CVSS Score
cvss
The Common Vulnerability Scoring System (CVSS) object provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| Access Complexity (AC) | access_complexity_id | Integer |
Name: Access Complexity (AC). Group: Base. CVSS Version: v1, v2
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Access Vector (AV) | access_vector_id | Integer |
Name: Access Vector (AV). Group: Base. CVSS version: v1, v2
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Attack Complexity (AC) | attack_complexity_id | Integer |
The Attack Complexity Common Vulnerability Scoring System (CVSS) metric. Name: Attack Complexity (AC). Group: Base. CVSS version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Attack Vector (AV) | attack_vector_id | Integer |
Name: Attack Vector (AV). Group: Base. CVSS version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Authentication (Au) | authentication_id | Integer |
Name: Authentication (Au). Group: Base. CVSS version: v1, v2
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Availability (A) | availability_id | Integer |
Name: Availability (A). Group: Base. CVSS version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Availability Impact (A) | availability_impact_id | Integer |
Name: Availability Impact (A). Group: Base, CVSS version: v1, v2
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Availability Requirement (AR) | availability_requirement_id | Integer |
Name: Availability Requirement (AR). Group: Environmental. CVSS version: v2, v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Base Score | base_score | Float |
The CVSS base score. For example: 9.1.
|
||
| Collateral Damage Potential (CDP) | collateral_damage_potential_id | Integer |
Name: Collateral Damage Potential (CDP). Group: Environmental. CVSS version: v1, v2
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Confidentiality (C) | confidentiality_id | Integer |
The Confidentiality Common Vulnerability Scoring System (CVSS) metric. Name: Confidentiality (C). Group: Base. CVSS version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Confidentiality Impact (C) | confidentiality_impact_id | Integer |
Name: Confidentiality Impact (C). Group: Base CVSS version: v1, v2
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Confidentiality Requirement (CR) | confidentiality_requirement_id | Integer |
Name: Confidentiality Requirement (CR). Group: Environmental. CVSS version: v2, v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| CVSS Depth | depth | String |
The CVSS depth represents a depth of the equation used to calculate CVSS score.
|
||
| CVSS Depth | depth_id | Integer |
The CVSS depth. Representing a depth of the equation used to calculate CVSS score.
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Exploit Code Maturity (E) | exploit_code_maturity_id | Integer |
Name: Exploit Code Maturity (E). Group: Temporal. CVSS version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Exploitability (E) | exploitability_id | Integer |
Name: Exploitability (E). Group: Temporal. CVSS version: v1, v2
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Integrity (I) | integrity_id | Integer |
The Integrity Common Vulnerability Scoring System (CVSS) metric. Name: Integrity (I). Group: Base. CVSS version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Integrity Impact (I) | integrity_impact_id | Integer |
Name: Integrity Impact (I). Group: Base. CVSS version: v1, v2
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Integrity Requirement (IR) | integrity_requirement_id | Integer |
Name: Integrity Requirement (IR). Group: Environmental. CVSS version: v2, v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Metrics | metrics | Metric |
The Common Vulnerability Scoring System metrics. This attribute contains information on the CVE's impact. If the CVE has been analyzed, this attribute will contain any CVSSv2 or CVSSv3 information associated with the vulnerability. For example: { {"Access Vector", "Network"}, {"Access Complexity", "Low"}, ...}.
|
||
| Modified Attack Complexity (MAC) | modified_attack_complexity_id | Integer |
Name: Modified Attack Complexity (MAC). Group: Environmental. Version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Modified Attack Vector (MAV) | modified_attack_vector_id | Integer |
Name: Modified Attack Vector (MAV). Group: Environmental. Version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Modified Availability (MA) | modified_availability_id | Integer |
Name: Modified Availability (MA). Group: Environmental. Version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Modified Confidentiality (MC) | modified_confidentiality_id | Integer |
Name: Modified Confidentiality (MC). Group: Environmental. Version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Modified Integrity (MI) | modified_integrity_id | Integer |
Name: Modified Integrity (MI). Group: Environmental. Version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Modified Privileges Required (MPR) | modified_privileges_required_id | Integer |
Name: Modified Privileges Required (MPR). Group: Environmental. Version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Modified Scope (MS) | modified_scope_id | Integer |
Name: Modified Scope (MS). Group: Environmental. Version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Modified User Interaction (MUI) | modified_user_interaction_id | Integer |
Name: Modified User Interaction (MUI). Group: Environmental. Version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Overall Score | overall_score | Float |
The CVSS overall score, impacted by base, temporal, and environmental metrics. For example: 9.1.
