss/cvss-v3.0.json](https://www.first.org/cvss/cvss-v3.0.json) or +[https://www.first.org/cvss/cvss-v3.1.json](https://www.first.org/cvss/cvss-v3.1.json). + +The property CVSS v4 (`cvss_v4`) holding a CVSS v4.0 value abiding by the schema at +[https://www.first.org/cvss/cvss-v4.0.json](https://www.first.org/cvss/cvss-v4.0.json). + +##### Vulnerabilities Property - Metrics - Products + +Product IDs (`products`) of value type `products_t` with 1 or more items indicates for which products the given content applies. +A metric object SHOULD reflect the associated product's status (for example, +a fixed product no longer contains a vulnerability and should have a CVSS score of 0, or simply no score listed; +the known affected versions of that product can list the vulnerability score as it applies to them). + +##### Vulnerabilities Property - Metrics - Source + +Source (`source`) of value type `string` with format `uri` contains the URL of the source that originally determined the metric. +If no source is given, then the metric was assigned by the document author. + +> For example, this could point to the vendor advisory, discoverer blog post, a multiplier's assessment or other sources that provide metric information. + #### Vulnerabilities Property - Notes Vulnerability notes (`notes`) of value type Notes Type (`notes_t`) holds notes associated with this vulnerability item. @@ -689,56 +763,6 @@ This can include details on procedures, scope or impact. URL (`url`) of value type `string` with format `uri` contains the URL where to obtain the remediation. -#### Vulnerabilities Property - Scores - -List of scores (`scores`) of value type `array` with 1 or more items of type score holds a list of score objects for the current vulnerability. - -``` - "scores": { - // ... - "items": { - // ... - } - }, -``` - -Value type of every such Score item is `object` with the mandatory property `products` and the optional properties `cvss_v2`, -`cvss_v3` and `cvss_v4` specifies information about (at least one) score of the vulnerability and for which products the given value applies. -Each Score item has at least 2 properties. - -``` - "properties": { - "cvss_v2": { - // ... - }, - "cvss_v3": { - "oneOf": [ - // ... - ] - }, - "cvss_v4": { - // ... - }, - "products": { - // ... - } - } -``` - -The property CVSS v2 (`cvss_v2`) holding a CVSS v2.0 value abiding by the schema at -[https://www.first.org/cvss/cvss-v2.0.json](https://www.first.org/cvss/cvss-v2.0.json). - -The property CVSS v3 (`cvss_v3`) holding a CVSS v3.x value abiding by one of the schemas at -[https://www.first.org/cvss/cvss-v3.0.json](https://www.first.org/cvss/cvss-v3.0.json) or -[https://www.first.org/cvss/cvss-v3.1.json](https://www.first.org/cvss/cvss-v3.1.json). - -The property CVSS v4 (`cvss_v4`) holding a CVSS v4.0 value abiding by the schema at [https://www.first.org/cvss/cvss-v4.0.json](https://www.first.org/cvss/cvss-v4.0.json). - -Product IDs (`products`) of value type `products_t` with 1 or more items indicates for which products the given scores apply. -A score object SHOULD reflect the associated product's status (for example, -a fixed product no longer contains a vulnerability and should have a CVSS score of 0, or simply no score listed; -the known affected versions of that product can list the vulnerability score as it applies to them). - #### Vulnerabilities Property - Threats List of threats (`threats`) of value type `array` with 1 or more items of value type `object` contains From f66123681b4f80bda87b867f21e206774bf540fa Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Jul 2024 17:38:31 +0200 Subject: [PATCH 6/8] Metrics - addresses parts of oasis-tcs/csaf#624 - adopt prose in other sections to reflect schema --- csaf_2.1/prose/edit/src/conformance.md | 8 +- csaf_2.1/prose/edit/src/guidance-on-size.md | 165 +++++++++--------- ...dtr-01-missing-definition-of-product-id.md | 2 +- ...le-scores-with-same-version-per-product.md | 42 +++-- .../src/tests-01-mndtr-08-invalid-cvss.md | 6 +- ...ts-01-mndtr-09-invalid-cvss-computation.md | 30 ++-- .../tests-01-mndtr-10-inconsistent-cvss.md | 6 +- csaf_2.1/prose/edit/src/tests-02-optional.md | 24 +-- .../prose/edit/src/tests-03-informative.md | 53 +++--- 9 files changed, 176 insertions(+), 160 deletions(-) diff --git a/csaf_2.1/prose/edit/src/conformance.md b/csaf_2.1/prose/edit/src/conformance.md index 28380e1ff..c46bfad5b 100644 --- a/csaf_2.1/prose/edit/src/conformance.md +++ b/csaf_2.1/prose/edit/src/conformance.md @@ -144,7 +144,7 @@ Secondly, the program fulfills the following for all items of: the CVRF CSAF converter appends all Product IDs which are listed under `../product_status` in the arrays `known_affected`, `first_affected` and `last_affected` into `product_ids`. If none of these arrays exist, the CVRF CSAF converter outputs an error that no matching Product ID was found for this remediation element. -* `/vulnerabilities[]/scores[]`: +* `/vulnerabilities[]/metrics[]`: * For any CVSS v4 element, the CVRF CSAF converter MUST compute the `baseSeverity` from the `baseScore` according to the rules of the applicable CVSS standard. (CSAF CVRF v1.2 predates CVSS v4.0.) * For any CVSS v3 element, the CVRF CSAF converter MUST compute the `baseSeverity` from the `baseScore` according to @@ -373,11 +373,11 @@ The viewer: * satisfies the "CSAF consumer" conformance profile. * satisfies the normative requirements given below. -For each CVSS-Score in `/vulnerabilities[]/scores[]` the viewer: +For each CVSS-Score in `/vulnerabilities[]/metrics[]` the viewer: * preferably shows the `vector` if there is an inconsistency between the `vector` and any other sibling attribute. -* SHOULD prefer the item of `scores[]` for each `product_id` which has the highest CVSS Base Score and newest CVSS version - (in that order) if a `product_id` is listed in more than one item of `scores[]`. +* SHOULD prefer the item of `metrics[]` for each `product_id` which originates from the document author (and therefore has no property `source`) + and has the highest CVSS Base Score and newest CVSS version (in that order) if a `product_id` is listed in more than one item of `metrics[]`. ### Conformance Clause 12: CSAF management system diff --git a/csaf_2.1/prose/edit/src/guidance-on-size.md b/csaf_2.1/prose/edit/src/guidance-on-size.md index 3a5e77596..e9bb37176 100644 --- a/csaf_2.1/prose/edit/src/guidance-on-size.md +++ b/csaf_2.1/prose/edit/src/guidance-on-size.md @@ -124,8 +124,8 @@ An array SHOULD NOT have more than: * `/vulnerabilities[]/product_status/under_investigation` * `/vulnerabilities[]/remediations` * `/vulnerabilities[]/remediations[]/product_ids` - * `/vulnerabilities[]/scores` - * `/vulnerabilities[]/scores[]/products` + * `/vulnerabilities[]/metrics` + * `/vulnerabilities[]/metrics[]/products` * `/vulnerabilities[]/threats` * `/vulnerabilities[]/threats[]/group_ids` * `/vulnerabilities[]/threats[]/product_ids` @@ -212,9 +212,9 @@ A string SHOULD NOT have a length greater than: * `/vulnerabilities[]/product_status/under_investigation[]` * `/vulnerabilities[]/remediations[]/group_ids[]` * `/vulnerabilities[]/remediations[]/product_ids[]` - * `/vulnerabilities[]/scores[]/cvss_v2/vectorString` - * `/vulnerabilities[]/scores[]/cvss_v3/vectorString` - * `/vulnerabilities[]/scores[]/cvss_v4/vectorString` + * `/vulnerabilities[]/metrics[]/content/cvss_v2/vectorString` + * `/vulnerabilities[]/metrics[]/content/cvss_v3/vectorString` + * `/vulnerabilities[]/metrics[]/content/cvss_v4/vectorString` * `/vulnerabilities[]/scores[]/products[]` * `/vulnerabilities[]/threats[]/group_ids[]` * `/vulnerabilities[]/threats[]/product_ids[]` @@ -272,6 +272,7 @@ A string with format `uri` SHOULD NOT have a length greater than 20000. This app * `/product_tree/relationships[]/full_product_name/product_identification_helper/x_generic_uris[]/namespace` * `/product_tree/relationships[]/full_product_name/product_identification_helper/x_generic_uris[]/uri` * `/vulnerabilities[]/acknowledgments[]/urls[]` +* `/vulnerabilities[]/metrics[]/source` * `/vulnerabilities[]/references[]/url` * `/vulnerabilities[]/remediations[]/url` @@ -306,83 +307,83 @@ This applies to: * `/vulnerabilities[]/references[]/category` (8) * `/vulnerabilities[]/remediations[]/category` (14) * `/vulnerabilities[]/remediations[]/restart_required/category` (20) -* `/vulnerabilities[]/scores[]/cvss_v2/version` (3) -* `/vulnerabilities[]/scores[]/cvss_v2/accessVector` (16) -* `/vulnerabilities[]/scores[]/cvss_v2/accessComplexity` (6) -* `/vulnerabilities[]/scores[]/cvss_v2/authentication` (8) -* `/vulnerabilities[]/scores[]/cvss_v2/confidentialityImpact` (8) -* `/vulnerabilities[]/scores[]/cvss_v2/integrityImpact` (8) -* `/vulnerabilities[]/scores[]/cvss_v2/availabilityImpact` (8) -* `/vulnerabilities[]/scores[]/cvss_v2/exploitability` (16) -* `/vulnerabilities[]/scores[]/cvss_v2/remediationLevel` (13) -* `/vulnerabilities[]/scores[]/cvss_v2/reportConfidence` (14) -* `/vulnerabilities[]/scores[]/cvss_v2/collateralDamagePotential` (11) -* `/vulnerabilities[]/scores[]/cvss_v2/targetDistribution` (11) -* `/vulnerabilities[]/scores[]/cvss_v2/confidentialityRequirement` (11) -* `/vulnerabilities[]/scores[]/cvss_v2/integrityRequirement` (11) -* `/vulnerabilities[]/scores[]/cvss_v2/availabilityRequirement` (11) -* `/vulnerabilities[]/scores[]/cvss_v3/version` (3) -* `/vulnerabilities[]/scores[]/cvss_v3/attackVector` (16) -* `/vulnerabilities[]/scores[]/cvss_v3/attackComplexity` (4) -* `/vulnerabilities[]/scores[]/cvss_v3/privilegesRequired` (4) -* `/vulnerabilities[]/scores[]/cvss_v3/userInteraction` (8) -* `/vulnerabilities[]/scores[]/cvss_v3/scope` (9) -* `/vulnerabilities[]/scores[]/cvss_v3/confidentialityImpact` (4) -* `/vulnerabilities[]/scores[]/cvss_v3/integrityImpact` (4) -* `/vulnerabilities[]/scores[]/cvss_v3/availabilityImpact` (4) -* `/vulnerabilities[]/scores[]/cvss_v3/baseSeverity` (8) -* `/vulnerabilities[]/scores[]/cvss_v3/exploitCodeMaturity` (16) -* `/vulnerabilities[]/scores[]/cvss_v3/remediationLevel` (13) -* `/vulnerabilities[]/scores[]/cvss_v3/reportConfidence` (11) -* `/vulnerabilities[]/scores[]/cvss_v3/temporalSeverity` (8) -* `/vulnerabilities[]/scores[]/cvss_v3/confidentialityRequirement` (11) -* `/vulnerabilities[]/scores[]/cvss_v3/integrityRequirement` (11) -* `/vulnerabilities[]/scores[]/cvss_v3/availabilityRequirement` (11) -* `/vulnerabilities[]/scores[]/cvss_v3/modifiedAttackVector` (16) -* `/vulnerabilities[]/scores[]/cvss_v3/modifiedAttackComplexity` (11) -* `/vulnerabilities[]/scores[]/cvss_v3/modifiedPrivilegesRequired` (11) -* `/vulnerabilities[]/scores[]/cvss_v3/modifiedUserInteraction` (11) -* `/vulnerabilities[]/scores[]/cvss_v3/modifiedScope` (11) -* `/vulnerabilities[]/scores[]/cvss_v3/modifiedConfidentialityImpact` (11) -* `/vulnerabilities[]/scores[]/cvss_v3/modifiedIntegrityImpact` (11) -* `/vulnerabilities[]/scores[]/cvss_v3/modifiedAvailabilityImpact` (11) -* `/vulnerabilities[]/scores[]/cvss_v3/environmentalSeverity` (8) -* `/vulnerabilities[]/scores[]/cvss_v4/version` (3) -* `/vulnerabilities[]/scores[]/cvss_v4/attackVector` (8) -* `/vulnerabilities[]/scores[]/cvss_v4/attackComplexity` (4) -* `/vulnerabilities[]/scores[]/cvss_v4/attackRequirements` (7) -* `/vulnerabilities[]/scores[]/cvss_v4/privilegesRequired` (4) -* `/vulnerabilities[]/scores[]/cvss_v4/userInteraction` (7) -* `/vulnerabilities[]/scores[]/cvss_v4/vulnConfidentialityImpact` (4) -* `/vulnerabilities[]/scores[]/cvss_v4/vulnIntegrityImpact` (4) -* `/vulnerabilities[]/scores[]/cvss_v4/vulnAvailabilityImpact` (4) -* `/vulnerabilities[]/scores[]/cvss_v4/subConfidentialityImpact` (4) -* `/vulnerabilities[]/scores[]/cvss_v4/subIntegrityImpact` (4) -* `/vulnerabilities[]/scores[]/cvss_v4/subAvailabilityImpact` (4) -* `/vulnerabilities[]/scores[]/cvss_v4/exploitMaturity` (16) -* `/vulnerabilities[]/scores[]/cvss_v4/confidentialityRequirement` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/integrityRequirement` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/availabilityRequirement` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/modifiedAttackVector` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/modifiedAttackComplexity` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/modifiedAttackRequirements` