From 63f170cc7ab298117f033f6609e8a547f6b4149d Mon Sep 17 00:00:00 2001
From: Kota Kanbe <kotakanbe@gmail.com>
Date: Tue, 26 Jan 2021 07:58:59 +0900
Subject: [PATCH] fix(report): set severity in Red Hat OVAL to both CVSS v3 and
 v2 #1146 (#1147)

---
 oval/redhat.go | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/oval/redhat.go b/oval/redhat.go
index cd1cd5df..b358aec5 100644
--- a/oval/redhat.go
+++ b/oval/redhat.go
@@ -173,17 +173,15 @@ func (o RedHatBase) convertToModel(cveID string, def *ovalmodels.Definition) *mo
 		score2, vec2 := o.parseCvss2(cve.Cvss2)
 		score3, vec3 := o.parseCvss3(cve.Cvss3)
 
-		severity := def.Advisory.Severity
+		sev2, sev3, severity := "", "", def.Advisory.Severity
 		if cve.Impact != "" {
 			severity = cve.Impact
 		}
-
-		sev2, sev3 := "", ""
-		if score2 == 0 {
-			sev2 = severity
-		}
-		if score3 == 0 {
+		if severity != "None" {
 			sev3 = severity
+			if score2 != 0 {
+				sev2 = severity
+			}
 		}
 
 		// CWE-ID in RedHat OVAL may have multiple cweIDs separated by space