|
||
| Privileges Required (PR) | privileges_required_id | Integer |
The Privileges Required (PR) Common Vulnerability Scoring System (CVSS) metric. Name: Privileges Required (PR). Group: Base. CVSS version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Reputation Score | raw_score | Float |
CVSS Score in the range of 0.0 to 10.0.
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0 |
||
| Record ID | record_id | String | Unique identifier for the object | ||
| Remediation Level (RL) | remediation_level_id | Integer |
Name: Remediation Level (RL). Group: Temporal. CVSS version: v1, v2, v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Report Confidence (RC) | report_confidence_id | Integer |
Name: Report Confidence (RC). Group: Temporal. CVSS version: v1, v2, v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Scope (S) | scope_id | Integer |
Name: Scope (S). Group: Base. CVSS version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Severity | severity | String |
The Common Vulnerability Scoring System (CVSS) Qualitative Severity Rating. A textual representation of the numeric score. CVSS v2.0
|
||
| Qualitative Severity Rating | severity_id | Integer |
The Common Vulnerability Scoring System (CVSS) Qualitative Severity Rating. A textual representation of the numeric score. None (0.0), Low (0.1 - 3.9), Medium (4.0 - 6.9), High (7.0 - 8.9), Critical (9.0 - 10.0)
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Target Distribution (TD) | target_distribution_id | Integer |
Name: Target Distribution (TD). Group: Environmental. CVSS version: v1, v2
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. | ||
| User Interaction (UI) | user_interaction_id | Integer |
The User Interaction Common Vulnerability Scoring System (CVSS) metric. Name: User Interaction (UI). Group: Base. CVSS version: v3
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
|
||
| Vector String | vector_string | String |
The CVSS vector string is a text representation of a set of CVSS metrics. It is commonly used to record or transfer CVSS metric information in a concise form. For example: 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.
|
||
| Version | version | String |
The CVSS version. For example: 3.1.
|
Referenced By
Context
JSON
{
"caption": "CVSS Score",
"description": "The Common Vulnerability Scoring System (<a target='_blank' href='https://www.first.org/cvss/'>CVSS</a>) object provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.",
"extends": "object",
"name": "cvss",
"attributes": {
"base_score": {
"description": "The CVSS base score. For example: <code>9.1</code>.",
"requirement": "required",
"caption": "Base Score",
"type": "float_t"
},
"depth": {
"requirement": "recommended",
"caption": "CVSS Depth",
"description": "The CVSS depth represents a depth of the equation used to calculate CVSS score.",
"type": "string_t",
"enum": {
"Base": {
"caption": "Base"
},
"Environmental": {
"caption": "Environmental"
},
"Temporal": {
"caption": "Temporal"
}
}
},
"metrics": {
"description": "The Common Vulnerability Scoring System metrics. This attribute contains information on the CVE's impact. If the CVE has been analyzed, this attribute will contain any CVSSv2 or CVSSv3 information associated with the vulnerability. For example: <code>{ {\"Access Vector\", \"Network\"}, {\"Access Complexity\", \"Low\"}, ...}</code>.",
"requirement": "optional",
"caption": "Metrics",
"type": "metric",
"is_array": true
},
"overall_score": {
"description": "The CVSS overall score, impacted by base, temporal, and environmental metrics. For example: <code>9.1</code>.",
"requirement": "recommended",
"caption": "Overall Score",
"type": "float_t"
},
"severity": {
"description": "<p>The Common Vulnerability Scoring System (CVSS) Qualitative Severity Rating. A textual representation of the numeric score.</p><strong>CVSS v2.0</strong><ul><li>Low (0.0 \u2013 3.9)</li><li>Medium (4.0 \u2013 6.9)</li><li>High (7.0 \u2013 10.0)</li></ul></p><strong>CVSS v3.0</strong><ul><li>None (0.0)</li><li>Low (0.1 - 3.9)</li><li>Medium (4.0 - 6.9)</li><li>High (7.0 - 8.9)</li><li>Critical (9.0 - 10.0)</li></ul>",
"requirement": "optional",
