Skip to content

A TypeScript implementation of CVSS 2.0, 3.0, 3.1 and 4.0, alongside a web application for calculating scores for multiple CVSS vectors simultaneously.

License

Notifications You must be signed in to change notification settings

org-metaeffekt/metaeffekt-universal-cvss-calculator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

66 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

{metæffekt} CVSS Calculator

Weekly NPM downloads License Apache-2

The {metæffekt} CVSS Calculator is a npm library wrapped in a publicly available web application that allows calculating CVSS scores for multiple CVSS vectors of different versions simultaneously.

TypeScript Library UI
Supports CVSS versions 2.0, 3.0, 3.1 and 4.0. Available on NPM as ae-cvss-calculator and installable via:
npm install ae-cvss-calculator

The calculator is available on our webpage for you to try out and link from your applications. The source code can be found in the site directory.


calculator-preview.png

TypeScript Library

Available on NPM as ae-cvss-calculator and installable via:

npm install ae-cvss-calculator

See README.md in the ae-cvss-calculator directory for instructions on how to build and use the library.

See our CVSS 4.0 implementation documentation to learn more about the specifics of our implementation and CVSS 4.0 in general.

UI

URL Parameters

The calculator supports the following URL parameters. Make sure to properly URL encode the values.

vector

The vector parameter is a JSON array of JSON arrays. Each sub-array is of the following format:

[
  "vector name",
  true,
  "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
  "CVSS:3.1",
  "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L"
]

Where the first element is the name of the vector, the second element is a boolean indicating whether the vector is visible, the third element is the CVSS vector string and the fourth element is the CVSS version string. The CVSS version is one of CVSS:2.0, CVSS:3.1 or CVSS:4.0.

The optional fifth element (null by default) represents the initial vector that will be used to generate the diff-vector when using the 'copy diff vector' button.

Example with a larger amount of vectors:

vector=[["CVSS:4.0",true,"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H","CVSS:4.0","CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:L"],["3.1+2020-5934+(nist.gov)",true,"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:H/E:F/RL:U/RC:R","CVSS:3.1"],["2.0+2020-5934+(nist.gov)",true,"AV:L/AC:H/Au:S/C:C/I:P/A:N/E:U/RL:U/RC:C/CDP:LM/TD:M/CR:H/IR:H/AR:H","CVSS:2.0"]]

open

The open parameter is a string indicating which accordion elements are expanded. They are normalized to a lowercase representation, where spaces are replaced by dashes - and individual elements are separated by commas. See the names of the individual categories for the possible values.

Example:

open=temporal,environmental-security-requirement

selected

The selected parameter is a string indicating which vector is selected for editing. If set, it must be the name of one of the vectors in the vector parameter.

Example:

selected=3.1+2020-5934+(nist.gov)

cve

The cve parameter is a string indicating a comma separated list of CVE IDs. If set, the calculator will automatically fetch the CVSS vectors from the NVD API and add them to the list of vectors.

Example:

cve=CVE-2020-5934,CVE-2020-5935

NVD Integration

Using the NVD input field at the top of the editor, you can enter a CVE ID and the calculator will automatically fetch the CVSS vector(s) from the NVD API and add it to the list of vectors.

When selecting a vector sourced from the NVD, the according description will be displayed below the Severity Radar chart. This description is either fetched as part of the initial NVD API call or, if the vector was added via the URL parameter, fetched when selecting the vector.