CVSS Score
The Common Vulnerability Scoring System (CVSS) object provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Access Complexity (AC) | access_complexity_id |
Integer |
Name: Access Complexity (AC). Group: Base. CVSS Version: v1, v2
|
Access Vector (AV) | access_vector_id |
Integer |
Name: Access Vector (AV). Group: Base. CVSS version: v1, v2
|
Attack Complexity (AC) | attack_complexity_id |
Integer |
The Attack Complexity Common Vulnerability Scoring System (CVSS) metric. Name: Attack Complexity (AC). Group: Base. CVSS version: v3
|
Attack Vector (AV) | attack_vector_id |
Integer |
Name: Attack Vector (AV). Group: Base. CVSS version: v3
|
Authentication (Au) | authentication_id |
Integer |
Name: Authentication (Au). Group: Base. CVSS version: v1, v2
|
Availability (A) | availability_id |
Integer |
Name: Availability (A). Group: Base. CVSS version: v3
|
Availability Impact (A) | availability_impact_id |
Integer |
Name: Availability Impact (A). Group: Base, CVSS version: v1, v2
|
Availability Requirement (AR) | availability_requirement_id |
Integer |
Name: Availability Requirement (AR). Group: Environmental. CVSS version: v2, v3
|
Base Score | base_score |
Float |
The CVSS base score. For example: 9.1 .
|
Collateral Damage Potential (CDP) | collateral_damage_potential_id |
Integer |
Name: Collateral Damage Potential (CDP). Group: Environmental. CVSS version: v1, v2
|
Confidentiality (C) | confidentiality_id |
Integer |
The Confidentiality Common Vulnerability Scoring System (CVSS) metric. Name: Confidentiality (C). Group: Base. CVSS version: v3
|
Confidentiality Impact (C) | confidentiality_impact_id |
Integer |
Name: Confidentiality Impact (C). Group: Base CVSS version: v1, v2
|
Confidentiality Requirement (CR) | confidentiality_requirement_id |
Integer |
Name: Confidentiality Requirement (CR). Group: Environmental. CVSS version: v2, v3
|
CVSS Depth | depth |
String |
The CVSS depth represents a depth of the equation used to calculate CVSS score.
|
CVSS Depth | depth_id |
Integer |
The CVSS depth. Representing a depth of the equation used to calculate CVSS score.
|
Exploit Code Maturity (E) | exploit_code_maturity_id |
Integer |
Name: Exploit Code Maturity (E). Group: Temporal. CVSS version: v3
|
Exploitability (E) | exploitability_id |
Integer |
Name: Exploitability (E). Group: Temporal. CVSS version: v1, v2
|
Integrity (I) | integrity_id |
Integer |
The Integrity Common Vulnerability Scoring System (CVSS) metric. Name: Integrity (I). Group: Base. CVSS version: v3
|
Integrity Impact (I) | integrity_impact_id |
Integer |
Name: Integrity Impact (I). Group: Base. CVSS version: v1, v2
|
Integrity Requirement (IR) | integrity_requirement_id |
Integer |
Name: Integrity Requirement (IR). Group: Environmental. CVSS version: v2, v3
|
Metrics | metrics |
Metric[] |
The Common Vulnerability Scoring System metrics. This attribute contains information on the CVE's impact. If the CVE has been analyzed, this attribute will contain any CVSSv2 or CVSSv3 information associated with the vulnerability. For example: { {"Access Vector", "Network"}, {"Access Complexity", "Low"}, ...} .
|
Modified Attack Complexity (MAC) | modified_attack_complexity_id |
Integer |
Name: Modified Attack Complexity (MAC). Group: Environmental. Version: v3
|
Modified Attack Vector (MAV) | modified_attack_vector_id |
Integer |
Name: Modified Attack Vector (MAV). Group: Environmental. Version: v3
|
Modified Availability (MA) | modified_availability_id |
Integer |
Name: Modified Availability (MA). Group: Environmental. Version: v3
|
Modified Confidentiality (MC) | modified_confidentiality_id |
Integer |
Name: Modified Confidentiality (MC). Group: Environmental. Version: v3
|
Modified Integrity (MI) | modified_integrity_id |
Integer |
Name: Modified Integrity (MI). Group: Environmental. Version: v3
|
Modified Privileges Required (MPR) | modified_privileges_required_id |
Integer |
Name: Modified Privileges Required (MPR). Group: Environmental. Version: v3
|
Modified Scope (MS) | modified_scope_id |
Integer |
Name: Modified Scope (MS). Group: Environmental. Version: v3
|
Modified User Interaction (MUI) | modified_user_interaction_id |
Integer |
Name: Modified User Interaction (MUI). Group: Environmental. Version: v3
|
Overall Score | overall_score |
Float |
The CVSS overall score, impacted by base, temporal, and environmental metrics. For example: 9.1 .
|
Privileges Required (PR) | privileges_required_id |
Integer |
The Privileges Required (PR) Common Vulnerability Scoring System (CVSS) metric. Name: Privileges Required (PR). Group: Base. CVSS version: v3
|
Raw Data | raw_data |
JSON | The event data as received from the event source. |
Reputation Score | raw_score |
Float |
CVSS Score in the range of 0.0 to 10.0.
|
Record ID | record_id |
String | Unique identifier for the object |
Remediation Level (RL) | remediation_level_id |
Integer |
Name: Remediation Level (RL). Group: Temporal. CVSS version: v1, v2, v3
|
Report Confidence (RC) | report_confidence_id |
Integer |
Name: Report Confidence (RC). Group: Temporal. CVSS version: v1, v2, v3
|
Scope (S) | scope_id |
Integer |
Name: Scope (S). Group: Base. CVSS version: v3
|
Severity | severity |
String |
The Common Vulnerability Scoring System (CVSS) Qualitative Severity Rating. A textual representation of the numeric score. CVSS v2.0
|
Qualitative Severity Rating | severity_id |
Integer |
The Common Vulnerability Scoring System (CVSS) Qualitative Severity Rating. A textual representation of the numeric score. None (0.0), Low (0.1 - 3.9), Medium (4.0 - 6.9), High (7.0 - 8.9), Critical (9.0 - 10.0)
|
Target Distribution (TD) | target_distribution_id |
Integer |
Name: Target Distribution (TD). Group: Environmental. CVSS version: v1, v2
|
Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
User Interaction (UI) | user_interaction_id |
Integer |
The User Interaction Common Vulnerability Scoring System (CVSS) metric. Name: User Interaction (UI). Group: Base. CVSS version: v3
|
Vector String | vector_string |
String |
The CVSS vector string is a text representation of a set of CVSS metrics. It is commonly used to record or transfer CVSS metric information in a concise form. For example: 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H .
|
Version | version |
String |
The CVSS version. For example: 3.1 .
|
Relationships
Inbound Relationships
These objects and events reference CVSS Score in their attributes:
Outbound Relationships
CVSS Score references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated 2 months ago