"caption": "Severity",
"type": "string_t"
},
"vector_string": {
"requirement": "optional",
"caption": "Vector String",
"description": "The CVSS vector string is a text representation of a set of CVSS metrics. It is commonly used to record or transfer CVSS metric information in a concise form. For example: <code>3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H</code>.",
"type": "string_t"
},
"version": {
"description": "The CVSS version. For example: <code>3.1</code>.",
"requirement": "required",
"caption": "Version",
"type": "string_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
},
"integrity_id": {
"description": "The Integrity Common Vulnerability Scoring System (CVSS) metric. Name: Integrity (I). Group: Base. CVSS version: v3",
"caption": "Integrity (I)",
"enum": {
"0": {
"caption": "None (N)",
"description": "The integrity level is unknown."
},
"1": {
"caption": "Low (L)"
},
"2": {
"caption": "High (H)"
},
"3": {
"caption": "Medium"
},
"4": {
"caption": "High"
},
"5": {
"caption": "System"
},
"6": {
"caption": "Protected"
},
"99": {
"caption": "Other",
"description": "The integrity level is not mapped. See the <code>integrity</code> attribute, which contains a data source specific value."
}
},
"requirement": "optional",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
},
"sibling": "integrity"
},
"integrity_impact_id": {
"description": "Name: Integrity Impact (I). Group: Base. CVSS version: v1, v2",
"enum": {
"0": {
"caption": "None (N)"
},
"1": {
"caption": "Partial (P)"
},
"2": {
"caption": "Complete (C)"
}
},
"requirement": "optional",
"caption": "Integrity Impact (I)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"target_distribution_id": {
"description": "Name: Target Distribution (TD). Group: Environmental. CVSS version: v1, v2",
"enum": {
"0": {
"caption": "None (N)"
},
"1": {
"caption": "Low (L)"
},
"2": {
"caption": "Medium (LM)"
},
"3": {
"caption": "High (H)"
},
"4": {
"caption": "Not Defined (ND)"
}
},
"requirement": "optional",
"caption": "Target Distribution (TD)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"modified_integrity_id": {
"description": "Name: Modified Integrity (MI). Group: Environmental. Version: v3",
"enum": {
"0": {
"caption": "Not Defined (X)"
},
"1": {
"caption": "None (N)"
},
"2": {
"caption": "Low (L)"
},
"3": {
"caption": "High (H)"
}
},
"requirement": "optional",
"caption": "Modified Integrity (MI)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"exploitability_id": {
"description": "Name: Exploitability (E). Group: Temporal. CVSS version: v1, v2",
"enum": {
"0": {
"caption": "Not Defined (ND)"
},
"1": {
"caption": "High (H)"
},
"2": {
"caption": "Functional (F)"
},
"3": {
"caption": "Proof-of-Concept (POC)"
},
"4": {
"caption": "Unproven (U)"
}
},
"requirement": "optional",
"caption": "Exploitability (E)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"remediation_level_id": {
"description": "Name: Remediation Level (RL). Group: Temporal. CVSS version: v1, v2, v3",
"enum": {
"0": {
"caption": "Not Defined (X, ND)"
},
"1": {
"caption": "Unavailable (U)"
},
"2": {
"caption": "Workaround (W)"
},
"3": {
"caption": "Temporary Fix (T, TF)"
},
"4": {
"caption": "Official Fix (O, OF)"
}
},
"requirement": "optional",
"caption": "Remediation Level (RL)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"modified_attack_vector_id": {
"description": "Name: Modified Attack Vector (MAV). Group: Environmental. Version: v3",
"enum": {
"0": {
"caption": "Not Defined (X)"
},
"1": {
"caption": "Network (N)"
},
"2": {
"caption": "Adjacent (A)"
},
"3": {
"caption": "Local (L)"
},
"4": {
"caption": "Physical (P)"
}
},
"requirement": "optional",
"caption": "Modified Attack Vector (MAV)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"integrity_requirement_id": {
"description": "Name: Integrity Requirement (IR). Group: Environmental. CVSS version: v2, v3",
"enum": {
"0": {
"caption": "Not Defined (X, ND)"
},
"1": {
"caption": "Low (L)"
},
"2": {
"caption": "Medium (LM)"
},
"3": {
"caption": "High (H)"
}
},
"requirement": "optional",
"caption": "Integrity Requirement (IR)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"collateral_damage_potential_id": {
