@@ -352,32 +352,55 @@ def update_db(conn, elt):
if desc['lang'] == 'en':
cveDesc = desc['value']
date = elt['cve']['lastModified']
+
+ # Extract maximum CVSS scores from all sources (Primary and Secondary)
+ cvssv2 = 0.0
try:
- accessVector = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['accessVector']
- vectorString = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['vectorString']
- cvssv2 = elt['cve']['metrics']['cvssMetricV2'][0]['cvssData']['baseScore']
+ # Iterate through all cvssMetricV2 entries and find the maximum score
+ for metric in elt['cve']['metrics']['cvssMetricV2']:
+ score = metric['cvssData']['baseScore']
+ if score > cvssv2:
+ cvssv2 = score
+ accessVector = metric['cvssData']['accessVector']
+ vectorString = metric['cvssData']['vectorString']
except KeyError:
- cvssv2 = 0.0
- cvssv3 = None
+ pass
+
+ cvssv3 = 0.0
try:
- accessVector = accessVector or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector']
- vectorString = vectorString or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['vectorString']
- cvssv3 = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore']
+ # Iterate through all cvssMetricV30 entries and find the maximum score
+ for metric in elt['cve']['metrics']['cvssMetricV30']:
+ score = metric['cvssData']['baseScore']
+ if score > cvssv3:
+ cvssv3 = score
+ accessVector = accessVector or metric['cvssData']['attackVector']
+ vectorString = vectorString or metric['cvssData']['vectorString']
except KeyError:
pass
+
try:
- accessVector = accessVector or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector']
- vectorString = vectorString or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['vectorString']
- cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore']
+ # Iterate through all cvssMetricV31 entries and find the maximum score
+ for metric in elt['cve']['metrics']['cvssMetricV31']:
+ score = metric['cvssData']['baseScore']
+ if score > cvssv3:
+ cvssv3 = score
+ accessVector = accessVector or metric['cvssData']['attackVector']
+ vectorString = vectorString or metric['cvssData']['vectorString']
except KeyError:
pass
- cvssv3 = cvssv3 or 0.0
+
+ cvssv4 = 0.0
try:
- accessVector = accessVector or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['attackVector']
- vectorString = vectorString or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['vectorString']
- cvssv4 = elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['baseScore']
+ # Iterate through all cvssMetricV40 entries and find the maximum score
+ for metric in elt['cve']['metrics']['cvssMetricV40']:
+ score = metric['cvssData']['baseScore']
+ if score > cvssv4:
+ cvssv4 = score
+ accessVector = accessVector or metric['cvssData']['attackVector']
+ vectorString = vectorString or metric['cvssData']['vectorString']
except KeyError:
- cvssv4 = 0.0
+ pass
+
accessVector = accessVector or "UNKNOWN"
vectorString = vectorString or "UNKNOWN"