cvss-suite 3.1.0 → 3.2.0

data/lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb

@@ -0,0 +1,278 @@
+module CvssSuite
+  module Cvss40Constants
+    # These constants were almost directly ported from the CVSS 4.0 calculator code found at https://github.com/FIRSTdotorg/cvss-v4-calculator/blob/ac71416d935ad2ac87cd107ff87024561ea954a7/cvss_lookup.js#L1
+
+    LOOKUP = {
+      '000000' => 10,
+      '000001' => 9.9,
+      '000010' => 9.8,
+      '000011' => 9.5,
+      '000020' => 9.5,
+      '000021' => 9.2,
+      '000100' => 10,
+      '000101' => 9.6,
+      '000110' => 9.3,
+      '000111' => 8.7,
+      '000120' => 9.1,
+      '000121' => 8.1,
+      '000200' => 9.3,
+      '000201' => 9,
+      '000210' => 8.9,
+      '000211' => 8,
+      '000220' => 8.1,
+      '000221' => 6.8,
+      '001000' => 9.8,
+      '001001' => 9.5,
+      '001010' => 9.5,
+      '001011' => 9.2,
+      '001020' => 9,
+      '001021' => 8.4,
+      '001100' => 9.3,
+      '001101' => 9.2,
+      '001110' => 8.9,
+      '001111' => 8.1,
+      '001120' => 8.1,
+      '001121' => 6.5,
+      '001200' => 8.8,
+      '001201' => 8,
+      '001210' => 7.8,
+      '001211' => 7,
+      '001220' => 6.9,
+      '001221' => 4.8,
+      '002001' => 9.2,
+      '002011' => 8.2,
+      '002021' => 7.2,
+      '002101' => 7.9,
+      '002111' => 6.9,
+      '002121' => 5,
+      '002201' => 6.9,
+      '002211' => 5.5,
+      '002221' => 2.7,
+      '010000' => 9.9,
+      '010001' => 9.7,
+      '010010' => 9.5,
+      '010011' => 9.2,
+      '010020' => 9.2,
+      '010021' => 8.5,
+      '010100' => 9.5,
+      '010101' => 9.1,
+      '010110' => 9,
+      '010111' => 8.3,
+      '010120' => 8.4,
+      '010121' => 7.1,
+      '010200' => 9.2,
+      '010201' => 8.1,
+      '010210' => 8.2,
+      '010211' => 7.1,
+      '010220' => 7.2,
+      '010221' => 5.3,
+      '011000' => 9.5,
+      '011001' => 9.3,
+      '011010' => 9.2,
+      '011011' => 8.5,
+      '011020' => 8.5,
+      '011021' => 7.3,
+      '011100' => 9.2,
+      '011101' => 8.2,
+      '011110' => 8,
+      '011111' => 7.2,
+      '011120' => 7,
+      '011121' => 5.9,
+      '011200' => 8.4,
+      '011201' => 7,
+      '011210' => 7.1,
+      '011211' => 5.2,
+      '011220' => 5,
+      '011221' => 3,
+      '012001' => 8.6,
+      '012011' => 7.5,
+      '012021' => 5.2,
+      '012101' => 7.1,
+      '012111' => 5.2,
+      '012121' => 2.9,
+      '012201' => 6.3,
+      '012211' => 2.9,
+      '012221' => 1.7,
+      '100000' => 9.8,
+      '100001' => 9.5,
+      '100010' => 9.4,
+      '100011' => 8.7,
+      '100020' => 9.1,
+      '100021' => 8.1,
+      '100100' => 9.4,
+      '100101' => 8.9,
+      '100110' => 8.6,
+      '100111' => 7.4,
+      '100120' => 7.7,
+      '100121' => 6.4,
+      '100200' => 8.7,
+      '100201' => 7.5,
+      '100210' => 7.4,
+      '100211' => 6.3,
+      '100220' => 6.3,
+      '100221' => 4.9,
+      '101000' => 9.4,
+      '101001' => 8.9,
+      '101010' => 8.8,
+      '101011' => 7.7,
+      '101020' => 7.6,
+      '101021' => 6.7,
+      '101100' => 8.6,
+      '101101' => 7.6,
+      '101110' => 7.4,
+      '101111' => 5.8,
+      '101120' => 5.9,
+      '101121' => 5,
+      '101200' => 7.2,
+      '101201' => 5.7,
+      '101210' => 5.7,
+      '101211' => 5.2,
+      '101220' => 5.2,
+      '101221' => 2.5,
+      '102001' => 8.3,
+      '102011' => 7,
