Merge pull request #7651 from gy741/add-epss-score

Updated EPSS Score to CVE Templates

network/cves/2001/CVE-2001-1473.yaml

@@ -13,6 +13,7 @@ info:
     cvss-score: 7.4
     cve-id: CVE-2001-1473
     cwe-id: CWE-310
+    epss-score: 0.002580000
   remediation: Upgrade to SSH 2.4 or later.
   tags: cve,cve2001,network,ssh,openssh
   metadata:

network/cves/2011/CVE-2011-2523.yaml

@@ -13,6 +13,7 @@ info:
     Update to the latest version of VSFTPD, which does not contain the backdoor.
   classification:
     cve-id: CVE-2011-2523
+    epss-score: 0.981440000
   metadata:
     max-request: 2
     verified: true

network/cves/2015/CVE-2015-3306.yaml

@@ -16,6 +16,7 @@ info:
     cvss-score: 10
     cve-id: CVE-2015-3306
     cwe-id: CWE-284
+    epss-score: 0.969110000
   tags: cve,cve2015,ftp,rce,network,proftpd,edb
   metadata:
     max-request: 2

network/cves/2016/CVE-2016-2004.yaml

@@ -15,6 +15,7 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2016-2004
     cwe-id: CWE-306
+    epss-score: 0.067930000
   tags: cve,cve2016,network,iot,hp,rce,edb
   metadata:
     max-request: 2

network/cves/2016/CVE-2016-3510.yaml

@@ -8,6 +8,12 @@ info:
     Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.
   reference:
     - https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/weblogic.py
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2016-3510
+    cwe-id: CWE-119
+    epss-score: 0.0162000000
   metadata:
     max-request: 2
     verified: true

network/cves/2017/CVE-2017-5645.yaml

@@ -10,7 +10,11 @@ info:
     - https://github.com/vulhub/vulhub/tree/master/log4j/CVE-2017-5645
     - https://nvd.nist.gov/vuln/detail/CVE-2017-5645
   classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
     cve-id: CVE-2017-5645
+    cwe-id: CWE-502
+    epss-score: 0.768230000
   metadata:
     max-request: 2
   tags: vulhub,network,apache,log4j,rce,deserialization,oast

network/cves/2018/CVE-2018-2628.yaml

@@ -16,6 +16,7 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2018-2628
     cwe-id: CWE-502
+    epss-score: 0.975310000
   tags: cve,cve2018,oracle,weblogic,network,deserialization,kev
   metadata:
     max-request: 1

network/cves/2018/CVE-2018-2893.yaml

@@ -15,6 +15,7 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2018-2893
+    epss-score: 0.973460000
   metadata:
     max-request: 2
   tags: cve,cve2018,weblogic,network,deserialization,rce,oracle

network/cves/2020/CVE-2020-11981.yaml

@@ -14,6 +14,7 @@ info:
     cvss-score: 9.8
     cve-id: CVE-2020-11981
     cwe-id: CWE-78
+    epss-score: 0.936930000
   metadata:
     max-request: 2
     shodan-query: product:"redis"

network/cves/2022/CVE-2022-24706.yaml

@@ -10,6 +10,12 @@ info:
     - https://www.exploit-db.com/exploits/50914
     - https://github.com/sadshade/CVE-2022-24706-CouchDB-Exploit/blob/main/CVE-2022-24706-Exploit.py
     - https://nvd.nist.gov/vuln/detail/CVE-2022-24706
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2022-24706
+    cwe-id: CWE-1188
+    epss-score: 0.974070000
   metadata:
     max-request: 2
     shodan-query: product:"CouchDB"