CVE
The Common Vulnerabilities and Exposures (CVE) object represents publicly disclosed cybersecurity vulnerabilities defined in CVE Program catalog (CVE). There is one CVE Record for each vulnerability in the catalog.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Created Time | created_time |
Timestamp | The Record Creation Date identifies when the CVE ID was issued to a CVE Numbering Authority (CNA) or the CVE Record was published on the CVE List. Note that the Record Creation Date does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE. |
| CVSS Score | cvss |
CVSS Score[] | The CVSS object details Common Vulnerability Scoring System (CVSS) scores from the advisory that are related to the vulnerability. |
| CWE | cwe |
CWE[] | The CWE object represents a weakness in a software system that can be exploited by a threat actor to perform an attack. The CWE object is based on the Common Weakness Enumeration (CWE) catalog. |
| CWE UID | cwe_uid |
String |
The Common Weakness Enumeration (CWE) unique identifier. For example: CWE-787.
|
| CWE URL | cwe_url |
URL String |
Common Weakness Enumeration (CWE) definition URL. For example: https://cwe.mitre.org/data/definitions/787.html.
|
| Description | desc |
String | A brief description of the CVE Record. |
| EPSS | epss |
EPSS[] | The Exploit Prediction Scoring System (EPSS) object describes the estimated probability a vulnerability will be exploited. EPSS is a community-driven effort to combine descriptive information about vulnerabilities (CVEs) with evidence of actual exploitation in-the-wild. (EPSS). |
| Modified Time | modified_time |
Timestamp | The Record Modified Date identifies when the CVE record was last updated. |
| Product | product |
Product[] | The product where the vulnerability was discovered. |
| Raw Data | raw_data |
JSON | The event data as received from the event source. |
| Record ID | record_id |
String | Unique identifier for the object |
| References | references |
String[] | A list of reference URLs with additional information about the CVE Record. |
| Title | title |
String | A title or a brief phrase summarizing the CVE record. |
| Vulnerability Type | type |
String |
The vulnerability type as selected from a large dropdown menu during CVE refinement. Most frequently used vulnerability types are:DoS, Code Execution, Overflow, Memory Corruption, Sql Injection, XSS, Directory Traversal, Http Response Splitting, Bypass something, Gain Information, Gain Privileges, CSRF, File Inclusion. For more information see Vulnerabilities By Type distributions.
|
| CVE ID | uid |
String |
The Common Vulnerabilities and Exposures unique number assigned to a specific computer vulnerability. A CVE Identifier begins with 4 digits representing the year followed by a sequence of digits that acts as a unique identifier. For example: CVE-2021-12345.
|
| Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Relationships
Inbound Relationships
These objects and events reference CVE in their attributes:
Outbound Relationships
CVE references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated about 1 month ago