As of NCM V7.9, NCM uses the old NIST XML feed, which provides CVSS 2.0 Base Impact Scores. CIsco's Security Bulletin default has been CVSS 3.0 for awhile now. The XML Feed was scheduled to retire in April, 2019, but has been extended to October 9, 2019:
The Temporal metrics measure the current state of exploit techniques or code availability, the existence of any patches or workarounds, or the confidence that one has in the description of a vulnerability.
4. Environmental Metrics
These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a user's organization, measured in terms of complementary/alternative security controls in place, Confidentiality, Integrity, and Availability. The metrics are the modified equivalent of base metrics and are assigned metrics value based on the component placement in organization infrastructure.
We currently have to do this with painful spreadsheets. Temporal metrics do not appear in the current JSON feed, and have to be researched.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.
Learn more today by joining now.