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/modifiedPrivilegesRequired` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/modifiedUserInteraction` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/modifiedVulnConfidentialityImpact` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/modifiedVulnIntegrityImpact` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/modifiedVulnAvailabilityImpact` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/modifiedSubConfidentialityImpact` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/modifiedSubIntegrityImpact` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/modifiedSubAvailabilityImpact` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/Safety` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/Automatable` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/Recovery` (13) -* `/vulnerabilities[]/scores[]/cvss_v4/valueDensity` (12) -* `/vulnerabilities[]/scores[]/cvss_v4/vulnerabilityResponseEffort` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/providerUrgency` (11) -* `/vulnerabilities[]/scores[]/cvss_v4/baseSeverity` (8) -* `/vulnerabilities[]/scores[]/cvss_v4/threatSeverity` (8) -* `/vulnerabilities[]/scores[]/cvss_v4/environmentalSeverity` (8) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/version` (3) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/accessVector` (16) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/accessComplexity` (6) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/authentication` (8) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/confidentialityImpact` (8) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/integrityImpact` (8) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/availabilityImpact` (8) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/exploitability` (16) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/remediationLevel` (13) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/reportConfidence` (14) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/collateralDamagePotential` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/targetDistribution` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/confidentialityRequirement` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/integrityRequirement` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v2/availabilityRequirement` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/version` (3) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/attackVector` (16) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/attackComplexity` (4) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/privilegesRequired` (4) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/userInteraction` (8) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/scope` (9) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/confidentialityImpact` (4) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/integrityImpact` (4) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/availabilityImpact` (4) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/baseSeverity` (8) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/exploitCodeMaturity` (16) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/remediationLevel` (13) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/reportConfidence` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/temporalSeverity` (8) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/confidentialityRequirement` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/integrityRequirement` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/availabilityRequirement` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/modifiedAttackVector` (16) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/modifiedAttackComplexity` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/modifiedPrivilegesRequired` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/modifiedUserInteraction` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/modifiedScope` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/modifiedConfidentialityImpact` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/modifiedIntegrityImpact` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/modifiedAvailabilityImpact` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v3/environmentalSeverity` (8) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/version` (3) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/attackVector` (8) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/attackComplexity` (4) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/attackRequirements` (7) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/privilegesRequired` (4) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/userInteraction` (7) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/vulnConfidentialityImpact` (4) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/vulnIntegrityImpact` (4) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/vulnAvailabilityImpact` (4) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/subConfidentialityImpact` (4) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/subIntegrityImpact` (4) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/subAvailabilityImpact` (4) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/exploitMaturity` (16) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/confidentialityRequirement` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/integrityRequirement` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/availabilityRequirement` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/modifiedAttackVector` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/modifiedAttackComplexity` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/modifiedAttackRequirements` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/modifiedPrivilegesRequired` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/modifiedUserInteraction` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/modifiedVulnConfidentialityImpact` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/modifiedVulnIntegrityImpact` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/modifiedVulnAvailabilityImpact` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/modifiedSubConfidentialityImpact` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/modifiedSubIntegrityImpact` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/modifiedSubAvailabilityImpact` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/Safety` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/Automatable` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/Recovery` (13) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/valueDensity` (12) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/vulnerabilityResponseEffort` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/providerUrgency` (11) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/baseSeverity` (8) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/threatSeverity` (8) +* `/vulnerabilities[]/metrics[]/content/cvss_v4/environmentalSeverity` (8) * `/vulnerabilities[]/threats[]/category` (14) ## Date diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-01-missing-definition-of-product-id.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-01-missing-definition-of-product-id.md index a654582bf..5bbc66bd3 100644 --- a/csaf_2.1/prose/edit/src/tests-01-mndtr-01-missing-definition-of-product-id.md +++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-01-missing-definition-of-product-id.md @@ -10,6 +10,7 @@ The relevant paths for this test are: /product_tree/product_groups[]/product_ids[] /product_tree/relationships[]/product_reference /product_tree/relationships[]/relates_to_product_reference + /vulnerabilities[]/metrics[]/products[] /vulnerabilities[]/product_status/first_affected[] /vulnerabilities[]/product_status/first_fixed[] /vulnerabilities[]/product_status/fixed[] @@ -19,7 +20,6 @@ The relevant paths for this test are: /vulnerabilities[]/product_status/recommended[] /vulnerabilities[]/product_status/under_investigation[] /vulnerabilities[]/remediations[]/product_ids[] - /vulnerabilities[]/scores[]/products[] /vulnerabilities[]/threats[]/product_ids[] ``` diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-07-multiple-scores-with-same-version-per-product.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-07-multiple-scores-with-same-version-per-product.md index d624b2407..ac5777d27 100644 --- a/csaf_2.1/prose/edit/src/tests-01-mndtr-07-multiple-scores-with-same-version-per-product.md +++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-07-multiple-scores-with-same-version-per-product.md @@ -1,11 +1,13 @@ ### Multiple Scores with same Version per Product -For each item in `/vulnerabilities` it MUST be tested that the same Product ID is not member of more than one CVSS-Vectors with the same version. +For each item in `/vulnerabilities` it MUST be tested that the same Product ID is not member of more than one CVSS-Vectors with the same version and same source. + +> Different source might assign different scores for the same product. The relevant path for this test is: ``` - /vulnerabilities[]/scores[] + /vulnerabilities[]/metrics[] ``` *Example 1 (which fails the test):* @@ -21,32 +23,36 @@ The relevant path for this test is: }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + } "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] }, { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + } "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" - } + ] } ] } ] ``` -> Two CVSS v3.1 scores are given for `CSAFPID-9080700`. +> Two CVSS v3.1 scores are given for `CSAFPID-9080700` by the document author. diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-08-invalid-cvss.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-08-invalid-cvss.md index e5751ec79..0423db923 100644 --- a/csaf_2.1/prose/edit/src/tests-01-mndtr-08-invalid-cvss.md +++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-08-invalid-cvss.md @@ -5,9 +5,9 @@ It MUST be tested that the given CVSS object is valid according to the reference The relevant paths for this test are: ``` - /vulnerabilities[]/scores[]/cvss_v2 - /vulnerabilities[]/scores[]/cvss_v3 - /vulnerabilities[]/scores[]/cvss_v4 + /vulnerabilities[]/metrics[]/content/cvss_v2 + /vulnerabilities[]/metrics[]/content/cvss_v3 + /vulnerabilities[]/metrics[]/content/cvss_v4 ``` *Example 1 (which fails the test):* diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-09-invalid-cvss-computation.