Security - Incident - CVSS 3.1
This is what the template looks like as a data form.
{
"id": "security-cvss-3-1",
"name": "cvss",
"metadata": {
"created": "2023-12-31T01:01:01.000+0000",
"updated": "2023-12-31T01:01:01.000+0000",
"creator": {
"id": "evolu.software"
},
"updater": {
"id": "evolu.software"
},
"template" : {
"id" : "${cid}-${uuid}",
"name" : "${cid} Security Incident ${yyyy-mm-dd}"
},
"version": 1
},
"section": [
{
"id": "details",
"description": "",
"field": [
{
"id": "score",
"name": "CVSS:3.1",
"description": ""
},
{
"name": "Attack Vector",
"description": "",
"id": "attack-vector",
"required": false
},
{
"name": "Attack Complexity",
"description": "",
"id": "attack-complexity",
"required": false
},
{
"name": "Privileges Required",
"description": "",
"id": "privileges-required",
"required": false
},
{
"name": "User Interaction",
"description": "",
"id": "user-interaction",
"required": false
},
{
"name": "Scope",
"description": "",
"id": "scope",
"required": false
},
{
"name": "Confidentiality",
"description": "",
"id": "confidentiality",
"required": false
},
{
"name": "Integrity",
"description": "",
"id": "integrity",
"required": false
},
{
"name": "Availability",
"description": "",
"id": "availability",
"required": false
}
]
}
],
"data": {
"score": {
"type": "calculated",
"value": "",
"config": {
"calc": "#variableISS(1 1 confidentiality - 1 integrity - * 1 availability - * -)\n#if (scope) == (1) {\n #variableImpact(6.42 $variableISS *)\n} else {\n #variableImpact(7.52 $variableISS 0.029 - * 3.25 $variableISS 0.02 - 15 ^ * -)\n}\n#if ($variableImpact) <= (0) {\n #return(0)\n}\n#if (scope privileges-required *) == (0) {\n #variableToUsePrivilegesRequired(0.85)\n}\n#if (scope privileges-required *) == (1) {\n #variableToUsePrivilegesRequired(0.62)\n}\n#if (scope privileges-required *) == (3) {\n #variableToUsePrivilegesRequired(0.27)\n}\n#if (scope privileges-required *) == (2) {\n #variableToUsePrivilegesRequired(0.68)\n}\n#if (scope privileges-required *) == (6) {\n #variableToUsePrivilegesRequired(0.5)\n}\n#variableExploitability(8.22 attack-vector attack-complexity $variableToUsePrivilegesRequired user-interaction * * * *)\n#if (scope) == (1) {\n #return($variableImpact $variableExploitability + 10 $min 1 $roundUp)\n} else {\n #return(1.08 $variableImpact $variableExploitability + * 10 $min 1 $roundUp)\n}"
}
},
"attack-vector": {
"value": "",
"type": "select-single-number",
"allowedValues": [
{
"name": "Network",
"value": 0.85
},
{
"name": "Adjacent",
"value": 0.62
},
{
"name": "Local",
"value": 0.55
},
{
"name": "Physical",
"value": 0.2
}
]
},
"attack-complexity": {
"value": "",
"type": "select-single-number",
"allowedValues": [
{
"name": "Low",
"value": 0.77
},
{
"name": "High",
"value": 0.44
}
]
},
"privileges-required": {
"value": "",
"type": "select-single-number",
"allowedValues": [
{
"name": "None",
"value": 0
},
{
"name": "Low",
"value": 1
},
{
"name": "High",
"value": 3
}
]
},
"user-interaction": {
"value": "",
"type": "select-single-number",
"allowedValues": [
{
"name": "None",
"value": 0.85
},
{
"name": "Required",
"value": 0.62
}
]
},
"scope": {
"value": "",
"type": "select-single-number",
"allowedValues": [
{
"name": "Unchanged",
"value": 1
},
{
"name": "Changed",
"value": 2
}
]
},
"confidentiality": {
"value": "",
"type": "select-single-number",
"allowedValues": [
{
"name": "High",
"value": 0.56
},
{
"name": "Low",
"value": 0.22
},
{
"name": "None",
"value": 0
}
]
},
"integrity": {
"value": "",
"type": "select-single-number",
"allowedValues": [
{
"name": "High",
"value": 0.56
},
{
"name": "Low",
"value": 0.22
},
{
"name": "None",
"value": 0
}
]
},
"availability": {
"value": "",
"type": "select-single-number",
"allowedValues": [
{
"name": "High",
"value": 0.56
},
{
"name": "Low",
"value": 0.22
},
{
"name": "None",
"value": 0
}
]
}
}
}