"description": "Name: Collateral Damage Potential (CDP). Group: Environmental. CVSS version: v1, v2",
"enum": {
"0": {
"caption": "None (N)"
},
"1": {
"caption": "Low (L)"
},
"2": {
"caption": "Low-Medium (LM)"
},
"3": {
"caption": "Medium-High (MH)"
},
"4": {
"caption": "High (H)"
},
"5": {
"caption": "Not Defined (ND)"
}
},
"requirement": "optional",
"caption": "Collateral Damage Potential (CDP)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"severity_id": {
"caption": "Qualitative Severity Rating",
"description": "The Common Vulnerability Scoring System (CVSS) Qualitative Severity Rating. A textual representation of the numeric score. None (0.0), Low (0.1 - 3.9), Medium (4.0 - 6.9), High (7.0 - 8.9), Critical (9.0 - 10.0)",
"enum": {
"0": {
"caption": "None",
"description": "The event severity is not known."
},
"1": {
"caption": "Low",
"description": "Informational message. No action required."
},
"2": {
"caption": "Medium",
"description": "The user decides if action is needed."
},
"3": {
"caption": "High",
"description": "Action is required but the situation is not serious at this time."
},
"4": {
"caption": "Critical",
"description": "Action is required immediately."
},
"-1": {
"caption": "Other",
"description": "The event severity is not mapped. See the <code>severity</code> attribute, which contains a data source specific value."
},
"5": {
"caption": "Critical",
"description": "Action is required immediately and the scope is broad."
},
"6": {
"caption": "Fatal",
"description": "An error occurred but it is too late to take remedial action."
},
"99": {
"caption": "Other",
"description": "The event/finding severity is not mapped. See the <code>severity</code> attribute, which contains a data source specific value."
}
},
"requirement": "optional",
"sibling": "severity",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"access_complexity_id": {
"description": "Name: Access Complexity (AC). Group: Base. CVSS Version: v1, v2",
"enum": {
"0": {
"caption": "Low (L)"
},
"1": {
"caption": "Medium (M)"
},
"2": {
"caption": "High (H)"
}
},
"requirement": "optional",
"caption": "Access Complexity (AC)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"privileges_required_id": {
"caption": "Privileges Required (PR)",
"description": "The Privileges Required (PR) Common Vulnerability Scoring System (CVSS) metric. Name: Privileges Required (PR). Group: Base. CVSS version: v3",
"enum": {
"0": {
"caption": "None (N)"
},
"1": {
"caption": "Low (L)"
},
"2": {
"caption": "High (H)"
}
},
"requirement": "optional",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"availability_requirement_id": {
"description": "Name: Availability Requirement (AR). Group: Environmental. CVSS version: v2, v3",
"enum": {
"0": {
"caption": "Not Defined (X, ND)"
},
"1": {
"caption": "Low (L)"
},
"2": {
"caption": "Medium (LM)"
},
"3": {
"caption": "High (H)"
}
},
"requirement": "optional",
"caption": "Availability Requirement (AR)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"modified_privileges_required_id": {
"description": "Name: Modified Privileges Required (MPR). Group: Environmental. Version: v3",
"enum": {
"0": {
"caption": "Not Defined (X)"
},
"1": {
"caption": "None (N)"
},
"2": {
"caption": "Low (L)"
},
"3": {
"caption": "High (H)"
}
},
"requirement": "optional",
"caption": "Modified Privileges Required (MPR)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"report_confidence_id": {
"description": "Name: Report Confidence (RC). Group: Temporal. CVSS version: v1, v2, v3",
"enum": {
"0": {
"caption": "Not Defined (X, ND)"
},
"1": {
"caption": "Confirmed (C)"
},
"2": {
"caption": "Reasonable (R)"
},
"3": {
"caption": "Unconfirmed (UC)"
},
"4": {
"caption": "Uncorroborated (UR)"
},
"5": {
"caption": "Unknown (U)"
}
},
"requirement": "optional",
"caption": "Report Confidence (RC)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"confidentiality_id": {
"caption": "Confidentiality (C)",
"description": "The Confidentiality Common Vulnerability Scoring System (CVSS) metric. Name: Confidentiality (C). Group: Base. CVSS version: v3",
"enum": {
"0": {
"caption": "None (N)",
"description": "The confidentiality is unknown."
