The new CVSS score set by an override rule is not displayed in the report.
I’m parsing this over the API and without the new score there is no other alternative but to do static mappings for the severity levels High, Medium, Low.
Not a big deal and the override note is good, just wondering if it was accidentally left out or if there’s a reason it’s not included?
Thanks for a great product and all support on this forum.
Port Summary for Host x.x.x.x
-----------------------------------
Service (Port) Threat Level
443/tcp High (CVSS: 7.5)
general/tcp Low (CVSS: 2.6)
135/tcp Low (CVSS: 2.3)
Security Issues for Host x.x.x.x
------------------------------------
Issue
-----
NVT: SSL/TLS: Report Vulnerable Cipher Suites for HTTPS
OID: 1.3.6.1.4.1.25623.1.0.108031
Threat: High (CVSS: 7.5)
Port: 443/tcp
Issue
-----
NVT: Diffie-Hellman Ephemeral Key Exchange DoS Vulnerability (SSL/TLS, D(HE)ater)
OID: 1.3.6.1.4.1.25623.1.0.117840
Threat: Medium (Overridden from High) <-- !
Port: 443/tcp
------------------------------------