학술논문
Automated Calculation of CVSS v3.1 Temporal Score Based on Apache Log4j 2021 Vulnerabilities
Document Type
Conference
Source
2023 International Conference on Software, Telecommunications and Computer Networks (SoftCOM) Software, Telecommunications and Computer Networks (SoftCOM), 2023 International Conference on. :1-3 Sep, 2023
Subject
Language
ISSN
1847-358X
Abstract
Common Vulnerability Scoring System (CVSS) is a well-established standard for an evaluation of vulnerability criticality of Information and Communication Technology (ICT) infrastructure. An analysis was performed aimed at selected vulnerabilities, considering their base score, temporal score, reporting and exploit availability through time. Data obtained using publicly available sources, including National Vulnerability Database (NVD), ExploitDB and AttackerKB, reports and social media posts, were analyzed using a dedicated python application. Obtained results contribute to the basic research seeking to establish automated temporal score calculation that allows to assess the likelihood of exploitation for a given vulnerability.