Vulnerability Details
vulnerability
The vulnerability is an unintended characteristic of a computing component or system configuration that multiplies the risk of an adverse event or a loss occurring either due to accidental exposure, deliberate attack, or conflict with new system components.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| Affected Code | affected_code | Affected Code | List of Affected Code objects that describe details about code blocks identified as vulnerable. | ||
| Affected Software Packages | affected_packages | Affected Software Package | List of software packages identified as affected by a vulnerability/vulnerabilities. | ||
| CVE | cve | CVE | The Common Vulnerabilities and Exposures (CVE). | ||
| CVSS Scores | cvss | CVSS Score |
The CVSS object details Common Vulnerability Scoring System (CVSS) scores from the advisory that are related to the vulnerability.
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0 |
||
| CWE | cwe | CWE | The CWE object represents a weakness in a software system that can be exploited by a threat actor to perform an attack. The CWE object is based on the Common Weakness Enumeration (CWE) catalog. | ||
| Description | desc | String | The description of the vulnerability. | ||
| First Seen | first_seen_time | Timestamp | The time when the vulnerability was first observed. | ||
| Fix Availability | fix_available | Boolean |
Indicates if a fix is available for the reported vulnerability.
Deprecated since 1.1.0: Use the |
||
| Exploit Availability | is_exploit_available | Boolean | Indicates if an exploit or a PoC (proof-of-concept) is available for the reported vulnerability. | ||
| Fix Availability | is_fix_available | Boolean | Indicates if a fix is available for the reported vulnerability. | ||
| Knowledgebase Articles | kb_article_list | KB Article | A list of KB articles or patches related to an endpoint. A KB Article contains metadata that describes the patch or an update. | ||
| Knowledgebase Articles | kb_articles | String |
The KB article/s related to the entity. A KB Article contains metadata that describes the patch or an update.
Deprecated since 1.1.0: Use the |
||
| Last Seen | last_seen_time | Timestamp | The time when the vulnerability was most recently observed. | ||
| Software Packages | packages | String |
List of vulnerable packages as identified by the security product
Deprecated since 1.1.0: Use the |
||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| References | references | String | A list of reference URLs with additional information about the vulnerability. | ||
| Related Vulnerabilities | related_vulnerabilities | String | List of vulnerabilities that are related to this vulnerability. | ||
| Remediation Guidance | remediation | Remediation | The remediation recommendations on how to mitigate the identified vulnerability. | ||
| Severity | severity | String | The vendor assigned severity of the vulnerability. | ||
| Title | title | String | A title or a brief phrase summarizing the discovered vulnerability. | ||
| Unique ID | uid | String |
The vulnerability unique identifier.
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0 |
||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. | ||
| Vendor Name | vendor_name | String | The name of the vendor that identified the vulnerability. |
References
Referenced By
Context
JSON
{
"caption": "Vulnerability Details",
"description": "The vulnerability is an unintended characteristic of a computing component or system configuration that multiplies the risk of an adverse event or a loss occurring either due to accidental exposure, deliberate attack, or conflict with new system components.",
"extends": "object",
"name": "vulnerability",
"attributes": {
"affected_code": {
"requirement": "optional",
"caption": "Affected Code",
"description": "List of Affected Code objects that describe details about code blocks identified as vulnerable.",
"is_array": true,
"type": "affected_code"
},
"affected_packages": {
"requirement": "optional",
"caption": "Affected Software Packages",
"description": "List of software packages identified as affected by a vulnerability/vulnerabilities.",
"is_array": true,
"type": "affected_package"
},
"cve": {
"requirement": "recommended",
"caption": "CVE",
