Affected Software Package
The Affected Package object describes details about a software package identified as affected by a vulnerability/vulnerabilities.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Architecture | architecture |
String | Architecture is a shorthand name describing the type of computer hardware the packaged software is meant to run on. |
| The product CPE identifier | cpe_name |
String |
The Common Platform Enumeration (CPE) name as described by (NIST) For example: cpe:/a:apple:safari:16.2.
|
| Epoch | epoch |
Integer | The software package epoch. Epoch is a way to define weighted dependencies based on version numbers. |
| Fixed In Version | fixed_in_version |
String | The software package version in which a reported vulnerability was patched/fixed. |
| Hash | hash |
Fingerprint[] | Cryptographic hash to identify the binary instance of a software component. This can include any component such file, package, or library. |
| Software License | license |
String | The software license applied to this package. |
| Name | name |
String | The software package name. |
| Package Manager | package_manager |
String | The software packager manager utilized to manage a package on a system, e.g. npm, yum, dpkg etc. |
| Path | path |
String | The installation path of the affected package. |
| Package URL | purl |
String | A purl is a URL string used to identify and locate a software package in a mostly universal and uniform way across programming languages, package managers, packaging conventions, tools, APIs and databases. |
| Raw Data | raw_data |
JSON | The event data as received from the event source. |
| Record ID | record_id |
String | Unique identifier for the object |
| Software Release Details | release |
String | Release is the number of times a version of the software has been packaged. |
| Remediation Guidance | remediation |
Remediation[] | Describes the recommended remediation steps to address identified issue(s). |
| Type | type |
String | The type of software package, normalized to the caption of the type_id value. In the case of 'Other', it is defined by the source. |
| Type ID | type_id |
Integer |
The type of software package.
|
| Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
| Vendor Name | vendor_name |
String | The name of the vendor who published the software package. |
| Version | version |
String | The software package version. |
Relationships
Inbound Relationships
These objects and events reference Affected Software Package in their attributes:
Outbound Relationships
Affected Software Package references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated about 1 month ago