CVSS Score

cvss

The Common Vulnerability Scoring System (CVSS) object provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.

Attributes

CaptionNameTypeDescription
Base Scorebase_scoreFloatThe CVSS base score. For example: 9.1.
CVSS DepthdepthStringThe CVSS depth represents a depth of the equation used to calculate CVSS score.
  • Base: Base (BASE)
  • Environmental: Environmental (ENVIRONMENTAL)
  • Temporal: Temporal (TEMPORAL)
MetricsmetricsMetric[]The Common Vulnerability Scoring System metrics. This attribute contains information on the CVE's impact. If the CVE has been analyzed, this attribute will contain any CVSSv2 or CVSSv3 information associated with the vulnerability. For example: "Access Vector", "Network", "Access Complexity", "Low", ....
Overall Scoreoverall_scoreFloatThe CVSS overall score, impacted by base, temporal, and environmental metrics. For example: 9.1.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
SeverityseverityStringThe Common Vulnerability Scoring System (CVSS) Qualitative Severity Rating. A textual representation of the numeric score.CVSS v2.0Low (0.0 – 3.9)Medium (4.0 – 6.9)High (7.0 – 10.0)CVSS v3.0None (0.0)Low (0.1 - 3.9)Medium (4.0 - 6.9)High (7.0 - 8.9)Critical (9.0 - 10.0)
Source URLsrc_urlURL StringEntity:URL_STRING

The source URL for the CVSS score. For example: https://nvd.nist.gov/vuln/detail/CVE-2021-44228
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.
Vector Stringvector_stringStringThe CVSS vector string is a text representation of a set of CVSS metrics. It is commonly used to record or transfer CVSS metric information in a concise form. For example: 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.
Vendor Namevendor_nameStringThe vendor that provided the CVSS score. For example: NVD, REDHAT etc.
VersionversionStringThe CVSS version. For example: 3.1.

Relationships

CVSS Score shown in context

Inbound Relationships

These objects and events reference CVSS Score in their attributes:

Outbound Relationships

CVSS Score references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0