"description": "The Common Vulnerabilities and Exposures (<a target='_blank' href='https://cve.mitre.org/'>CVE</a>).",
"type": "cve"
},
"cwe": {
"requirement": "recommended",
"caption": "CWE",
"description": "The CWE object represents a weakness in a software system that can be exploited by a threat actor to perform an attack. The CWE object is based on the <a target='_blank' href='https://cwe.mitre.org/'>Common Weakness Enumeration (CWE)</a> catalog.",
"type": "cwe"
},
"desc": {
"description": "The description of the vulnerability.",
"requirement": "optional",
"caption": "Description",
"type": "string_t"
},
"first_seen_time": {
"description": "The time when the vulnerability was first observed.",
"requirement": "optional",
"caption": "First Seen",
"type": "timestamp_t"
},
"fix_available": {
"requirement": "optional",
"@deprecated": {
"message": "Use the <code> is_fix_available </code> attribute instead.",
"since": "1.1.0"
},
"caption": "Fix Availability",
"description": "Indicates if a fix is available for the reported vulnerability.",
"type": "boolean_t"
},
"kb_articles": {
"requirement": "optional",
"caption": "Knowledgebase Articles",
"@deprecated": {
"message": "Use the <code> kb_article_list </code> attribute instead.",
"since": "1.1.0"
},
"description": "The KB article/s related to the entity. A KB Article contains metadata that describes the patch or an update.",
"is_array": true,
"type": "string_t"
},
"kb_article_list": {
"requirement": "optional",
"caption": "Knowledgebase Articles",
"description": "A list of KB articles or patches related to an endpoint. A KB Article contains metadata that describes the patch or an update.",
"is_array": true,
"type": "kb_article"
},
"is_exploit_available": {
"requirement": "optional",
"caption": "Exploit Availability",
"description": "Indicates if an exploit or a PoC (proof-of-concept) is available for the reported vulnerability.",
"type": "boolean_t"
},
"is_fix_available": {
"requirement": "optional",
"caption": "Fix Availability",
"description": "Indicates if a fix is available for the reported vulnerability.",
"type": "boolean_t"
},
"last_seen_time": {
"description": "The time when the vulnerability was most recently observed.",
"requirement": "optional",
"caption": "Last Seen",
"type": "timestamp_t"
},
"packages": {
"requirement": "optional",
"@deprecated": {
"message": "Use the <code> affected_packages </code> attribute instead.",
"since": "1.1.0"
},
"caption": "Software Packages",
"description": "List of vulnerable packages as identified by the security product",
"is_array": true,
"type": "string_t"
},
"references": {
"description": "A list of reference URLs with additional information about the vulnerability.",
"requirement": "recommended",
"caption": "References",
"is_array": true,
"type": "string_t"
},
"related_vulnerabilities": {
"requirement": "optional",
"caption": "Related Vulnerabilities",
"description": "List of vulnerabilities that are related to this vulnerability.",
"is_array": true,
"type": "string_t"
},
"remediation": {
"description": "The remediation recommendations on how to mitigate the identified vulnerability.",
"requirement": "optional",
"caption": "Remediation Guidance",
"type": "remediation"
},
"severity": {
"description": "The vendor assigned severity of the vulnerability.",
"requirement": "optional",
"caption": "Severity",
"type": "string_t"
},
"title": {
"description": "A title or a brief phrase summarizing the discovered vulnerability.",
"requirement": "optional",
"caption": "Title",
"type": "string_t"
},
"vendor_name": {
"description": "The name of the vendor that identified the vulnerability.",
"requirement": "optional",
"caption": "Vendor Name",
"type": "string_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
},
"uid": {
"description": "The vulnerability unique identifier.",
"requirement": "required",
"caption": "Unique ID",
"type": "string_t",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
},
"cvss": {
"requirement": "recommended",
"caption": "CVSS Scores",
"description": "The CVSS object details Common Vulnerability Scoring System (<a target='_blank' href='https://www.first.org/cvss/'>CVSS</a>) scores from the advisory that are related to the vulnerability.",
"type": "cvss",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
},
"is_array": true
}
},
"constraints": {
"at_least_one": [
"cve",
"cwe"
]
}
}