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-09-invalid-cvss-computation.md index 4b2b72545..e801ed7a6 100644 --- a/csaf_2.1/prose/edit/src/tests-01-mndtr-09-invalid-cvss-computation.md +++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-09-invalid-cvss-computation.md @@ -7,21 +7,21 @@ It MUST be tested that the given CVSS object has the values computed correctly a The relevant paths for this test are: ``` - /vulnerabilities[]/scores[]/cvss_v2/baseScore - /vulnerabilities[]/scores[]/cvss_v2/temporalScore - /vulnerabilities[]/scores[]/cvss_v2/environmentalScore - /vulnerabilities[]/scores[]/cvss_v3/baseScore - /vulnerabilities[]/scores[]/cvss_v3/baseSeverity - /vulnerabilities[]/scores[]/cvss_v3/temporalScore - /vulnerabilities[]/scores[]/cvss_v3/temporalSeverity - /vulnerabilities[]/scores[]/cvss_v3/environmentalScore - /vulnerabilities[]/scores[]/cvss_v3/environmentalSeverity - /vulnerabilities[]/scores[]/cvss_v4/baseScore - /vulnerabilities[]/scores[]/cvss_v4/baseSeverity - /vulnerabilities[]/scores[]/cvss_v4/threatScore - /vulnerabilities[]/scores[]/cvss_v4/threatSeverity - /vulnerabilities[]/scores[]/cvss_v4/environmentalScore - /vulnerabilities[]/scores[]/cvss_v4/environmentalSeverity + /vulnerabilities[]/metrics[]/content/cvss_v2/baseScore + /vulnerabilities[]/metrics[]/content/cvss_v2/temporalScore + /vulnerabilities[]/metrics[]/content/cvss_v2/environmentalScore + /vulnerabilities[]/metrics[]/content/cvss_v3/baseScore + /vulnerabilities[]/metrics[]/content/cvss_v3/baseSeverity + /vulnerabilities[]/metrics[]/content/cvss_v3/temporalScore + /vulnerabilities[]/metrics[]/content/cvss_v3/temporalSeverity + /vulnerabilities[]/metrics[]/content/cvss_v3/environmentalScore + /vulnerabilities[]/metrics[]/content/cvss_v3/environmentalSeverity + /vulnerabilities[]/metrics[]/content/cvss_v4/baseScore + /vulnerabilities[]/metrics[]/content/cvss_v4/baseSeverity + /vulnerabilities[]/metrics[]/content/cvss_v4/threatScore + /vulnerabilities[]/metrics[]/content/cvss_v4/threatSeverity + /vulnerabilities[]/metrics[]/content/cvss_v4/environmentalScore + /vulnerabilities[]/metrics[]/content/cvss_v4/environmentalSeverity ``` *Example 1 (which fails the test):* diff --git a/csaf_2.1/prose/edit/src/tests-01-mndtr-10-inconsistent-cvss.md b/csaf_2.1/prose/edit/src/tests-01-mndtr-10-inconsistent-cvss.md index c3882610f..3ba496b4e 100644 --- a/csaf_2.1/prose/edit/src/tests-01-mndtr-10-inconsistent-cvss.md +++ b/csaf_2.1/prose/edit/src/tests-01-mndtr-10-inconsistent-cvss.md @@ -5,9 +5,9 @@ It MUST be tested that the given CVSS properties do not contradict the CVSS vect The relevant paths for this test are: ``` - /vulnerabilities[]/scores[]/cvss_v2 - /vulnerabilities[]/scores[]/cvss_v3 - /vulnerabilities[]/scores[]/cvss_v4 + /vulnerabilities[]/metrics[]/content/cvss_v2 + /vulnerabilities[]/metrics[]/content/cvss_v3 + /vulnerabilities[]/metrics[]/content/cvss_v4 ``` *Example 1 (which fails the test):* diff --git a/csaf_2.1/prose/edit/src/tests-02-optional.md b/csaf_2.1/prose/edit/src/tests-02-optional.md index 469dd644b..602353da0 100644 --- a/csaf_2.1/prose/edit/src/tests-02-optional.md +++ b/csaf_2.1/prose/edit/src/tests-02-optional.md @@ -76,10 +76,10 @@ The relevant paths for this test are: > `CSAFPID-9080700` has in Product Status `last_affected` but there is no remediation object for this Product ID. -### Missing Score +### Missing Metric For each Product ID (type `/$defs/product_id_t`) in the Product Status groups Affected it MUST be tested that -a score object exists which covers this product. +a metric object exists which covers this product. The relevant paths for this test are: @@ -111,7 +111,7 @@ The relevant paths for this test are: ] ``` -> `CSAFPID-9080700` has in Product Status `first_affected` but there is no score object which covers this Product ID. +> `CSAFPID-9080700` has in Product Status `first_affected` but there is no metric object which covers this Product ID. ### Build Metadata in Revision History @@ -570,7 +570,7 @@ The relevant paths for this test are: For each item the fixed products group (`first_fixed` and `fixed`) it MUST be tested that a CVSS applying to this product has an environmental score of `0`. The test SHALL pass if none of the Product IDs listed within product status `fixed` or -`first_fixed` is found in `products` of any item of the `scores` element. +`first_fixed` is found in `products` of any item of the `metrics` element. The relevant path for this test is: @@ -597,14 +597,16 @@ The relevant path for this test is: "CSAFPID-9080700" ] }, - "scores": [ + "metrics": [ { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" - }, + "content": { + "cvss_v3": { + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + } , "products": [ "CSAFPID-9080700" ] diff --git a/csaf_2.1/prose/edit/src/tests-03-informative.md b/csaf_2.1/prose/edit/src/tests-03-informative.md index 91e6edc10..21ae1b7a5 100644 --- a/csaf_2.1/prose/edit/src/tests-03-informative.md +++ b/csaf_2.1/prose/edit/src/tests-03-informative.md @@ -8,13 +8,16 @@ A program MUST handle a test failure as a information. ### Use of CVSS v2 as the only Scoring System -For each item in the list of scores which contains the `cvss_v2` object it MUST be tested that is not the only scoring item present. -The test SHALL pass if a second scoring object is available. +For each item in the list of metrics which contains the `cvss_v2` object under `content` it MUST be tested that is not the only scoring item present. +The test SHALL pass if a second scoring object is available regarding the specific product. + +> One source might just provide CVSS v2. +> As long as at least one different source provides a different scoring system for the same products, the test passes. The relevant path for this test is: ``` - /vulnerabilities[]/scores + /vulnerabilities[]/metrics ``` *Example 1 (which fails the test):* @@ -30,16 +33,18 @@ The relevant path for this test is: }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10 - } + ] } ] } @@ -54,13 +59,13 @@ It is recommended to (also) use the CVSS v4.0. ### Use of CVSS v3.0 -For each item in the list of scores which contains the `cvss_v3` object it MUST be tested that CVSS v3.0 is not used. +For each item in the list of metrics which contains the `cvss_v3` object under `content` it MUST be tested that CVSS v3.0 is not used. The relevant paths for this test are: ``` - /vulnerabilities[]/scores[]/cvss_v3/version - /vulnerabilities[]/scores[]/cvss_v3/vectorString + /vulnerabilities[]/metrics[]/content/cvss_v3/version + /vulnerabilities[]/metrics[]/content/cvss_v3/vectorString ``` *Example 1 (which fails the test):* @@ -414,12 +419,12 @@ The relevant paths for this test are: ### Missing CVSS v4.0 -For each item in the list of scores it MUST be tested that a `cvss_v4` object is present. +For each item in the list of metrics it MUST be tested that a `cvss_v4` object is present. The relevant path for this test is: ``` - /vulnerabilities[]/scores + /vulnerabilities[]/metrics[]/content ``` *Example 1 (which fails the test):* @@ -435,17 +440,19 @@ The relevant path for this test is: }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] } From e4f3d511885e7b25f5a27d1f82280c1cbc26c0d4 Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Jul 2024 18:37:30 +0200 Subject: [PATCH 7/8] Metrics - addresses parts of oasis-tcs/csaf#624 - adapt examples to reflect changed schema --- csaf_2.1/examples/csaf/bsi-2022-0001.json | 58 +- .../examples/csaf/cisco-sa-20180328-smi2.json | 584 +++++++++--------- .../csaf/csaf_vex/2022-evd-uc-04-001.json | 48 +- .../csaf/csaf_vex/2022-evd-uc-06-001.json | 100 +-- .../csaf/csaf_vex/2022-evd-uc-07-001.json | 104 ++-- .../csaf/csaf_vex/2022-evd-uc-08-001.json | 210 ++++--- .../csaf/csaf_vex/2022-evd-uc-09-001.json | 178 +++--- 7 files changed, 656 insertions(+), 626 deletions(-) diff --git a/csaf_2.1/examples/csaf/bsi-2022-0001.json b/csaf_2.1/examples/csaf/bsi-2022-0001.json index 3f508860c..8d0bdad3d 100644 --- a/csaf_2.1/examples/csaf/bsi-2022-0001.json +++ b/csaf_2.1/examples/csaf/bsi-2022-0001.json @@ -148,6 +148,36 @@ "text": "csaf-tools/CVRF-CSAF-Converter#78" } ], + "metrics": [ + { + "content": { + "cvss_v3": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "exploitCodeMaturity": "FUNCTIONAL", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "remediationLevel": "OFFICIAL_FIX", + "reportConfidence": "CONFIRMED", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L/E:F/RL:O/RC:C", + "version": "3.1" + } + }, + "products": [ + "CSAFPID-0001", + "CSAFPID-0002", + "CSAFPID-0003", + "CSAFPID-0004", + "CSAFPID-0005" + ] + } + ], "notes": [ { "category": "description", @@ -184,34 +214,6 @@ ], "url": "https://github.com/csaf-tools/CVRF-CSAF-Converter/releases/tag/1.0.0-rc2" } - ], - "scores": [ - { - "cvss_v3": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 6.1, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "exploitCodeMaturity": "FUNCTIONAL", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "remediationLevel": "OFFICIAL_FIX", - "reportConfidence": "CONFIRMED", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L/E:F/RL:O/RC:C", - "version": "3.1" - }, - "products": [ - "CSAFPID-0001", - "CSAFPID-0002", - "CSAFPID-0003", - "CSAFPID-0004", - "CSAFPID-0005" - ] - } ] } ] diff --git a/csaf_2.1/examples/csaf/cisco-sa-20180328-smi2.json b/csaf_2.1/examples/csaf/cisco-sa-20180328-smi2.json index 5003476ae..5aba8b23c 100644 --- a/csaf_2.1/examples/csaf/cisco-sa-20180328-smi2.json +++ b/csaf_2.1/examples/csaf/cisco-sa-20180328-smi2.json @@ -2488,291 +2488,23 @@ }, "vulnerabilities": [ { - "title": "Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability", + "cve": "CVE-2018-0171", "ids": [ { "system_name": "Cisco Bug ID", "text": "CSCvg76186" } ], - "notes": [ - { - "title": "Summary", - "category": "summary", - "text": "A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.\n\n\n\nThe vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts:\n\n\n Triggering a reload of the device\n Allowing the attacker to execute arbitrary code on the device\n Causing an indefinite loop on the affected device that triggers a watchdog crash" - }, - { - "title": "Cisco Bug IDs", - "category": "other", - "text": "CSCvg76186" - } - ], - "cve": "CVE-2018-0171", - "product_status": { - "known_affected": [ - "CVRFPID-103559", - "CVRFPID-103763", - "CVRFPID-104376", - "CVRFPID-105394", - "CVRFPID-105660", - "CVRFPID-105689", - "CVRFPID-105987", - "CVRFPID-106029", - "CVRFPID-106674", - "CVRFPID-107283", - "CVRFPID-107852", - "CVRFPID-108306", - "CVRFPID-109098", - "CVRFPID-109439", - "CVRFPID-109760", - "CVRFPID-109808", - "CVRFPID-111010", - "CVRFPID-111019", - "CVRFPID-111674", - "CVRFPID-112489", - "CVRFPID-113961", - "CVRFPID-114665", - "CVRFPID-115285", - "CVRFPID-115477", - "CVRFPID-115832", - "CVRFPID-115939", - "CVRFPID-116083", - "CVRFPID-183811", - "CVRFPID-184125", - "CVRFPID-184932", - "CVRFPID-187057", - "CVRFPID-187269", - "CVRFPID-188035", - "CVRFPID-188061", - "CVRFPID-189064", - "CVRFPID-189115", - "CVRFPID-189187", - "CVRFPID-189219", - "CVRFPID-189455", - "CVRFPID-190635", - "CVRFPID-190637", - "CVRFPID-191635", - "CVRFPID-191928", - "CVRFPID-191948", - "CVRFPID-192702", - "CVRFPID-192706", - "CVRFPID-192726", - "CVRFPID-192910", - "CVRFPID-192911", - "CVRFPID-193283", - "CVRFPID-194540", - "CVRFPID-194741", - "CVRFPID-194913", - "CVRFPID-194944", - "CVRFPID-195469", - "CVRFPID-195489", - "CVRFPID-195770", - "CVRFPID-195943", - "CVRFPID-197462", - "CVRFPID-197465", - "CVRFPID-197471", - "CVRFPID-197483", - "CVRFPID-198059", - "CVRFPID-198060", - "CVRFPID-198426", - "CVRFPID-198542", - "CVRFPID-200488", - "CVRFPID-200496", - "CVRFPID-201019", - "CVRFPID-201074", - "CVRFPID-201366", - "CVRFPID-204097", - "CVRFPID-204102", - "CVRFPID-204108", - "CVRFPID-204109", - "CVRFPID-204110", - "CVRFPID-204186", - "CVRFPID-204187", - "CVRFPID-204228", - "CVRFPID-204818", - "CVRFPID-204828", - "CVRFPID-204831", - "CVRFPID-204832", - "CVRFPID-205064", - "CVRFPID-205672", - "CVRFPID-209028", - "CVRFPID-209029", - "CVRFPID-209034", - "CVRFPID-209043", - "CVRFPID-209044", - "CVRFPID-209045", - "CVRFPID-209046", - "CVRFPID-209047", - "CVRFPID-209063", - "CVRFPID-209064", - "CVRFPID-209065", - "CVRFPID-209358", - "CVRFPID-209359", - "CVRFPID-209439", - "CVRFPID-209532", - "CVRFPID-209839", - "CVRFPID-209887", - "CVRFPID-210406", - "CVRFPID-210732", - "CVRFPID-210766", - "CVRFPID-211296", - "CVRFPID-211570", - "CVRFPID-211976", - "CVRFPID-212329", - "CVRFPID-212701", - "CVRFPID-213610", - "CVRFPID-213788", - "CVRFPID-214052", - "CVRFPID-214053", - "CVRFPID-214072", - "CVRFPID-214078", - "CVRFPID-214218", - "CVRFPID-214556", - "CVRFPID-214797", - "CVRFPID-214992", - "CVRFPID-216258", - "CVRFPID-216259", - "CVRFPID-216295", - "CVRFPID-217805", - "CVRFPID-217807", - "CVRFPID-218891", - "CVRFPID-218995", - "CVRFPID-220440", - "CVRFPID-220441", - "CVRFPID-220444", - "CVRFPID-220457", - "CVRFPID-220461", - "CVRFPID-220466", - "CVRFPID-220594", - "CVRFPID-220664", - "CVRFPID-220689", - "CVRFPID-221033", - "CVRFPID-221137", - "CVRFPID-222275", - "CVRFPID-222342", - "CVRFPID-222436", - "CVRFPID-222500", - "CVRFPID-222530", - "CVRFPID-222650", - "CVRFPID-222651", - "CVRFPID-222924", - "CVRFPID-223086", - "CVRFPID-223143", - "CVRFPID-224553", - "CVRFPID-224611", - "CVRFPID-224868", - "CVRFPID-225160", - "CVRFPID-225740", - "CVRFPID-225786", - "CVRFPID-226077", - "CVRFPID-227285", - "CVRFPID-227307", - "CVRFPID-227308", - "CVRFPID-227598", - "CVRFPID-227754", - "CVRFPID-227959", - "CVRFPID-228056", - "CVRFPID-228057", - "CVRFPID-228151", - "CVRFPID-230588", - "CVRFPID-230589", - "CVRFPID-230590", - "CVRFPID-230591", - "CVRFPID-230607", - "CVRFPID-230623", - "CVRFPID-230962", - "CVRFPID-230965", - "CVRFPID-230990", - "CVRFPID-231074", - "CVRFPID-231245", - "CVRFPID-231824", - "CVRFPID-232957", - "CVRFPID-233143", - "CVRFPID-233796", - "CVRFPID-234926", - "CVRFPID-196216", - "CVRFPID-196218", - "CVRFPID-196220", - "CVRFPID-196221", - "CVRFPID-196222", - "CVRFPID-196223", - "CVRFPID-196230", - "CVRFPID-196231", - "CVRFPID-196288", - "CVRFPID-196925", - "CVRFPID-197145", - "CVRFPID-206163", - "CVRFPID-206164", - "CVRFPID-206165", - "CVRFPID-206166", - "CVRFPID-206167", - "CVRFPID-206168", - "CVRFPID-206169", - "CVRFPID-206170", - "CVRFPID-206172", - "CVRFPID-206173", - "CVRFPID-206200", - "CVRFPID-206201", - "CVRFPID-206202", - "CVRFPID-206203", - "CVRFPID-206211", - "CVRFPID-210070", - "CVRFPID-210073", - "CVRFPID-210074", - "CVRFPID-210075", - "CVRFPID-210076", - "CVRFPID-210077", - "CVRFPID-210264", - "CVRFPID-212436", - "CVRFPID-212674", - "CVRFPID-213100", - "CVRFPID-213783", - "CVRFPID-213785", - "CVRFPID-213790", - "CVRFPID-213797", - "CVRFPID-213809", - "CVRFPID-213811", - "CVRFPID-213812", - "CVRFPID-213960", - "CVRFPID-214051", - "CVRFPID-214993", - "CVRFPID-217253", - "CVRFPID-217255", - "CVRFPID-217256", - "CVRFPID-217259", - "CVRFPID-217279", - "CVRFPID-217280", - "CVRFPID-217282", - "CVRFPID-217283", - "CVRFPID-218901", - "CVRFPID-220290", - "CVRFPID-220357", - "CVRFPID-220489", - "CVRFPID-220802", - "CVRFPID-221108", - "CVRFPID-221185", - "CVRFPID-222435", - "CVRFPID-222483", - "CVRFPID-222695", - "CVRFPID-222711", - "CVRFPID-224840", - "CVRFPID-225784", - "CVRFPID-226158", - "CVRFPID-226331", - "CVRFPID-227555", - "CVRFPID-227755", - "CVRFPID-229124", - "CVRFPID-230240", - "CVRFPID-230998", - "CVRFPID-231004", - "CVRFPID-231187", - "CVRFPID-231246", - "CVRFPID-233155", - "CVRFPID-236834" - ] - }, - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + }, "products": [ "CVRFPID-103559", "CVRFPID-103763", @@ -3033,13 +2765,288 @@ "CVRFPID-231246", "CVRFPID-233155", "CVRFPID-236834" - ], - "cvss_v3": { - "version": "3.0", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" - } + ] + } + ], + "notes": [ + { + "title": "Summary", + "category": "summary", + "text": "A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device.\n\n\n\nThe vulnerability is due to improper validation of packet data. An attacker could exploit this vulnerability by sending a crafted Smart Install message to an affected device on TCP port 4786. A successful exploit could allow the attacker to cause a buffer overflow on the affected device, which could have the following impacts:\n\n\n Triggering a reload of the device\n Allowing the attacker to execute arbitrary code on the device\n Causing an indefinite loop on the affected device that triggers a watchdog crash" + }, + { + "title": "Cisco Bug IDs", + "category": "other", + "text": "CSCvg76186" + } + ], + "product_status": { + "known_affected": [ + "CVRFPID-103559", + "CVRFPID-103763", + "CVRFPID-104376", + "CVRFPID-105394", + "CVRFPID-105660", + "CVRFPID-105689", + "CVRFPID-105987", + "CVRFPID-106029", + "CVRFPID-106674", + "CVRFPID-107283", + "CVRFPID-107852", + "CVRFPID-108306", + "CVRFPID-109098", + "CVRFPID-109439", + "CVRFPID-109760", + "CVRFPID-109808", + "CVRFPID-111010", + "CVRFPID-111019", + "CVRFPID-111674", + "CVRFPID-112489", + "CVRFPID-113961", + "CVRFPID-114665", + "CVRFPID-115285", + "CVRFPID-115477", + "CVRFPID-115832", + "CVRFPID-115939", + "CVRFPID-116083", + "CVRFPID-183811", + "CVRFPID-184125", + "CVRFPID-184932", + "CVRFPID-187057", + "CVRFPID-187269", + "CVRFPID-188035", + "CVRFPID-188061", + "CVRFPID-189064", + "CVRFPID-189115", + "CVRFPID-189187", + "CVRFPID-189219", + "CVRFPID-189455", + "CVRFPID-190635", + "CVRFPID-190637", + "CVRFPID-191635", + "CVRFPID-191928", + "CVRFPID-191948", + "CVRFPID-192702", + "CVRFPID-192706", + "CVRFPID-192726", + "CVRFPID-192910", + "CVRFPID-192911", + "CVRFPID-193283", + "CVRFPID-194540", + "CVRFPID-194741", + "CVRFPID-194913", + "CVRFPID-194944", + "CVRFPID-195469", + "CVRFPID-195489", + "CVRFPID-195770", + "CVRFPID-195943", + "CVRFPID-197462", + "CVRFPID-197465", + "CVRFPID-197471", + "CVRFPID-197483", + "CVRFPID-198059", + "CVRFPID-198060", + "CVRFPID-198426", + "CVRFPID-198542", + "CVRFPID-200488", + "CVRFPID-200496", + "CVRFPID-201019", + "CVRFPID-201074", + "CVRFPID-201366", + "CVRFPID-204097", + "CVRFPID-204102", + "CVRFPID-204108", + "CVRFPID-204109", + "CVRFPID-204110", + "CVRFPID-204186", + "CVRFPID-204187", + "CVRFPID-204228", + "CVRFPID-204818", + "CVRFPID-204828", + "CVRFPID-204831", + "CVRFPID-204832", + "CVRFPID-205064", + "CVRFPID-205672", + "CVRFPID-209028", + "CVRFPID-209029", + "CVRFPID-209034", + "CVRFPID-209043", + "CVRFPID-209044", + "CVRFPID-209045", + "CVRFPID-209046", + "CVRFPID-209047", + "CVRFPID-209063", + "CVRFPID-209064", + "CVRFPID-209065", + "CVRFPID-209358", + "CVRFPID-209359", + "CVRFPID-209439", + "CVRFPID-209532", + "CVRFPID-209839", + "CVRFPID-209887", + "CVRFPID-210406", + "CVRFPID-210732", + "CVRFPID-210766", + "CVRFPID-211296", + "CVRFPID-211570", + "CVRFPID-211976", + "CVRFPID-212329", + "CVRFPID-212701", + "CVRFPID-213610", + "CVRFPID-213788", + "CVRFPID-214052", + "CVRFPID-214053", + "CVRFPID-214072", + "CVRFPID-214078", + "CVRFPID-214218", + "CVRFPID-214556", + "CVRFPID-214797", + "CVRFPID-214992", + "CVRFPID-216258", + "CVRFPID-216259", + "CVRFPID-216295", + "CVRFPID-217805", + "CVRFPID-217807", + "CVRFPID-218891", + "CVRFPID-218995", + "CVRFPID-220440", + "CVRFPID-220441", + "CVRFPID-220444", + "CVRFPID-220457", + "CVRFPID-220461", + "CVRFPID-220466", + "CVRFPID-220594", + "CVRFPID-220664", + "CVRFPID-220689", + "CVRFPID-221033", + "CVRFPID-221137", + "CVRFPID-222275", + "CVRFPID-222342", + "CVRFPID-222436", + "CVRFPID-222500", + "CVRFPID-222530", + "CVRFPID-222650", + "CVRFPID-222651", + "CVRFPID-222924", + "CVRFPID-223086", + "CVRFPID-223143", + "CVRFPID-224553", + "CVRFPID-224611", + "CVRFPID-224868", + "CVRFPID-225160", + "CVRFPID-225740", + "CVRFPID-225786", + "CVRFPID-226077", + "CVRFPID-227285", + "CVRFPID-227307", + "CVRFPID-227308", + "CVRFPID-227598", + "CVRFPID-227754", + "CVRFPID-227959", + "CVRFPID-228056", + "CVRFPID-228057", + "CVRFPID-228151", + "CVRFPID-230588", + "CVRFPID-230589", + "CVRFPID-230590", + "CVRFPID-230591", + "CVRFPID-230607", + "CVRFPID-230623", + "CVRFPID-230962", + "CVRFPID-230965", + "CVRFPID-230990", + "CVRFPID-231074", + "CVRFPID-231245", + "CVRFPID-231824", + "CVRFPID-232957", + "CVRFPID-233143", + "CVRFPID-233796", + "CVRFPID-234926", + "CVRFPID-196216", + "CVRFPID-196218", + "CVRFPID-196220", + "CVRFPID-196221", + "CVRFPID-196222", + "CVRFPID-196223", + "CVRFPID-196230", + "CVRFPID-196231", + "CVRFPID-196288", + "CVRFPID-196925", + "CVRFPID-197145", + "CVRFPID-206163", + "CVRFPID-206164", + "CVRFPID-206165", + "CVRFPID-206166", + "CVRFPID-206167", + "CVRFPID-206168", + "CVRFPID-206169", + "CVRFPID-206170", + "CVRFPID-206172", + "CVRFPID-206173", + "CVRFPID-206200", + "CVRFPID-206201", + "CVRFPID-206202", + "CVRFPID-206203", + "CVRFPID-206211", + "CVRFPID-210070", + "CVRFPID-210073", + "CVRFPID-210074", + "CVRFPID-210075", + "CVRFPID-210076", + "CVRFPID-210077", + "CVRFPID-210264", + "CVRFPID-212436", + "CVRFPID-212674", + "CVRFPID-213100", + "CVRFPID-213783", + "CVRFPID-213785", + "CVRFPID-213790", + "CVRFPID-213797", + "CVRFPID-213809", + "CVRFPID-213811", + "CVRFPID-213812", + "CVRFPID-213960", + "CVRFPID-214051", + "CVRFPID-214993", + "CVRFPID-217253", + "CVRFPID-217255", + "CVRFPID-217256", + "CVRFPID-217259", + "CVRFPID-217279", + "CVRFPID-217280", + "CVRFPID-217282", + "CVRFPID-217283", + "CVRFPID-218901", + "CVRFPID-220290", + "CVRFPID-220357", + "CVRFPID-220489", + "CVRFPID-220802", + "CVRFPID-221108", + "CVRFPID-221185", + "CVRFPID-222435", + "CVRFPID-222483", + "CVRFPID-222695", + "CVRFPID-222711", + "CVRFPID-224840", + "CVRFPID-225784", + "CVRFPID-226158", + "CVRFPID-226331", + "CVRFPID-227555", + "CVRFPID-227755", + "CVRFPID-229124", + "CVRFPID-230240", + "CVRFPID-230998", + "CVRFPID-231004", + "CVRFPID-231187", + "CVRFPID-231246", + "CVRFPID-233155", + "CVRFPID-236834" + ] + }, + "references": [ + { + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2", + "summary": "Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability" } ], "remediations": [ @@ -3309,12 +3316,7 @@ ] } ], - "references": [ - { - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2", - "summary": "Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability" - } - ] + "title": "Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability" } ] } \ No newline at end of file diff --git a/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-04-001.json b/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-04-001.json index 0fd316ca9..ec96be89b 100644 --- a/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-04-001.json +++ b/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-04-001.json @@ -86,6 +86,31 @@ "vulnerabilities": [ { "cve": "CVE-2021-44228", + "metrics": [ + { + "content": { + "cvss_v3": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "products": [ + "CSAFPID-0002", + "CSAFPID-0003", + "CSAFPID-0004" + ] + } + ], "notes": [ { "category": "description", @@ -117,29 +142,6 @@ "CSAFPID-0004" ] } - ], - "scores": [ - { - "cvss_v3": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - }, - "products": [ - "CSAFPID-0002", - "CSAFPID-0003", - "CSAFPID-0004" - ] - } ] } ] diff --git a/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-06-001.json b/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-06-001.json index 03b11736d..91e61fec4 100644 --- a/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-06-001.json +++ b/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-06-001.json @@ -118,6 +118,58 @@ "vulnerabilities": [ { "cve": "CVE-2021-44228", + "metrics": [ + { + "content": { + "cvss_v3": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "products": [ + "CSAFPID-0002", + "CSAFPID-0003", + "CSAFPID-0004" + ] + }, + { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/MC:N/MI:N/MA:N", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "NONE", + "modifiedIntegrityImpact": "NONE", + "modifiedAvailabilityImpact": "NONE" + } + }, + "products": [ + "CSAFPID-0001", + "CSAFPID-0005", + "CSAFPID-0006", + "CSAFPID-0007" + ] + } + ], "notes": [ { "category": "description", @@ -156,54 +208,6 @@ ] } ], - "scores": [ - { - "cvss_v3": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - }, - "products": [ - "CSAFPID-0002", - "CSAFPID-0003", - "CSAFPID-0004" - ] - }, - { - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/MC:N/MI:N/MA:N", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "modifiedConfidentialityImpact": "NONE", - "modifiedIntegrityImpact": "NONE", - "modifiedAvailabilityImpact": "NONE" - }, - "products": [ - "CSAFPID-0001", - "CSAFPID-0005", - "CSAFPID-0006", - "CSAFPID-0007" - ] - } - ], "threats": [ { "category": "impact", diff --git a/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-07-001.json b/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-07-001.json index 4be69979e..c64e92318 100644 --- a/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-07-001.json +++ b/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-07-001.json @@ -148,6 +148,60 @@ "vulnerabilities": [ { "cve": "CVE-2021-44228", + "metrics": [ + { + "content": { + "cvss_v3": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "products": [ + "CSAFPID-0002", + "CSAFPID-0003", + "CSAFPID-0004", + "CSAFPID-0008" + ] + }, + { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/MC:N/MI:N/MA:N", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "NONE", + "modifiedIntegrityImpact": "NONE", + "modifiedAvailabilityImpact": "NONE" + } + }, + "products": [ + "CSAFPID-0001", + "CSAFPID-0005", + "CSAFPID-0006", + "CSAFPID-0007", + "CSAFPID-0009" + ] + } + ], "notes": [ { "category": "description", @@ -198,56 +252,6 @@ ] } ], - "scores": [ - { - "cvss_v3": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - }, - "products": [ - "CSAFPID-0002", - "CSAFPID-0003", - "CSAFPID-0004", - "CSAFPID-0008" - ] - }, - { - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/MC:N/MI:N/MA:N", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "modifiedConfidentialityImpact": "NONE", - "modifiedIntegrityImpact": "NONE", - "modifiedAvailabilityImpact": "NONE" - }, - "products": [ - "CSAFPID-0001", - "CSAFPID-0005", - "CSAFPID-0006", - "CSAFPID-0007", - "CSAFPID-0009" - ] - } - ], "threats": [ { "category": "impact", diff --git a/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-08-001.json