demisto · kobymeir · Dec 17, 2023 · Dec 14, 2023 · Dec 14, 2023 · Dec 14, 2023
diff --git a/Packs/OpenCVE/Integrations/OpenCVE/OpenCVE.py b/Packs/OpenCVE/Integrations/OpenCVE/OpenCVE.py
@@ -480,7 +480,17 @@ def parse_cve(ocve: OpenCVE, cve: dict):
                 {'metrics': 'Confidentiality', 'value': ocve._map(cvssV2.get('confidentialityImpact', None))}
             ]
 
-    parsed_cve['fields']['nodes'] = cve.get('raw_nvd_data', {}).get('configurations', {}).get('nodes', {})
+    # Backwards compatibility, the configuration used to be a dict. Now it is a list.
+    configurations = cve.get('raw_nvd_data', {}).get('configurations')
+    nodes = []
+    if isinstance(configurations, dict):
+        nodes = configurations.get('nodes', [])
+    elif isinstance(configurations, list):
+        for config in configurations:
+            nodes.extend(config.get('nodes', []))
+    # Design decision: The nodes are aggregated into a single list, this means we won't support 'AND' Statements in CPE matching,
+    # As it's also not supported in XSOAR platform.
+    parsed_cve['fields']['nodes'] = nodes
     parsed_cve['fields']['cwes'] = cve.get('cwes', [])
 
     return relationships, parsed_cve

diff --git a/Packs/OpenCVE/Integrations/OpenCVE/OpenCVE.yml b/Packs/OpenCVE/Integrations/OpenCVE/OpenCVE.yml
@@ -203,7 +203,7 @@ script:
     outputs:
     - contextPath: vendors
       description: Vendors.
-  dockerimage: demisto/python3:3.10.13.75921
+  dockerimage: demisto/python3:3.10.13.83255
   feed: false
   isFetchSamples: true
   runonce: false

diff --git a/Packs/OpenCVE/Integrations/OpenCVE/test_data/CVE-2021-26418.json b/Packs/OpenCVE/Integrations/OpenCVE/test_data/CVE-2021-26418.json
@@ -1 +1,132 @@
-{"id": "CVE-2021-26418", "summary": "Microsoft SharePoint Server Spoofing Vulnerability", "created_at": "2021-05-11T19:15:00Z", "updated_at": "2023-08-02T00:15:00Z", "cvss": {"v2": 5.8, "v3": 4.6}, "vendors": {"microsoft": ["sharepoint_foundation", "sharepoint_server"]}, "cwes": ["NVD-CWE-noinfo"], "raw_nvd_data": {"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26418", "name": "N/A", "tags": ["Patch", "Vendor Advisory"], "refsource": "N/A"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Microsoft SharePoint Server Spoofing Vulnerability"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-26418", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.1}}, "publishedDate": "2021-05-11T19:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-08-02T00:15Z"}}
+{
+    "id": "CVE-2021-26418",
+    "summary": "Microsoft SharePoint Server Spoofing Vulnerability",
+    "created_at": "2021-05-11T19:15:00Z",
+    "updated_at": "2023-08-02T00:15:00Z",
+    "cvss": {
+        "v2": 5.8,
+        "v3": 4.6
+    },
+    "vendors": {
+        "microsoft": [
+            "sharepoint_foundation",
+            "sharepoint_server"
+        ]
+    },
+    "cwes": [
+        "NVD-CWE-noinfo"
+    ],
+    "raw_nvd_data": {
+        "cve": {
+            "data_type": "CVE",
+            "references": {
+                "reference_data": [
+                    {
+                        "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26418",
+                        "name": "N/A",
+                        "tags": [
+                            "Patch",
+                            "Vendor Advisory"
+                        ],
+                        "refsource": "N/A"
+                    }
+                ]
+            },
+            "data_format": "MITRE",
+            "description": {
+                "description_data": [
+                    {
+                        "lang": "en",
+                        "value": "Microsoft SharePoint Server Spoofing Vulnerability"
+                    }
+                ]
+            },
+            "problemtype": {
+                "problemtype_data": [
+                    {
+                        "description": [
+                            {
+                                "lang": "en",
+                                "value": "NVD-CWE-noinfo"
+                            }
+                        ]
+                    }
+                ]
+            },
+            "data_version": "4.0",
+            "CVE_data_meta": {
+                "ID": "CVE-2021-26418",
+                "ASSIGNER": "secure@microsoft.com"
+            }
+        },
+        "impact": {
+            "baseMetricV2": {
+                "cvssV2": {
+                    "version": "2.0",
+                    "baseScore": 5.8,
+                    "accessVector": "NETWORK",
+                    "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
+                    "authentication": "NONE",
+                    "integrityImpact": "PARTIAL",
+                    "accessComplexity": "MEDIUM",
+                    "availabilityImpact": "NONE",
+                    "confidentialityImpact": "PARTIAL"
+                },
+                "severity": "MEDIUM",
+                "acInsufInfo": false,
+                "impactScore": 4.9,
+                "obtainAllPrivilege": false,
+                "exploitabilityScore": 8.6,
+                "obtainUserPrivilege": false,
+                "obtainOtherPrivilege": false,
+                "userInteractionRequired": true
+            },
+            "baseMetricV3": {
+                "cvssV3": {
+                    "scope": "UNCHANGED",
+                    "version": "3.1",
+                    "baseScore": 4.6,
+                    "attackVector": "NETWORK",
+                    "baseSeverity": "MEDIUM",
+                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+                    "integrityImpact": "LOW",
+                    "userInteraction": "REQUIRED",
+                    "attackComplexity": "LOW",
+                    "availabilityImpact": "NONE",
+                    "privilegesRequired": "LOW",
+                    "confidentialityImpact": "LOW"
+                },
+                "impactScore": 2.5,
+                "exploitabilityScore": 2.1
+            }
+        },
+        "publishedDate": "2021-05-11T19:15Z",
+        "configurations": [{
+            "nodes": [
+                {
+                    "children": [],
+                    "operator": "OR",
+                    "cpe_match": [
+                        {
+                            "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*",
+                            "cpe_name": [],
+                            "vulnerable": true
+                        },
+                        {
+                            "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
+                            "cpe_name": [],
+                            "vulnerable": true
+                        },
+                        {
+                            "cpe23Uri": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
+                            "cpe_name": [],
+                            "vulnerable": true
+                        }
+                    ]
+                }
+            ],
+            "CVE_data_version": "4.0"
+        }],
+        "lastModifiedDate": "2023-08-02T00:15Z"
+    }
+}
diff --git a/Packs/OpenCVE/ReleaseNotes/1_0_2.md b/Packs/OpenCVE/ReleaseNotes/1_0_2.md
@@ -0,0 +1,7 @@
+
+#### Integrations
+
+##### OpenCVE
+
+- Fixed an issue in the **cve** command to support API response format changes.
+- Updated the Docker image to: *demisto/python3:3.10.13.83255*.
diff --git a/Packs/OpenCVE/pack_metadata.json b/Packs/OpenCVE/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "OpenCVE",
     "description": "Ingests CVEs from OpenCVE",
     "support": "xsoar",
-    "currentVersion": "1.0.1",
+    "currentVersion": "1.0.2",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",