},
"1": {
"caption": "Low (L)"
},
"2": {
"caption": "High (H)"
},
"-1": {
"caption": "Other"
},
"3": {
"caption": "Secret"
},
"4": {
"caption": "Top Secret"
},
"5": {
"caption": "Private"
},
"6": {
"caption": "Restricted"
},
"99": {
"caption": "Other",
"description": "The confidentiality is not mapped. See the <code>confidentiality</code> attribute, which contains a data source specific value."
}
},
"requirement": "optional",
"sibling": "confidentiality",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"confidentiality_requirement_id": {
"description": "Name: Confidentiality Requirement (CR). Group: Environmental. CVSS version: v2, v3",
"enum": {
"0": {
"caption": "Not Defined (X, ND)"
},
"1": {
"caption": "Low (L)"
},
"2": {
"caption": "Medium (LM)"
},
"3": {
"caption": "High (H)"
}
},
"requirement": "optional",
"caption": "Confidentiality Requirement (CR)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"modified_confidentiality_id": {
"description": "Name: Modified Confidentiality (MC). Group: Environmental. Version: v3",
"enum": {
"0": {
"caption": "Not Defined (X)"
},
"1": {
"caption": "None (N)"
},
"2": {
"caption": "Low (L)"
},
"3": {
"caption": "High (H)"
}
},
"requirement": "optional",
"caption": "Modified Confidentiality (MC)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"modified_user_interaction_id": {
"description": "Name: Modified User Interaction (MUI). Group: Environmental. Version: v3",
"enum": {
"0": {
"caption": "Not Defined (X)"
},
"1": {
"caption": "None (N)"
},
"2": {
"caption": "Required (R)"
}
},
"requirement": "optional",
"caption": "Modified User Interaction (MUI)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"access_vector_id": {
"description": "Name: Access Vector (AV). Group: Base. CVSS version: v1, v2",
"enum": {
"0": {
"caption": "Local (L)"
},
"1": {
"caption": "Adjacent Network (A)"
},
"2": {
"caption": "Network (N)"
}
},
"requirement": "optional",
"caption": "Access Vector (AV)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"user_interaction_id": {
"caption": "User Interaction (UI)",
"description": "The User Interaction Common Vulnerability Scoring System (CVSS) metric. Name: User Interaction (UI). Group: Base. CVSS version: v3",
"enum": {
"0": {
"caption": "None (N)"
},
"1": {
"caption": "Required (R)"
}
},
"requirement": "optional",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"confidentiality_impact_id": {
"description": "Name: Confidentiality Impact (C). Group: Base CVSS version: v1, v2",
"enum": {
"0": {
"caption": "None (N)"
},
"1": {
"caption": "Partial (P)"
},
"2": {
"caption": "Complete (C)"
}
},
"requirement": "optional",
"caption": "Confidentiality Impact (C)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"modified_attack_complexity_id": {
"description": "Name: Modified Attack Complexity (MAC). Group: Environmental. Version: v3",
"enum": {
"0": {
"caption": "Not Defined (X)"
},
"1": {
"caption": "Low (L)"
},
"2": {
"caption": "High (H)"
}
},
"requirement": "optional",
"caption": "Modified Attack Complexity (MAC)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"depth_id": {
"description": "The CVSS depth. Representing a depth of the equation used to calculate CVSS score.",
"enum": {
"0": {
"caption": "Base"
},
"1": {
"caption": "Temporal"
},
"2": {
"caption": "Environmental"
}
},
"requirement": "recommended",