b/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-08-001.json index dae22bc01..db79ae863 100644 --- a/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-08-001.json +++ b/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-08-001.json @@ -156,6 +156,60 @@ "vulnerabilities": [ { "cve": "CVE-2021-44228", + "metrics": [ + { + "content": { + "cvss_v3": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "products": [ + "CSAFPID-0002", + "CSAFPID-0003", + "CSAFPID-0004", + "CSAFPID-0008" + ] + }, + { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/MC:N/MI:N/MA:N", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "NONE", + "modifiedIntegrityImpact": "NONE", + "modifiedAvailabilityImpact": "NONE" + } + }, + "products": [ + "CSAFPID-0001", + "CSAFPID-0005", + "CSAFPID-0006", + "CSAFPID-0007", + "CSAFPID-0009" + ] + } + ], "notes": [ { "category": "description", @@ -210,56 +264,6 @@ ] } ], - "scores": [ - { - "cvss_v3": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" - }, - "products": [ - "CSAFPID-0002", - "CSAFPID-0003", - "CSAFPID-0004", - "CSAFPID-0008" - ] - }, - { - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/MC:N/MI:N/MA:N", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "modifiedConfidentialityImpact": "NONE", - "modifiedIntegrityImpact": "NONE", - "modifiedAvailabilityImpact": "NONE" - }, - "products": [ - "CSAFPID-0001", - "CSAFPID-0005", - "CSAFPID-0006", - "CSAFPID-0007", - "CSAFPID-0009" - ] - } - ], "threats": [ { "category": "impact", @@ -282,6 +286,61 @@ }, { "cve": "CVE-2021-45105", + "metrics": [ + { + "content": { + "cvss_v3": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "products": [ + "CSAFPID-0002", + "CSAFPID-0003", + "CSAFPID-0004", + "CSAFPID-0008", + "CSAFPID-0010" + ] + }, + { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/MC:N/MI:N/MA:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "NONE", + "modifiedIntegrityImpact": "NONE", + "modifiedAvailabilityImpact": "NONE" + } + }, + "products": [ + "CSAFPID-0001", + "CSAFPID-0005", + "CSAFPID-0006", + "CSAFPID-0007", + "CSAFPID-0009" + ] + } + ], "notes": [ { "category": "description", @@ -333,57 +392,6 @@ ] } ], - "scores": [ - { - "cvss_v3": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 5.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - }, - "products": [ - "CSAFPID-0002", - "CSAFPID-0003", - "CSAFPID-0004", - "CSAFPID-0008", - "CSAFPID-0010" - ] - }, - { - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/MC:N/MI:N/MA:N", - "baseScore": 5.9, - "baseSeverity": "MEDIUM", - "attackVector": "NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "modifiedConfidentialityImpact": "NONE", - "modifiedIntegrityImpact": "NONE", - "modifiedAvailabilityImpact": "NONE" - }, - "products": [ - "CSAFPID-0001", - "CSAFPID-0005", - "CSAFPID-0006", - "CSAFPID-0007", - "CSAFPID-0009" - ] - } - ], "threats": [ { "category": "impact", diff --git a/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-09-001.json b/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-09-001.json index fce5740f1..b4b47c11e 100644 --- a/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-09-001.json +++ b/csaf_2.1/examples/csaf/csaf_vex/2022-evd-uc-09-001.json @@ -72,6 +72,53 @@ "vulnerabilities": [ { "cve": "CVE-2021-44228", + "metrics": [ + { + "content": { + "cvss_v3": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "products": [ + "CSAFPID-0002" + ] + }, + { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/MC:N/MI:N/MA:N", + "baseScore": 10, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "NONE", + "modifiedIntegrityImpact": "NONE", + "modifiedAvailabilityImpact": "NONE" + } + }, + "products": [ + "CSAFPID-0001" + ] + } + ], "notes": [ { "category": "description", @@ -103,61 +150,65 @@ ] } ], - "scores": [ + "threats": [ + { + "category": "impact", + "details": "These products do not use Java at all.", + "product_ids": [ + "CSAFPID-0001" + ] + } + ] + }, + { + "cve": "CVE-2021-45105", + "metrics": [ { - "cvss_v3": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.1" + "content": { + "cvss_v3": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } }, "products": [ "CSAFPID-0002" ] }, { - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/MC:N/MI:N/MA:N", - "baseScore": 10, - "baseSeverity": "CRITICAL", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "modifiedConfidentialityImpact": "NONE", - "modifiedIntegrityImpact": "NONE", - "modifiedAvailabilityImpact": "NONE" + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/MC:N/MI:N/MA:N", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "modifiedConfidentialityImpact": "NONE", + "modifiedIntegrityImpact": "NONE", + "modifiedAvailabilityImpact": "NONE" + } }, "products": [ "CSAFPID-0001" ] } ], - "threats": [ - { - "category": "impact", - "details": "These products do not use Java at all.", - "product_ids": [ - "CSAFPID-0001" - ] - } - ] - }, - { - "cve": "CVE-2021-45105", "notes": [ { "category": "description", @@ -189,49 +240,6 @@ ] } ], - "scores": [ - { - "cvss_v3": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 5.9, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version": "3.1" - }, - "products": [ - "CSAFPID-0002" - ] - }, - { - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/MC:N/MI:N/MA:N", - "baseScore": 5.9, - "baseSeverity": "MEDIUM", - "attackVector": "NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "modifiedConfidentialityImpact": "NONE", - "modifiedIntegrityImpact": "NONE", - "modifiedAvailabilityImpact": "NONE" - }, - "products": [ - "CSAFPID-0001" - ] - } - ], "threats": [ { "category": "impact", From 695031c97e7e211cd2fab41849ff75948a4aaa79 Mon Sep 17 00:00:00 2001 From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> Date: Wed, 31 Jul 2024 18:47:42 +0200 Subject: [PATCH 8/8] Metrics - addresses parts of oasis-tcs/csaf#624 - adapt testfiles to reflect current schema --- ...oasis_csaf_tc-csaf_2_1-2024-6-3-01-01.json | 16 ++- ...oasis_csaf_tc-csaf_2_1-2024-6-3-01-02.json | 60 +++++---- ...oasis_csaf_tc-csaf_2_1-2024-6-3-01-03.json | 88 +++++++------ ...oasis_csaf_tc-csaf_2_1-2024-6-3-01-11.json | 28 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-3-01-12.json | 84 ++++++------ ...oasis_csaf_tc-csaf_2_1-2024-6-3-01-13.json | 124 ++++++++++-------- ...oasis_csaf_tc-csaf_2_1-2024-6-3-02-01.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-3-02-02.json | 54 ++++---- ...oasis_csaf_tc-csaf_2_1-2024-6-3-02-11.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-3-02-12.json | 54 ++++---- ...oasis_csaf_tc-csaf_2_1-2024-6-3-12-01.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-3-12-02.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-3-12-03.json | 16 ++- ...oasis_csaf_tc-csaf_2_1-2024-6-3-12-04.json | 96 +++++++------- ...oasis_csaf_tc-csaf_2_1-2024-6-3-12-11.json | 30 +++-- ...oasis_csaf_tc-csaf_2_1-2024-6-3-12-12.json | 30 +++-- ...oasis_csaf_tc-csaf_2_1-2024-6-3-12-13.json | 28 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-3-12-14.json | 120 +++++++++-------- ...oasis_csaf_tc-csaf_2_1-2024-6-3-12-15.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-07-01.json | 34 ++--- ...oasis_csaf_tc-csaf_2_1-2024-6-1-07-02.json | 34 ++--- ...oasis_csaf_tc-csaf_2_1-2024-6-1-07-03.json | 30 +++-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-07-04.json | 34 ++--- ...oasis_csaf_tc-csaf_2_1-2024-6-1-07-11.json | 36 ++--- ...oasis_csaf_tc-csaf_2_1-2024-6-1-07-12.json | 28 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-07-13.json | 36 ++--- ...oasis_csaf_tc-csaf_2_1-2024-6-1-07-14.json | 32 +++-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-07-15.json | 36 ++--- ...oasis_csaf_tc-csaf_2_1-2024-6-1-07-16.json | 40 +++--- ...oasis_csaf_tc-csaf_2_1-2024-6-1-07-17.json | 40 +++--- ...oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json | 16 ++- ...oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json | 16 ++- ...oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json | 14 +- ...oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json | 16 ++- ...oasis_csaf_tc-csaf_2_1-2024-6-1-08-11.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-08-12.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-08-13.json | 16 ++- ...oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-09-01.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-09-02.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-09-03.json | 16 ++- ...oasis_csaf_tc-csaf_2_1-2024-6-1-09-04.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-09-05.json | 22 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-09-11.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-09-12.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-09-13.json | 16 ++- ...oasis_csaf_tc-csaf_2_1-2024-6-1-09-14.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-09-15.json | 22 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-09-16.json | 18 +-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-10-01.json | 34 ++--- ...oasis_csaf_tc-csaf_2_1-2024-6-1-10-02.json | 34 ++--- ...oasis_csaf_tc-csaf_2_1-2024-6-1-10-03.json | 30 +++-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-10-04.json | 40 +++--- ...oasis_csaf_tc-csaf_2_1-2024-6-1-10-11.json | 34 ++--- ...oasis_csaf_tc-csaf_2_1-2024-6-1-10-12.json | 34 ++--- ...oasis_csaf_tc-csaf_2_1-2024-6-1-10-13.json | 30 +++-- ...oasis_csaf_tc-csaf_2_1-2024-6-1-10-14.json | 40 +++--- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-01.json | 26 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-02.json | 30 +++-- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-03.json | 26 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-04.json | 24 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-05.json | 26 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-06.json | 30 +++-- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-07.json | 26 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-08.json | 36 ++--- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-11.json | 26 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-12.json | 32 ++--- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-13.json | 26 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-14.json | 24 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-15.json | 26 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-16.json | 32 ++--- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-17.json | 26 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-18.json | 26 ++-- ...oasis_csaf_tc-csaf_2_1-2024-6-2-19-19.json | 38 +++--- 74 files changed, 1294 insertions(+), 1094 deletions(-) diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-01.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-01.json index d76a2d758..f3d4f4049 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-01.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-01.json @@ -39,16 +39,18 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10 - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-02.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-02.json index 1412a55e6..f9c34f44a 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-02.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-02.json @@ -39,50 +39,56 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "baseScore": 5.5 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", - "baseScore": 5.5 - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "baseScore": 4.3 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "baseScore": 4.3 - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-03.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-03.json index 3a76e9d94..cfbc799bd 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-03.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-03.json @@ -39,70 +39,78 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "baseScore": 5.5 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", - "baseScore": 5.5 - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "baseScore": 4.6 + }, + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N", - "baseScore": 4.6 - }, - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", - "baseScore": 5.7, - "baseSeverity": "MEDIUM" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "baseScore": 4.3 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "baseScore": 4.3 - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-11.