NAME

CVSS::v4 - Parse and calculate CVSS v4.0 scores

SYNOPSIS

use CVSS::v4;
my $cvss = CVSS::v4->from_vector_string('CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N');

say $cvss->AV; # L
say $cvss->attackVector; # LOCAL

DESCRIPTION

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of four metric groups: Base, Threat, Environmental, and Supplemental. The Base group represents the intrinsic qualities of a vulnerability that are constant over time and across user environments, the Threat group reflects the characteristics of a vulnerability that change over time, and the Environmental group represents the characteristics of a vulnerability that are unique to a user's environment. Base metric values are combined with default values that assume the highest severity for Threat and Environmental metrics to produce a score ranging from 0 to 10. To further refine a resulting severity score, Threat and Environmental metrics can then be amended based on applicable threat intelligence and environmental considerations. Supplemental metrics do not modify the final score, and are used as additional insight into the characteristics of a vulnerability. A CVSS vector string consists of a compressed textual representation of the values used to derive the score.

https://www.first.org/cvss/v4.0/specification-document

METHODS

CVSS::v4 inherits all methods from CVSS::Base and implements the following new ones.

$cvss->macro_vector: Calculate the macro vector.
$cvss->exploitability: Return the Exploitability severity.
$cvss->complexity: Return the Complexity severity.
$cvss->vulnerable_system: Return the Vulnerable System severity.
$cvss->subsequent_system: Return the Subsequent System severity.
$cvss->exploitation: Return the Exploitation severity.
$cvss->security_requirements: Return the Security Requirements severity.

BASE METRICS

$cvss->AV | $cvss->attackVector
$cvss->AC | $cvss->attackComplexity
$cvss->AT | $cvss->attackRequirements
$cvss->PR | $cvss->privilegesRequired
$cvss->UI | $cvss->userInteraction
$cvss->VC | $cvss->vulnConfidentialityImpact
$cvss->VI | $cvss->vulnIntegrityImpact
$cvss->VA | $cvss->vulnAvailabilityImpact
$cvss->SC | $cvss->subConfidentialityImpact
$cvss->SI | $cvss->subIntegrityImpact
$cvss->SA | $cvss->subAvailabilityImpact

THREAT METRICS

$cvss->E | $cvss->exploitMaturity

ENVIRONMENTAL METRICS

$cvss->CR | $cvss->confidentialityRequirement
$cvss->IR | $cvss->integrityRequirement
$cvss->AR | $cvss->availabilityRequirement
$cvss->MAV | $cvss->modifiedAttackVector
$cvss->MAC | $cvss->modifiedAttackComplexity
$cvss->MAT | $cvss->modifiedAttackRequirements
$cvss->MPR | $cvss->modifiedPrivilegesRequired
$cvss->MUI | $cvss->modifiedUserInteraction
$cvss->MVC | $cvss->modifiedVulnConfidentialityImpact
$cvss->MVI | $cvss->modifiedVulnIntegrityImpact
$cvss->MVA | $cvss->modifiedVulnAvailabilityImpact
$cvss->MSC | $cvss->modifiedSubConfidentialityImpact
$cvss->MSI | $cvss->modifiedSubIntegrityImpact
$cvss->MSA | $cvss->modifiedSubAvailabilityImpact

SUPPLEMENTAL METRICS

$cvss->S | $cvss->Safety
$cvss->AU | $cvss->Automatable
$cvss->R | $cvss->Recovery
$cvss->V | $cvss->valueDensity
$cvss->RE | $cvss->vulnerabilityResponseEffort
$cvss->U | $cvss->providerUrgency

SUPPORT

Bugs / Feature Requests

Please report any bugs or feature requests through the issue tracker at https://github.com/giterlizzi/perl-CVSS/issues. You will be notified automatically of any progress on your issue.

Source Code

This is open source software. The code repository is available for public review and contribution under the terms of the license.

https://github.com/giterlizzi/perl-CVSS

git clone https://github.com/giterlizzi/perl-CVSS.git

AUTHOR

Giuseppe Di Terlizzi <gdt@cpan.org>

LICENSE AND COPYRIGHT

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install CVSS, copy and paste the appropriate command in to your terminal.

cpanm

cpanm CVSS

CPAN shell

perl -MCPAN -e shell
install CVSS

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)