+      '102021' => 5.4,
+      '102101' => 6.5,
+      '102111' => 5.8,
+      '102121' => 2.6,
+      '102201' => 5.3,
+      '102211' => 2.1,
+      '102221' => 1.3,
+      '110000' => 9.5,
+      '110001' => 9,
+      '110010' => 8.8,
+      '110011' => 7.6,
+      '110020' => 7.6,
+      '110021' => 7,
+      '110100' => 9,
+      '110101' => 7.7,
+      '110110' => 7.5,
+      '110111' => 6.2,
+      '110120' => 6.1,
+      '110121' => 5.3,
+      '110200' => 7.7,
+      '110201' => 6.6,
+      '110210' => 6.8,
+      '110211' => 5.9,
+      '110220' => 5.2,
+      '110221' => 3,
+      '111000' => 8.9,
+      '111001' => 7.8,
+      '111010' => 7.6,
+      '111011' => 6.7,
+      '111020' => 6.2,
+      '111021' => 5.8,
+      '111100' => 7.4,
+      '111101' => 5.9,
+      '111110' => 5.7,
+      '111111' => 5.7,
+      '111120' => 4.7,
+      '111121' => 2.3,
+      '111200' => 6.1,
+      '111201' => 5.2,
+      '111210' => 5.7,
+      '111211' => 2.9,
+      '111220' => 2.4,
+      '111221' => 1.6,
+      '112001' => 7.1,
+      '112011' => 5.9,
+      '112021' => 3,
+      '112101' => 5.8,
+      '112111' => 2.6,
+      '112121' => 1.5,
+      '112201' => 2.3,
+      '112211' => 1.3,
+      '112221' => 0.6,
+      '200000' => 9.3,
+      '200001' => 8.7,
+      '200010' => 8.6,
+      '200011' => 7.2,
+      '200020' => 7.5,
+      '200021' => 5.8,
+      '200100' => 8.6,
+      '200101' => 7.4,
+      '200110' => 7.4,
+      '200111' => 6.1,
+      '200120' => 5.6,
+      '200121' => 3.4,
+      '200200' => 7,
+      '200201' => 5.4,
+      '200210' => 5.2,
+      '200211' => 4,
+      '200220' => 4,
+      '200221' => 2.2,
+      '201000' => 8.5,
+      '201001' => 7.5,
+      '201010' => 7.4,
+      '201011' => 5.5,
+      '201020' => 6.2,
+      '201021' => 5.1,
+      '201100' => 7.2,
+      '201101' => 5.7,
+      '201110' => 5.5,
+      '201111' => 4.1,
+      '201120' => 4.6,
+      '201121' => 1.9,
+      '201200' => 5.3,
+      '201201' => 3.6,
+      '201210' => 3.4,
+      '201211' => 1.9,
+      '201220' => 1.9,
+      '201221' => 0.8,
+      '202001' => 6.4,
+      '202011' => 5.1,
+      '202021' => 2,
+      '202101' => 4.7,
+      '202111' => 2.1,
+      '202121' => 1.1,
+      '202201' => 2.4,
+      '202211' => 0.9,
+      '202221' => 0.4,
+      '210000' => 8.8,
+      '210001' => 7.5,
+      '210010' => 7.3,
+      '210011' => 5.3,
+      '210020' => 6,
+      '210021' => 5,
+      '210100' => 7.3,
+      '210101' => 5.5,
+      '210110' => 5.9,
+      '210111' => 4,
+      '210120' => 4.1,
+      '210121' => 2,
+      '210200' => 5.4,
+      '210201' => 4.3,
+      '210210' => 4.5,
+      '210211' => 2.2,
+      '210220' => 2,
+      '210221' => 1.1,
+      '211000' => 7.5,
+      '211001' => 5.5,
+      '211010' => 5.8,
+      '211011' => 4.5,
+      '211020' => 4,
+      '211021' => 2.1,
+      '211100' => 6.1,
+      '211101' => 5.1,
+      '211110' => 4.8,
+      '211111' => 1.8,
+      '211120' => 2,
+      '211121' => 0.9,
+      '211200' => 4.6,
+      '211201' => 1.8,
+      '211210' => 1.7,
+      '211211' => 0.7,
+      '211220' => 0.8,
+      '211221' => 0.2,
+      '212001' => 5.3,
+      '212011' => 2.4,
+      '212021' => 1.4,
+      '212101' => 2.4,
+      '212111' => 1.2,
+      '212121' => 0.5,
+      '212201' => 1,
+      '212211' => 0.3,
+      '212221' => 0.1
+    }.freeze
+  end
+end