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-11.json index cfc3d6e3c..619a90454 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-11.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-11.json @@ -39,22 +39,24 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-12.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-12.json index db919432f..1bcfa3476 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-12.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-12.json @@ -39,62 +39,68 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "baseScore": 5.5 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", - "baseScore": 5.5 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", - "baseScore": 6.4, - "baseSeverity": "MEDIUM" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "baseScore": 4.3 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "baseScore": 4.3 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "baseScore": 3.1, - "baseSeverity": "LOW" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-13.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-13.json index ac0e9ca07..224799f22 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-13.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-01-13.json @@ -39,88 +39,96 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "baseScore": 5.5 + }, + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", - "baseScore": 5.5 - }, - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N", + "baseScore": 4.6 + }, + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:L/AC:L/Au:S/C:C/I:N/A:N", - "baseScore": 4.6 - }, - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", - "baseScore": 5.7, - "baseSeverity": "MEDIUM" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "baseScore": 4.3 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", + "baseScore": 2.1, + "baseSeverity": "LOW" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "baseScore": 4.3 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "baseScore": 3.1, - "baseSeverity": "LOW" - }, - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", - "baseScore": 2.1, - "baseSeverity": "LOW" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-01.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-01.json index f875eaff6..f5bdfb2c8 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-01.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-01.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-02.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-02.json index 1da4dbdcb..60852ac37 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-02.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-02.json @@ -39,47 +39,53 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", - "baseScore": 7.1, - "baseSeverity": "HIGH" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-11.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-11.json index 002854b93..4fcffdf30 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-11.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-11.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-12.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-12.json index a24d9bcf7..87e1d20b3 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-12.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-02-12.json @@ -39,47 +39,53 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", - "baseScore": 7.1, - "baseSeverity": "HIGH" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-01.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-01.json index ad1b75800..5294f304c 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-01.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-01.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-02.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-02.json index bc0caef26..d7660219f 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-02.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-02.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-03.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-03.json index b5c51d1e4..d50b22809 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-03.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-03.json @@ -39,16 +39,18 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10 - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-04.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-04.json index 50f86cda3..33957ee15 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-04.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-04.json @@ -39,68 +39,74 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "baseScore": 5.5 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", - "baseScore": 5.5 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", - "baseScore": 6.4, - "baseSeverity": "MEDIUM" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + }, + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - }, - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "baseScore": 4.3 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "baseScore": 4.3 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "baseScore": 3.1, - "baseSeverity": "LOW" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-11.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-11.json index 08398efe1..447c1d81c 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-11.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-11.json @@ -39,23 +39,25 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + }, + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - }, - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-12.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-12.json index 11eeac197..47aa8f98d 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-12.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-12.json @@ -39,23 +39,25 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + }, + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - }, - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-13.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-13.json index 1b0ef98fd..b28fe802e 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-13.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-13.json @@ -39,22 +39,24 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + }, + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10 - }, - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-14.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-14.json index e741d216e..06185f2ba 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-14.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-14.json @@ -39,80 +39,86 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "baseScore": 5.5 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:N", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", - "baseScore": 5.5 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", - "baseScore": 6.4, - "baseSeverity": "MEDIUM" - }, - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:L/SA:N", - "baseScore": 6.3, - "baseSeverity": "MEDIUM" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + }, + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - }, - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "baseScore": 4.3 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", + "baseScore": 2.1, + "baseSeverity": "LOW" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", - "baseScore": 4.3 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "baseScore": 3.1, - "baseSeverity": "LOW" - }, - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N", - "baseScore": 2.1, - "baseSeverity": "LOW" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-15.json b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-15.json index 5e32c3b26..13fa972ba 100644 --- a/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-15.json +++ b/csaf_2.1/test/validator/data/informative/oasis_csaf_tc-csaf_2_1-2024-6-3-12-15.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-01.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-01.json index 486043cca..6640f487f 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-01.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-01.json @@ -39,28 +39,32 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] }, { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-02.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-02.json index 4ab700d45..cba0b89b0 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-02.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-02.json @@ -39,28 +39,32 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] }, { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-03.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-03.json index 99b87ffe7..2a5eabad9 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-03.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-03.json @@ -39,26 +39,30 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "baseScore": 5.5 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", - "baseScore": 5.5 - } + ] }, { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10 - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-04.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-04.json index 95c0f6761..713a943dd 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-04.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-04.json @@ -39,28 +39,32 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] }, { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:N/SA:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:N/SA:N", - "baseScore": 4.9, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-11.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-11.json index 851152ef0..fe718eacd 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-11.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-11.json @@ -39,32 +39,36 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-12.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-12.json index 7e121098d..8edb397ac 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-12.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-12.json @@ -39,22 +39,24 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "baseScore": 5.5 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", - "baseScore": 5.5 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", - "baseScore": 6.4, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-13.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-13.json index 6af01b4b1..0b1cd12d0 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-13.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-13.json @@ -39,32 +39,36 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-14.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-14.json index 0032184a5..f502f364d 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-14.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-14.json @@ -39,30 +39,34 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "baseScore": 5.5 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", - "baseScore": 5.5 - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10 - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-15.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-15.json index 2597eb28a..6bec96580 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-15.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-15.json @@ -39,32 +39,36 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] }, { - "scores": [ + "metrics": [ { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", - "baseScore": 5.4, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-16.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-16.json index 38fc78e07..5bf16d050 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-16.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-16.json @@ -39,28 +39,30 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "baseScore": 5.5 + }, + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:N/SA:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", - "baseScore": 5.5 - }, - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", - "baseScore": 6.4, - "baseSeverity": "MEDIUM" - }, - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:N/SA:N", - "baseScore": 4.9, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-17.