"caption": "CVSS Depth",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"exploit_code_maturity_id": {
"description": "Name: Exploit Code Maturity (E). Group: Temporal. CVSS version: v3",
"enum": {
"0": {
"caption": "Not Defined (X)"
},
"1": {
"caption": "High (H)"
},
"2": {
"caption": "Functional (F)"
},
"3": {
"caption": "Proof-of-Concept (P)"
},
"4": {
"caption": "Unproven (U)"
}
},
"requirement": "optional",
"caption": "Exploit Code Maturity (E)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"scope_id": {
"description": "Name: Scope (S). Group: Base. CVSS version: v3",
"enum": {
"0": {
"caption": "Unchanged (U)"
},
"1": {
"caption": "Changed (C)"
}
},
"requirement": "optional",
"caption": "Scope (S)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"attack_complexity_id": {
"caption": "Attack Complexity (AC)",
"description": "The Attack Complexity Common Vulnerability Scoring System (CVSS) metric. Name: Attack Complexity (AC). Group: Base. CVSS version: v3",
"enum": {
"0": {
"caption": "Low (L)"
},
"1": {
"caption": "High (H)"
}
},
"requirement": "optional",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"availability_impact_id": {
"description": "Name: Availability Impact (A). Group: Base, CVSS version: v1, v2",
"enum": {
"0": {
"caption": "None (N)"
},
"1": {
"caption": "Partial (P)"
},
"2": {
"caption": "Complete (C)"
}
},
"requirement": "optional",
"caption": "Availability Impact (A)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"modified_scope_id": {
"description": "Name: Modified Scope (MS). Group: Environmental. Version: v3",
"enum": {
"0": {
"caption": "Not Defined (X)"
},
"1": {
"caption": "Unchanged (U)"
},
"2": {
"caption": "Changed (C)"
}
},
"requirement": "optional",
"caption": "Modified Scope (MS)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"raw_score": {
"description": "CVSS Score in the range of 0.0 to 10.0.",
"requirement": "recommended",
"caption": "Reputation Score",
"type": "float_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"attack_vector_id": {
"description": "Name: Attack Vector (AV). Group: Base. CVSS version: v3",
"enum": {
"0": {
"caption": "Network (N)"
},
"1": {
"caption": "Adjacent (A)"
},
"2": {
"caption": "Local (L)"
},
"3": {
"caption": "Physical (P)"
}
},
"requirement": "optional",
"caption": "Attack Vector (AV)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"modified_availability_id": {
"description": "Name: Modified Availability (MA). Group: Environmental. Version: v3",
"enum": {
"0": {
"caption": "Not Defined (X)"
},
"1": {
"caption": "None (N)"
},
"2": {
"caption": "Low (L)"
},
"3": {
"caption": "High (H)"
}
},
"requirement": "optional",
"caption": "Modified Availability (MA)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"availability_id": {
"description": "Name: Availability (A). Group: Base. CVSS version: v3",
"enum": {
"0": {
"caption": "None (N)"
},
"1": {
"caption": "Low (L)"
},
"2": {
"caption": "High (H)"
}
},
"requirement": "optional",
"caption": "Availability (A)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"authentication_id": {
"description": "Name: Authentication (Au). Group: Base. CVSS version: v1, v2",
"enum": {
"0": {
"caption": "None"
},
"1": {
"caption": "Single (S)"
},
"2": {
"caption": "Multiple (M)"
}
},
"requirement": "optional",
"caption": "Authentication (Au)",
"type": "integer_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
}
}
}