CVSS v3 and v3.1 Missing temporal metrics (Exploit Code Maturity and Remediation Level) in all CVEs using NVD API
I have been working with the NIST - NVD API v2 and I have noticed that the temporal metrics "remediationLevelType" and "exploitCodeMaturityType" are missing in ALL CVEs that I have searched for using the NVD API.
Although these metrics exist in the CVSS schema (https://csrc.nist.gov/schema/nvd/api/2.0/external/cvss-v3.1.json), they do not appear in the API response. Instead, they are all set to "not defined" when I look for a CVE and check the calculation example:
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-0002
I also have a local copy of the NIST database, but none of the CVEs in it have those metrics.
My question is: Does NIST provide information about these values? Are they supposed to be available through the NVD API or any other source?
Any insights, explanations, or suggestions on how to deal with this problem would be greatly appreciated.
Thanks in advance!