data/lib/cvss_suite/cvss40/cvss40_constants_max_composed.rb

@@ -0,0 +1,41 @@
+module CvssSuite
+  module Cvss40Constants
+    # These constants were almost directly ported from the CVSS 4.0 calculator code found at https://github.com/FIRSTdotorg/cvss-v4-calculator/blob/ac71416d935ad2ac87cd107ff87024561ea954a7/max_composed.js#L4
+
+    MAX_COMPOSED = {
+      # // EQ1
+      'eq1' => {
+        '0' => ['AV:N/PR:N/UI:N/'],
+        '1' => ['AV:A/PR:N/UI:N/', 'AV:N/PR:L/UI:N/', 'AV:N/PR:N/UI:P/'],
+        '2' => ['AV:P/PR:N/UI:N/', 'AV:A/PR:L/UI:P/']
+      },
+      # // EQ2
+      'eq2' => {
+        '0' => ['AC:L/AT:N/'],
+        '1' => ['AC:H/AT:N/', 'AC:L/AT:P/']
+      },
+      # // EQ3+EQ6
+      'eq3' => {
+        '0' => { '0' => ['VC:H/VI:H/VA:H/CR:H/IR:H/AR:H/'],
+                 '1' => ['VC:H/VI:H/VA:L/CR:M/IR:M/AR:H/', 'VC:H/VI:H/VA:H/CR:M/IR:M/AR:M/'] },
+        '1' => { '0' => ['VC:L/VI:H/VA:H/CR:H/IR:H/AR:H/', 'VC:H/VI:L/VA:H/CR:H/IR:H/AR:H/'],
+                 '1' => ['VC:L/VI:H/VA:L/CR:H/IR:M/AR:H/', 'VC:L/VI:H/VA:H/CR:H/IR:M/AR:M/',
+                         'VC:H/VI:L/VA:H/CR:M/IR:H/AR:M/', 'VC:H/VI:L/VA:L/CR:M/IR:H/AR:H/',
+                         'VC:L/VI:L/VA:H/CR:H/IR:H/AR:M/'] },
+        '2' => { '1' => ['VC:L/VI:L/VA:L/CR:H/IR:H/AR:H/'] }
+      },
+      # // EQ4
+      'eq4' => {
+        '0' => ['SC:H/SI:S/SA:S/'],
+        '1' => ['SC:H/SI:H/SA:H/'],
+        '2' => ['SC:L/SI:L/SA:L/']
+      },
+      # // EQ5
+      'eq5' => {
+        '0' => ['E:A/'],
+        '1' => ['E:P/'],
+        '2' => ['E:U/']
+      }
+    }.freeze
+  end
+end

