OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

csaf message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [csaf] CVSS v2/v3 use in CVRF 1.2


On 4/5/17 3:00 PM, Vincent Danen wrote:
>> How can a vuln:CVSSScoreSets element have more than one CVSSScoreSet?
>> This means a vulnerability can have two or more CVSS scores?  Can 
>> anyone
>> provide a use case/example?

> My understanding is you can have both CVSSv2 and CVSSv3, which qualifies 
> for multiple scores.

One v2 and one v3 score seems reasonable, what I'm wondering about is a
vulnerability having two or more v2 scores (or v3 scores).  Multiple
same-version CVSS scores.

 - Art


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]