$av = $cve_xc->find('cvss:access-vector', $metrics)->to_literal;