data/lib/cvss_suite/cvss40/cvss40_constants_max_severity.rb

@@ -0,0 +1,31 @@
+module CvssSuite
+  module Cvss40Constants
+    # These constants were almost directly ported from the CVSS 4.0 calculator code found at https://github.com/FIRSTdotorg/cvss-v4-calculator/blob/ac71416d935ad2ac87cd107ff87024561ea954a7/max_severity.js#L1
+    MAX_SEVERITY = {
+      'eq1' => {
+        0 => 1,
+        1 => 4,
+        2 => 5
+      },
+      'eq2' => {
+        0 => 1,
+        1 => 2
+      },
+      'eq3eq6' => {
+        0 => { 0 => 7, 1 => 6 },
+        1 => { 0 => 8, 1 => 8 },
+        2 => { 1 => 10 }
+      },
+      'eq4' => {
+        0 => 6,
+        1 => 5,
+        2 => 4
+      },
+      'eq5' => {
+        0 => 1,
+        1 => 1,
+        2 => 1
+      }
+    }.freeze
+  end
+end

data/lib/cvss_suite/cvss40/cvss40_environmental.rb

@@ -0,0 +1,105 @@
+# CVSS-Suite, a Ruby gem to manage the CVSS vector
+#
+# This work is licensed under the terms of the MIT license.
+# See the LICENSE.md file in the top-level directory.
+
+require_relative '../cvss_property'
+require_relative '../cvss_metric'
+
+module CvssSuite
+  ##
+  # This class represents a CVSS Threat metric in version 4.0.
+  class Cvss40Environmental < CvssMetric
+    ##
+    # Property of this metric
+    attr_reader :modified_attack_vector, :modified_attack_complexity, :modified_attack_requirements,
+                :modified_privileges_required, :modified_user_interaction, :modified_vulnerable_system_confidentiality,
+                :modified_vulnerable_system_integrity, :modified_vulnerable_system_availability,
+                :modified_subsequent_system_confidentiality, :modified_subsequent_system_integrity,
+                :modified_subsequent_system_availability
+
+    ##
+    # Returns score of this metric
+    def score
+      Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
+    end
+
+    private
+
+    def init_properties
+      @properties.push(@modified_attack_vector =
+                         CvssProperty.new(name: 'Modified Attack Vector', abbreviation: 'MAV',
+                                          values: [{ name: 'Network', abbreviation: 'N' },
+                                                   { name: 'Adjacent', abbreviation: 'A' },
+                                                   { name: 'Local', abbreviation: 'L' },
+                                                   { name: 'Physical', abbreviation: 'P' },
+                                                   { name: 'Not Defined', abbreviation: 'X' }]))
+      @properties.push(@modified_attack_complexity =
+                         CvssProperty.new(name: 'Modified Attack Complexity', abbreviation: 'MAC',
+                                          values: [{ name: 'Low', abbreviation: 'L' },
+                                                   { name: 'High', abbreviation: 'H' },
+                                                   { name: 'Not Defined', abbreviation: 'X' }]))
+      @properties.push(@modified_attack_requirements =
+                         CvssProperty.new(name: 'Modified Attack Requirements', abbreviation: 'MAT',
+                                          values: [{ name: 'None', abbreviation: 'N' },
+                                                   { name: 'Present', abbreviation: 'P' },
+                                                   { name: 'Not Defined', abbreviation: 'X' }]))
+      @properties.push(@modified_privileges_required =
+                         CvssProperty.new(name: 'Modified Privileges Required', abbreviation: 'MPR',
+                                          values: [{ name: 'None', abbreviation: 'N' },
+                                                   { name: 'Low', abbreviation: 'L' },
+                                                   { name: 'High', abbreviation: 'H' },
+                                                   { name: 'Not Defined', abbreviation: 'X' }]))
+      @properties.push(@modified_user_interaction =
+                         CvssProperty.new(name: 'Modified User Interaction', abbreviation: 'MUI',
