CVSS vector string with Environmental metric group is not supported

minamo7sen commented 1 year ago

Hello,

The official CVSS v3.0 specification includes Environmental metric group, while the library does not support that.

Example code:

String vectorWithEnvMetric = "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:R/CR:L/IR:M/AR:M/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:N/MI:N/MA:N";
Cvss cvss = Cvss.fromVector(vectorWithEnvMetric);
Score score = cvss.calculateScore();
System.out.println(score.getEnvironmentalScore()); // 0.0 (should be 5.8)

Reference: https://www.first.org/cvss/v3.0/specification-document#Environmental-Metrics

Expected result using the official CVSS calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:R/CR:L/IR:M/AR:M/MAV:N/MAC:L/MPR:N/MUI:N/MS:U/MC:L/MI:L/MA:L

stevespringett commented 1 year ago

temporal and environmental metrics are not currently supported. Pull requests are welcome.

sschuberth commented 2 months ago

Didn't https://github.com/stevespringett/cvss-calculator/pull/89 actually implement environmental metrics?

sschuberth commented 1 week ago

Didn't #89 actually implement environmental metrics?

@stevespringett or @nscuro can you tell?

minamo7sen commented 1 week ago

Hello,

I just checked version 1.4.3, CVSS v3.1 with temporal & environmental metrics works fine.

I'll close this issue, thanks for your nice work.

stevespringett / cvss-calculator

CVSS vector string with Environmental metric group is not supported #66