CVE

cve

The Common Vulnerabilities and Exposures (CVE) object represents publicly disclosed cybersecurity vulnerabilities defined in CVE Program catalog (CVE). There is one CVE Record for each vulnerability in the catalog.

Attributes

Caption	Name	Type	Description
Created Time	`created_time`	Timestamp	The Record Creation Date identifies when the CVE ID was issued to a CVE Numbering Authority (CNA) or the CVE Record was published on the CVE List. Note that the Record Creation Date does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
CVSS Score	`cvss`	CVSS Score[]	The CVSS object details Common Vulnerability Scoring System (CVSS) scores from the advisory that are related to the vulnerability.
CWE	`cwe`	CWE[]	The CWE object represents a weakness in a software system that can be exploited by a threat actor to perform an attack. The CWE object is based on the Common Weakness Enumeration (CWE) catalog. 🚧 WARNING: DEPRECATED CWE has been deprecated since 1.4.0. Use `related_cwes` attribute instead.
CWE UID	`cwe_uid`	String	The Common Weakness Enumeration (CWE) unique identifier. For example: `CWE-787`. 🚧 WARNING: DEPRECATED CWE UID has been deprecated since 1.1.0. Use the `related_cwes` object attributes instead.
CWE URL	`cwe_url`	URL String	Entity:`URL_STRING` Common Weakness Enumeration (CWE) definition URL. For example: `https://cwe.mitre.org/data/definitions/787.html`. 🚧 WARNING: DEPRECATED CWE URL has been deprecated since 1.1.0. Use the `related_cwes` object attributes instead.
Description	`desc`	String	A brief description of the CVE Record.
EPSS	`epss`	EPSS[]	The Exploit Prediction Scoring System (EPSS) object describes the estimated probability a vulnerability will be exploited. EPSS is a community-driven effort to combine descriptive information about vulnerabilities (CVEs) with evidence of actual exploitation in-the-wild. (EPSS).
Modified Time	`modified_time`	Timestamp	The Record Modified Date identifies when the CVE record was last updated.
Product	`product`	Product[]	The product where the vulnerability was discovered.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
References	`references`	String[]	A list of reference URLs with additional information about the CVE Record.
Related CWEs	`related_cwes`	CWE[]	Describes the Common Weakness Enumeration (CWE) details related to the CVE Record.
Title	`title`	String	A title or a brief phrase summarizing the CVE record.
Vulnerability Type	`type`	String	The vulnerability type as selected from a large dropdown menu during CVE refinement. Most frequently used vulnerability types are: `DoS`, `Code Execution`, `Overflow`, `Memory Corruption`, `Sql Injection`, `XSS`, `Directory Traversal`, `Http Response Splitting`, `Bypass something`, `Gain Information`, `Gain Privileges`, `CSRF`, `File Inclusion`. For more information see Vulnerabilities By Type distributions.
CVE ID	`uid`	String	Entity:`CVE_ID` The Common Vulnerabilities and Exposures unique number assigned to a specific computer vulnerability. A CVE Identifier begins with 4 digits representing the year followed by a sequence of digits that acts as a unique identifier. For example: `CVE-2021-12345`.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

Relationships

Inbound Relationships

These objects and events reference CVE in their attributes:

Outbound Relationships

CVE references the following objects and events in its attributes:

This page describes ocsf-1.4.0