+                                          values: [{ name: 'None', abbreviation: 'N' },
+                                                   { name: 'Passive', abbreviation: 'P' },
+                                                   { name: 'Active', abbreviation: 'A' },
+                                                   { name: 'Not Defined', abbreviation: 'X' }]))
+      @properties.push(@vulnerable_system_confidentiality =
+                         CvssProperty.new(name: 'Modified Vulnerable System Confidentiality Impact',
+                                          abbreviation: 'MVC',
+                                          values: [{ name: 'None', abbreviation: 'N' },
+                                                   { name: 'Low', abbreviation: 'L' },
+                                                   { name: 'High', abbreviation: 'H' },
+                                                   { name: 'Not Defined', abbreviation: 'X' }]))
+      @properties.push(@modified_vulnerable_system_integrity =
+                         CvssProperty.new(name: 'Modified Vulnerable System Integrity Impact',
+                                          abbreviation: 'MVI',
+                                          values: [{ name: 'None', abbreviation: 'N' },
+                                                   { name: 'Low', abbreviation: 'L' },
+                                                   { name: 'High', abbreviation: 'H' },
+                                                   { name: 'Not Defined', abbreviation: 'X' }]))
+      @properties.push(@modified_vulnerable_system_availability =
+                         CvssProperty.new(name: 'Modified Vulnerable System Availability Impact',
+                                          abbreviation: 'MVA',
+                                          values: [{ name: 'None', abbreviation: 'N' },
+                                                   { name: 'Low', abbreviation: 'L' },
+                                                   { name: 'High', abbreviation: 'H' },
+                                                   { name: 'Not Defined', abbreviation: 'X' }]))
+      @properties.push(@modified_subsequent_system_confidentiality =
+                         CvssProperty.new(name: 'Modified Subsequent System Confidentiality Impact',
+                                          abbreviation: 'MSC',
+                                          values: [{ name: 'None', abbreviation: 'N' },
+                                                   { name: 'Low', abbreviation: 'L' },
+                                                   { name: 'High', abbreviation: 'H' },
+                                                   { name: 'Not Defined', abbreviation: 'X' }]))
+      @properties.push(@modified_subsequent_system_integrity =
+                         CvssProperty.new(name: 'Modified Subsequent System Integrity Impact',
+                                          abbreviation: 'MSI',
+                                          values: [{ name: 'None', abbreviation: 'N' },
+                                                   { name: 'Safety', abbreviation: 'S' },
+                                                   { name: 'Low', abbreviation: 'L' },
+                                                   { name: 'High', abbreviation: 'H' },
+                                                   { name: 'Not Defined', abbreviation: 'X' }]))
+      @properties.push(@modified_subsequent_system_availability =
+                         CvssProperty.new(name: 'Modified Subsequent System Availability Impact',
+                                          abbreviation: 'MSA',
+                                          values: [{ name: 'None', abbreviation: 'N' },
+                                                   { name: 'Safety', abbreviation: 'S' },
+                                                   { name: 'Low', abbreviation: 'L' },
+                                                   { name: 'High', abbreviation: 'H' },
+                                                   { name: 'Not Defined', abbreviation: 'X' }]))
+    end
+  end
+end