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-17.json index 774a234be..f66727eac 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-17.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-07-17.json @@ -39,28 +39,30 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "baseScore": 5.5 + }, + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", - "baseScore": 5.5 - }, - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", - "baseScore": 6.4, - "baseSeverity": "MEDIUM" - }, - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json index 98c20100c..a5b7a8bbe 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-01.json @@ -39,16 +39,18 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5 - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json index 50c3792e2..414ef1cde 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-02.json @@ -39,16 +39,18 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5 - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json index 4e8543eb3..9bc8f2702 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-03.json @@ -39,15 +39,17 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", + "baseScore": 6.5 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", - "baseScore": 6.5 - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json index c701a6165..72277c83f 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-04.json @@ -39,16 +39,18 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", + "baseScore": 5.4 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", - "baseScore": 5.4 - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-11.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-11.json index bef6c3bbb..7ed47fe11 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-11.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-11.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-12.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-12.json index 821b45b5b..e4c34111b 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-12.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-12.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-13.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-13.json index 7e27c2754..b1319ac11 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-13.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-13.json @@ -39,16 +39,18 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", + "baseScore": 6.5 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:L/AC:L/Au:M/C:C/I:C/A:C", - "baseScore": 6.5 - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json index 9dbc4c112..fc6047eab 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-08-14.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", - "baseScore": 5.4, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-01.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-01.json index 6f4f0822d..4d4e71fb1 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-01.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-01.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "LOW" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "LOW" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-02.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-02.json index 0c310adbf..31b88e1e1 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-02.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-02.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "HIGH" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "HIGH" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-03.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-03.json index 04e821bc7..c6930be0d 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-03.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-03.json @@ -39,16 +39,18 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 6.5 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 6.5 - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-04.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-04.json index 49e716a97..a6f8e10a9 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-04.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-04.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "baseScore": 9.3, - "baseSeverity": "CRITICAL" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-05.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-05.json index a1ada39aa..fb166153c 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-05.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-05.json @@ -39,19 +39,21 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "threatScore": 9.9, + "threatSeverity": "HIGH" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P", - "baseScore": 10.0, - "baseSeverity": "CRITICAL", - "threatScore": 9.9, - "threatSeverity": "HIGH" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-11.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-11.json index dc4afc3b8..5caa08d9e 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-11.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-11.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-12.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-12.json index 06beafbf9..012d31364 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-12.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-12.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 10, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "baseScore": 10, - "baseSeverity": "CRITICAL" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-13.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-13.json index 24bed8d12..f70572620 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-13.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-13.json @@ -39,16 +39,18 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "baseScore": 10.0 + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", - "baseScore": 10.0 - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-14.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-14.json index 337b2904d..29f570185 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-14.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-14.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "baseScore": 10.0, - "baseSeverity": "CRITICAL" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-15.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-15.json index 649990981..c816cb32f 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-15.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-15.json @@ -39,19 +39,21 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "threatScore": 9.3, + "threatSeverity": "CRITICAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P", - "baseScore": 10.0, - "baseSeverity": "CRITICAL", - "threatScore": 9.3, - "threatSeverity": "CRITICAL" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-16.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-16.json index 4c8ecb576..e974703c0 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-16.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-09-16.json @@ -39,17 +39,19 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-01.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-01.json index fb4e38019..fb95dfd9d 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-01.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-01.json @@ -39,25 +39,27 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "LOW" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-02.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-02.json index ef2810fe4..a423fe4b4 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-02.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-02.json @@ -39,25 +39,27 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "attackVector": "NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "HIGH", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-03.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-03.json index 890ad0ed4..d2bcabce8 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-03.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-03.json @@ -39,23 +39,25 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "HIGH", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "COMPLETE", + "exploitability": "FUNCTIONAL" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC", - "baseScore": 9.0, - "accessVector": "NETWORK", - "accessComplexity": "HIGH", - "authentication": "MULTIPLE", - "confidentialityImpact": "PARTIAL", - "integrityImpact": "NONE", - "availabilityImpact": "COMPLETE", - "exploitability": "FUNCTIONAL" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-04.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-04.json index 0c6f80ae4..f37ca3b13 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-04.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-04.json @@ -39,28 +39,30 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "NONE", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "LOW", + "subIntegrityImpact": "HIGH", + "subAvailabilityImpact": "NONE" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "baseScore": 10.0, - "baseSeverity": "CRITICAL", - "attackVector": "LOCAL", - "attackComplexity": "HIGH", - "attackRequirements": "PRESENT", - "privilegesRequired": "NONE", - "userInteraction": "PASSIVE", - "vulnConfidentialityImpact": "LOW", - "vulnIntegrityImpact": "NONE", - "vulnAvailabilityImpact": "HIGH", - "subConfidentialityImpact": "LOW", - "subIntegrityImpact": "HIGH", - "subAvailabilityImpact": "NONE" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-11.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-11.json index 278ea84bc..a29df2ab6 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-11.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-11.json @@ -39,25 +39,27 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-12.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-12.json index f80981eef..265cb0f89 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-12.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-12.json @@ -39,25 +39,27 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v3": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v3": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-13.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-13.json index c09f5d067..81640a9b8 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-13.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-13.json @@ -39,23 +39,25 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC", + "baseScore": 9.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "exploitability": "PROOF_OF_CONCEPT" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v2": { - "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC", - "baseScore": 9.0, - "accessVector": "NETWORK", - "accessComplexity": "LOW", - "authentication": "NONE", - "confidentialityImpact": "COMPLETE", - "integrityImpact": "COMPLETE", - "availabilityImpact": "COMPLETE", - "exploitability": "PROOF_OF_CONCEPT" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-14.json b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-14.json index 633c4929f..7f7c86947 100644 --- a/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-14.json +++ b/csaf_2.1/test/validator/data/mandatory/oasis_csaf_tc-csaf_2_1-2024-6-1-10-14.json @@ -39,28 +39,30 @@ }, "vulnerabilities": [ { - "scores": [ + "metrics": [ { + "content": { + "cvss_v4": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "baseScore": 10.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "HIGH", + "vulnIntegrityImpact": "HIGH", + "vulnAvailabilityImpact": "HIGH", + "subConfidentialityImpact": "HIGH", + "subIntegrityImpact": "HIGH", + "subAvailabilityImpact": "HIGH" + } + }, "products": [ "CSAFPID-9080700" - ], - "cvss_v4": { - "version": "4.0", - "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "baseScore": 10.0, - "baseSeverity": "CRITICAL", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "attackRequirements": "NONE", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "vulnConfidentialityImpact": "HIGH", - "vulnIntegrityImpact": "HIGH", - "vulnAvailabilityImpact": "HIGH", - "subConfidentialityImpact": "HIGH", - "subIntegrityImpact": "HIGH", - "subAvailabilityImpact": "HIGH" - } + ] } ] } diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-01.