Taggart :donor: on Nostr: Update on the Rapid7 thing. I was told that any null value for CVSSv2 is defaulted to ...
Update on the Rapid7 thing. I was told that any null value for CVSSv2 is defaulted to 4.4, meaning that the NVD backlog is resulting in dubious severity ratings. This is extra goofy because for the CVE in question, v3 was assigned, but apparently is ignored?
Published at
2024-09-20 15:56:57Event JSON
{
"id": "c63d6d806abf038a1cfbd7975a9bb99216de607fc3c3190a4fb439d444676fee",
"pubkey": "4afb3830f7c5db05d5934438779f63c3ed1401aa03a2eb0cc3cda743633aea61",
"created_at": 1726847817,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.town/notes/9yegx0vcwf33enfq",
"activitypub"
]
],
"content": "Update on the Rapid7 thing. I was told that any null value for CVSSv2 is defaulted to 4.4, meaning that the NVD backlog is resulting in dubious severity ratings. This is extra goofy because for the CVE in question, v3 was assigned, but apparently is ignored?",
"sig": "ecbf794f5a3f86a52e0dda52baf44071d4f5673fd2b529c50f0fab6eafedf753c7ab2c57e10d2283071acad489b4015c4c29ceea2c81bc95674ad5ac7f114471"
}