data/lib/cvss_suite/cvss40/cvss40_environmental_security.rb

@@ -0,0 +1,47 @@
+# CVSS-Suite, a Ruby gem to manage the CVSS vector
+#
+# This work is licensed under the terms of the MIT license.
+# See the LICENSE.md file in the top-level directory.
+
+require_relative '../cvss_property'
+require_relative '../cvss_metric'
+
+module CvssSuite
+  ##
+  # This class represents a CVSS Environmental Security metric in version 4.0.
+  class Cvss40EnvironmentalSecurity < CvssMetric
+    ##
+    # Property of this metric
+    attr_reader :confidentiality_requirements, :integrity_requirements, :availability_requirements
+
+    ##
+    # Returns score of this metric
+    def score
+      Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
+    end
+
+    private
+
+    def init_properties
+      @properties.push(@confidentiality_requirements =
+                         CvssProperty.new(name: 'Confidentiality Requirements', abbreviation: 'CR',
+                                          values: [{ name: 'Not Defined', abbreviation: 'X' },
+                                                   { name: 'Low', abbreviation: 'L' },
+                                                   { name: 'Medium', abbreviation: 'M' },
+                                                   { name: 'High', abbreviation: 'H' }]))
+      @properties.push(@integrity_requirements =
+                         CvssProperty.new(name: 'Integrity Requirements', abbreviation: 'IR',
+                                          values: [{ name: 'Not Defined', abbreviation: 'X' },
+                                                   { name: 'Low', abbreviation: 'L' },
+                                                   { name: 'Medium', abbreviation: 'M' },
+                                                   { name: 'High', abbreviation: 'H' }]))
+      @properties.push(@availability_requirements =
+                         CvssProperty.new(name: 'Availability Requirements', abbreviation: 'AR',
+                                          values: [{ name: 'Not Defined', abbreviation: 'X' },
+                                                   { name: 'Low', abbreviation: 'L' },
+                                                   { name: 'Medium', abbreviation: 'M' },
+                                                   { name: 'High',
+                                                     abbreviation: 'H' }]))
+    end
+  end
+end

data/lib/cvss_suite/cvss40/cvss40_supplemental.rb

@@ -0,0 +1,66 @@
+# CVSS-Suite, a Ruby gem to manage the CVSS vector
+#
+# This work is licensed under the terms of the MIT license.
+# See the LICENSE.md file in the top-level directory.
+
+require_relative '../cvss_property'
+require_relative '../cvss_metric'
+
+module CvssSuite
+  ##
+  # This class represents a CVSS Temporal metric in version 3.1.
+  class Cvss40Supplemental < CvssMetric
+    ##
+    # Property of this metric
+    attr_reader :safety, :automatable, :recovery, :value_density,
+                :vulnerability_response_effort, :provider_urgency
+
+    ##
+    # Returns score of this metric
+    def score
+      return 1.0 unless valid?
+
+      @exploit_code_maturity.score * @remediation_level.score * @report_confidence.score
+    end
+
+    private
+
+    def init_properties
+      @properties.push(@safety =
+                         CvssProperty.new(name: 'Safety', abbreviation: 'S',
+                                          values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
+                                                   { name: 'Negligible', abbreviation: 'N', weight: 0.91 },
+                                                   { name: 'Present', abbreviation: 'P', weight: 0.94 }]))
+      @properties.push(@automatable =
+                         CvssProperty.new(name: 'Automatable', abbreviation: 'AU',
+                                          values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
+                                                   { name: 'No', abbreviation: 'N', weight: 0.95 },
+                                                   { name: 'Yes', abbreviation: 'Y', weight: 0.96 }]))
+
+      @properties.push(@recovery =
+                         CvssProperty.new(name: 'Recovery', abbreviation: 'R',
+                                          values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
+                                                   { name: 'Automatic', abbreviation: 'A', weight: 0.92 },
+                                                   { name: 'User', abbreviation: 'U', weight: 0.96 },
+                                                   { name: 'Irrecoverable', abbreviation: 'I', weight: 1.0 }]))
+      @properties.push(@value_density =
+                         CvssProperty.new(name: 'Value Density', abbreviation: 'V',
+                                          values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
+                                                   { name: 'Diffuse', abbreviation: 'D', weight: 0.91 },
+                                                   { name: 'Concentrated', abbreviation: 'C', weight: 0.94 }]))
+      @properties.push(@vulnerability_response_effort =
+                         CvssProperty.new(name: 'Vulnerability Response Effort', abbreviation: 'RE',
+                                          values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
+                                                   { name: 'Low', abbreviation: 'L', weight: 0.91 },
+                                                   { name: 'Moderate', abbreviation: 'M', weight: 0.91 },
+                                                   { name: 'High', abbreviation: 'H', weight: 0.94 }]))
+      @properties.push(@provider_urgency =
+                         CvssProperty.new(name: 'Provider Urgency', abbreviation: 'U',
+                                          values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
+                                                   { name: 'Clear', abbreviation: 'Clear', weight: 0.91 },
+                                                   { name: 'Green', abbreviation: 'Green', weight: 0.91 },
+                                                   { name: 'Amber', abbreviation: 'Amber', weight: 0.91 },
+                                                   { name: 'Red', abbreviation: 'Red', weight: 0.94 }]))
+    end
+  end
+end