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-01.json index 346f69d28..732d5cf09 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-01.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-01.json @@ -39,24 +39,26 @@ }, "vulnerabilities": [ { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" + "content": { + "cvss_v3": { + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-02.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-02.json index 137b27b30..7be301a7e 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-02.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-02.json @@ -39,26 +39,28 @@ }, "vulnerabilities": [ { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "modifiedConfidentialityImpact": "NONE", - "modifiedIntegrityImpact": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" + "content": { + "cvss_v3": { + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "modifiedConfidentialityImpact": "NONE", + "modifiedIntegrityImpact": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-03.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-03.json index fea262632..d532b208d 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-03.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-03.json @@ -39,24 +39,26 @@ }, "vulnerabilities": [ { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v2": { - "baseScore": 6.8, - "targetDistribution": "LOW", - "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:C", - "version": "2.0" + "content": { + "cvss_v2": { + "baseScore": 6.8, + "targetDistribution": "LOW", + "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:C", + "version": "2.0" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-04.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-04.json index 34646bebb..c8c2ba4f0 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-04.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-04.json @@ -39,23 +39,25 @@ }, "vulnerabilities": [ { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v2": { - "baseScore": 6.8, - "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:C", - "version": "2.0" + "content": { + "cvss_v2": { + "baseScore": 6.8, + "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:C", + "version": "2.0" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-05.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-05.json index c07853cf5..4a53402d9 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-05.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-05.json @@ -39,24 +39,26 @@ }, "vulnerabilities": [ { - "product_status": { - "first_fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + "content": { + "cvss_v3": { + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "first_fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-06.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-06.json index b7569e8c0..6dfaf7ae4 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-06.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-06.json @@ -39,26 +39,28 @@ }, "vulnerabilities": [ { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "modifiedConfidentialityImpact": "NONE", - "modifiedIntegrityImpact": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + "content": { + "cvss_v3": { + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "modifiedConfidentialityImpact": "NONE", + "modifiedIntegrityImpact": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-07.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-07.json index 553bc3048..ae0327165 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-07.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-07.json @@ -39,24 +39,26 @@ }, "vulnerabilities": [ { - "product_status": { - "first_fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v4": { - "baseScore": 7.3, - "baseSeverity": "HIGH", - "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "version": "4.0" + "content": { + "cvss_v4": { + "baseScore": 7.3, + "baseSeverity": "HIGH", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "version": "4.0" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "first_fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-08.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-08.json index 5c70d26a0..ded6c05a8 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-08.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-08.json @@ -39,29 +39,31 @@ }, "vulnerabilities": [ { - "product_status": { - "first_fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v4": { - "baseScore": 7.3, - "baseSeverity": "HIGH", - "modifiedVulnConfidentialityImpact": "NONE", - "modifiedVulnIntegrityImpact": "NONE", - "modifiedVulnAvailabilityImpact": "NONE", - "modifiedSubConfidentialityImpact": "NEGLIGIBLE", - "modifiedSubIntegrityImpact": "NEGLIGIBLE", - "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "version": "4.0" + "content": { + "cvss_v4": { + "baseScore": 7.3, + "baseSeverity": "HIGH", + "modifiedVulnConfidentialityImpact": "NONE", + "modifiedVulnIntegrityImpact": "NONE", + "modifiedVulnAvailabilityImpact": "NONE", + "modifiedSubConfidentialityImpact": "NEGLIGIBLE", + "modifiedSubIntegrityImpact": "NEGLIGIBLE", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "version": "4.0" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "first_fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-11.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-11.json index bf7ccd93b..d1e9e6305 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-11.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-11.json @@ -39,24 +39,26 @@ }, "vulnerabilities": [ { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/MC:N/MI:N/MA:N", - "version": "3.1" + "content": { + "cvss_v3": { + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/MC:N/MI:N/MA:N", + "version": "3.1" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-12.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-12.json index 865d2fba2..69dac07d7 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-12.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-12.json @@ -39,27 +39,29 @@ }, "vulnerabilities": [ { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "modifiedAvailabilityImpact": "NONE", - "modifiedConfidentialityImpact": "NONE", - "modifiedIntegrityImpact": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" + "content": { + "cvss_v3": { + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "NONE", + "modifiedIntegrityImpact": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-13.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-13.json index 6bbe7bfb9..5349976aa 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-13.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-13.json @@ -39,24 +39,26 @@ }, "vulnerabilities": [ { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v2": { - "baseScore": 6.8, - "targetDistribution": "NONE", - "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:C", - "version": "2.0" + "content": { + "cvss_v2": { + "baseScore": 6.8, + "targetDistribution": "NONE", + "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:C", + "version": "2.0" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-14.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-14.json index 3335c1b4e..e2895b948 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-14.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-14.json @@ -39,23 +39,25 @@ }, "vulnerabilities": [ { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v2": { - "baseScore": 6.8, - "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:C/TD:N", - "version": "2.0" + "content": { + "cvss_v2": { + "baseScore": 6.8, + "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:C/TD:N", + "version": "2.0" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-15.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-15.json index 957317406..6aac67b63 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-15.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-15.json @@ -39,24 +39,26 @@ }, "vulnerabilities": [ { - "product_status": { - "first_fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/MC:N/MI:N/MA:N", - "version": "3.0" + "content": { + "cvss_v3": { + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/MC:N/MI:N/MA:N", + "version": "3.0" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "first_fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-16.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-16.json index 9d72d02ee..3ff10af69 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-16.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-16.json @@ -39,27 +39,29 @@ }, "vulnerabilities": [ { - "product_status": { - "fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "modifiedAvailabilityImpact": "NONE", - "modifiedConfidentialityImpact": "NONE", - "modifiedIntegrityImpact": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + "content": { + "cvss_v3": { + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "modifiedAvailabilityImpact": "NONE", + "modifiedConfidentialityImpact": "NONE", + "modifiedIntegrityImpact": "NONE", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-17.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-17.json index 8950cedea..a1c1aa8f5 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-17.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-17.json @@ -39,24 +39,26 @@ }, "vulnerabilities": [ { - "product_status": { - "known_affected": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v3": { - "baseScore": 6.5, - "baseSeverity": "MEDIUM", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", - "version": "3.1" + "content": { + "cvss_v3": { + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "known_affected": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-18.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-18.json index 32f4655ac..d1319e903 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-18.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-18.json @@ -39,24 +39,26 @@ }, "vulnerabilities": [ { - "product_status": { - "first_fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v4": { - "baseScore": 7.3, - "baseSeverity": "HIGH", - "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:N/MVI:N/MVA:N/MSC:N/MSI:N/MSA:N", - "version": "4.0" + "content": { + "cvss_v4": { + "baseScore": 7.3, + "baseSeverity": "HIGH", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:N/MVI:N/MVA:N/MSC:N/MSI:N/MSA:N", + "version": "4.0" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "first_fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file diff --git a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-19.json b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-19.json index c3d5b5672..197504af5 100644 --- a/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-19.json +++ b/csaf_2.1/test/validator/data/optional/oasis_csaf_tc-csaf_2_1-2024-6-2-19-19.json @@ -39,30 +39,32 @@ }, "vulnerabilities": [ { - "product_status": { - "first_fixed": [ - "CSAFPID-9080700" - ] - }, - "scores": [ + "metrics": [ { - "cvss_v4": { - "baseScore": 7.3, - "baseSeverity": "HIGH", - "modifiedVulnConfidentialityImpact": "NONE", - "modifiedVulnIntegrityImpact": "NONE", - "modifiedVulnAvailabilityImpact": "NONE", - "modifiedSubConfidentialityImpact": "NEGLIGIBLE", - "modifiedSubIntegrityImpact": "NEGLIGIBLE", - "modifiedSubAvailabilityImpact": "NEGLIGIBLE", - "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", - "version": "4.0" + "content": { + "cvss_v4": { + "baseScore": 7.3, + "baseSeverity": "HIGH", + "modifiedVulnConfidentialityImpact": "NONE", + "modifiedVulnIntegrityImpact": "NONE", + "modifiedVulnAvailabilityImpact": "NONE", + "modifiedSubConfidentialityImpact": "NEGLIGIBLE", + "modifiedSubIntegrityImpact": "NEGLIGIBLE", + "modifiedSubAvailabilityImpact": "NEGLIGIBLE", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "version": "4.0" + } }, "products": [ "CSAFPID-9080700" ] } - ] + ], + "product_status": { + "first_fixed": [ + "CSAFPID-9080700" + ] + } } ] } \ No newline at end of file