The vulnerability is an unintended characteristic of a computing component or system configuration that multiplies the risk of an adverse event or a loss occurring either due to accidental exposure, deliberate attack, or conflict with new system components.
Attributes
Section titled “Attributes”cve
- Type:
cve - Requirement: recommended
The Common Vulnerabilities and Exposures (CVE).
cwe
- Type:
cwe - Requirement: recommended
The CWE object represents a weakness in a software system that can be exploited by a threat actor to perform an attack. The CWE object is based on the Common Weakness Enumeration (CWE) catalog.
references
- Type:
string_t - Requirement: recommended
A list of reference URLs with additional information about the vulnerability.
affected_code
- Type:
affected_code - Requirement: optional
List of Affected Code objects that describe details about code blocks identified as vulnerable.
affected_packages
- Type:
affected_package - Requirement: optional
List of software packages identified as affected by a vulnerability/vulnerabilities.
desc
- Type:
string_t - Requirement: optional
The description of the vulnerability.
first_seen_time
- Type:
timestamp_t - Requirement: optional
The time when the vulnerability was first observed.
first_seen_time_dt
- Type:
datetime_t - Requirement: optional
The time when the vulnerability was first observed.
fix_available
- Type:
boolean_t - Requirement: optional
Indicates if a fix is available for the reported vulnerability.
is_exploit_available
- Type:
boolean_t - Requirement: optional
Indicates if an exploit or a PoC (proof-of-concept) is available for the reported vulnerability.
is_fix_available
- Type:
boolean_t - Requirement: optional
Indicates if a fix is available for the reported vulnerability.
kb_article_list
- Type:
kb_article - Requirement: optional
A list of KB articles or patches related to an endpoint. A KB Article contains metadata that describes the patch or an update.
kb_articles
- Type:
string_t - Requirement: optional
The KB article/s related to the entity. A KB Article contains metadata that describes the patch or an update.
last_seen_time
- Type:
timestamp_t - Requirement: optional
The time when the vulnerability was most recently observed.
last_seen_time_dt
- Type:
datetime_t - Requirement: optional
The time when the vulnerability was most recently observed.
packages
- Type:
package - Requirement: optional
List of vulnerable packages as identified by the security product
related_vulnerabilities
- Type:
string_t - Requirement: optional
List of vulnerabilities that are related to this vulnerability.
remediation
- Type:
remediation - Requirement: optional
The remediation recommendations on how to mitigate the identified vulnerability.
severity
- Type:
string_t - Requirement: optional
The vendor assigned severity of the vulnerability.
title
- Type:
string_t - Requirement: optional
A title or a brief phrase summarizing the discovered vulnerability.
vendor_name
- Type:
string_t - Requirement: optional
The name of the vendor that identified the vulnerability.
Constraints
Section titled “Constraints”At least one of: cve, cwe