data/lib/cvss_suite/cvss40/cvss40_threat.rb

@@ -0,0 +1,34 @@
+# CVSS-Suite, a Ruby gem to manage the CVSS vector
+#
+# This work is licensed under the terms of the MIT license.
+# See the LICENSE.md file in the top-level directory.
+
+require_relative '../cvss_property'
+require_relative '../cvss_metric'
+
+module CvssSuite
+  ##
+  # This class represents a CVSS Threat metric in version 3.1.
+  class Cvss40Threat < CvssMetric
+    ##
+    # Property of this metric
+    attr_reader :exploit_maturity
+
+    ##
+    # Returns score of this metric
+    def score
+      Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
+    end
+
+    private
+
+    def init_properties
+      @properties.push(@exploit_maturity =
+                         CvssProperty.new(name: 'Exploit Maturity', abbreviation: 'E',
+                                          values: [{ name: 'Not Defined', abbreviation: 'X' },
+                                                   { name: 'Attacked', abbreviation: 'A' },
+                                                   { name: 'Proof-of-Concept', abbreviation: 'P' },
+                                                   { name: 'Unreported', abbreviation: 'U' }]))
+    end
+  end
+end

data/lib/cvss_suite/cvss_31_and_before.rb

@@ -0,0 +1,50 @@
+# CVSS-Suite, a Ruby gem to manage the CVSS vector
+#
+# This work is licensed under the terms of the MIT license.
+# See the LICENSE.md file in the top-level directory.
+
+require_relative 'cvss'
+
+module CvssSuite
+  ##
+  # This class represents any CVSS vector. Do not instantiate this class!
+  class Cvss31AndBefore < Cvss
+    ##
+    # Metric of a CVSS vector for CVSS 2, 3, 3.1.
+    attr_reader :temporal, :environmental
+
+    ##
+    # Creates a new CVSS vector by a +vector+, for all CVSS versions through 3.1.
+    #
+    # Raises an exception if it is called on Cvss31AndBefore class.
+    def initialize(vector)
+      raise CvssSuite::Errors::InvalidParentClass, 'Do not instantiate this class!' if instance_of? Cvss31AndBefore
+
+      super
+    end
+
+    ##
+    # Returns if CVSS vector is valid.
+    def valid?
+      if @amount_of_properties >= required_amount_of_properties
+        base = @base.valid?
+        temporal = @base.valid? && @temporal&.valid?
+        environmental = @base.valid? && @environmental&.valid?
+        full = @base.valid? && @temporal&.valid? && @environmental&.valid?
+        base || temporal || environmental || full
+      else
+        false
+      end
+    end
+
+    ##
+    # Returns the Overall Score of the CVSS vector.
+    def overall_score
+      check_validity
+      return temporal_score if @temporal.valid? && !@environmental.valid?
+      return environmental_score if @environmental.valid?
+
+      base_score
+    end
+  end
+end