The vulnerability is an unintended characteristic of a computing component or system configuration that multiplies the risk of an adverse event or a loss occurring either due to accidental exposure, deliberate attack, or conflict with new system components.
Attributes
Section titled “Attributes”cve
- Type:
cve - Requirement: recommended
Describes the Common Vulnerabilities and Exposures (CVE) details related to the vulnerability.
cwe
- Type:
cwe - Requirement: recommended
Describes the Common Weakness Enumeration (CWE) details related to the vulnerability.
references
- Type:
string_t - Requirement: recommended
A list of reference URLs with additional information about the vulnerability.
advisory
- Type:
advisory - Requirement: optional
Detail about the security advisory, that is used to publicly disclose cybersecurity vulnerabilities by a vendor.
affected_code
- Type:
affected_code - Requirement: optional
List of Affected Code objects that describe details about code blocks identified as vulnerable.
affected_packages
- Type:
affected_package - Requirement: optional
List of software packages identified as affected by a vulnerability/vulnerabilities.
desc
- Type:
string_t - Requirement: optional
The description of the vulnerability.
exploit_last_seen_time
- Type:
timestamp_t - Requirement: optional
The time when the exploit was most recently observed.
exploit_last_seen_time_dt
- Type:
datetime_t - Requirement: optional
The time when the exploit was most recently observed.
first_seen_time
- Type:
timestamp_t - Requirement: optional
The time when the vulnerability was first observed.
first_seen_time_dt
- Type:
datetime_t - Requirement: optional
The time when the vulnerability was first observed.
fix_available
- Type:
boolean_t - Requirement: optional
Indicates if a fix is available for the reported vulnerability.
is_exploit_available
- Type:
boolean_t - Requirement: optional
Indicates if an exploit or a PoC (proof-of-concept) is available for the reported vulnerability.
is_fix_available
- Type:
boolean_t - Requirement: optional
Indicates if a fix is available for the reported vulnerability.
kb_article_list
- Type:
kb_article - Requirement: optional
A list of KB articles or patches related to an endpoint. A KB Article contains metadata that describes the patch or an update.
kb_articles
- Type:
string_t - Requirement: optional
The KB article/s related to the entity. A KB Article contains metadata that describes the patch or an update.
last_seen_time
- Type:
timestamp_t - Requirement: optional
The time when the vulnerability was most recently observed.
last_seen_time_dt
- Type:
datetime_t - Requirement: optional
The time when the vulnerability was most recently observed.
packages
- Type:
package - Requirement: optional
List of vulnerable packages as identified by the security product
related_vulnerabilities
- Type:
string_t - Requirement: optional
List of vulnerability IDs (e.g. CVE ID) that are related to this vulnerability.
remediation
- Type:
remediation - Requirement: optional
The remediation recommendations on how to mitigate the identified vulnerability.
severity
- Type:
string_t - Requirement: optional
The vendor assigned severity of the vulnerability.
title
- Type:
string_t - Requirement: optional
A title or a brief phrase summarizing the discovered vulnerability.
vendor_name
- Type:
string_t - Requirement: optional
The name of the vendor that identified the vulnerability.