Vulnerability Details
The vulnerability is an unintended characteristic of a computing component or system configuration that multiplies the risk of an adverse event or a loss occurring either due to accidental exposure, deliberate attack, or conflict with new system components.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Affected Code | affected_code |
Affected Code[] | List of Affected Code objects that describe details about code blocks identified as vulnerable. |
Affected Software Packages | affected_packages |
Affected Software Package[] | List of software packages identified as affected by a vulnerability/vulnerabilities. |
CVE | cve |
CVE[] | The Common Vulnerabilities and Exposures (CVE). |
CVSS Scores | cvss |
CVSS Score[] |
The CVSS object details Common Vulnerability Scoring System (CVSS) scores from the advisory that are related to the vulnerability.
|
CWE | cwe |
CWE[] | The CWE object represents a weakness in a software system that can be exploited by a threat actor to perform an attack. The CWE object is based on the Common Weakness Enumeration (CWE) catalog. |
Description | desc |
String | The description of the vulnerability. |
First Seen | first_seen_time |
Timestamp | The time when the vulnerability was first observed. |
Fix Availability | fix_available |
Boolean |
Indicates if a fix is available for the reported vulnerability.
|
Exploit Availability | is_exploit_available |
Boolean | Indicates if an exploit or a PoC (proof-of-concept) is available for the reported vulnerability. |
Fix Availability | is_fix_available |
Boolean | Indicates if a fix is available for the reported vulnerability. |
Knowledgebase Articles | kb_article_list |
KB Article[] | A list of KB articles or patches related to an endpoint. A KB Article contains metadata that describes the patch or an update. |
Knowledgebase Articles | kb_articles |
String[] |
The KB article/s related to the entity. A KB Article contains metadata that describes the patch or an update.
|
Last Seen | last_seen_time |
Timestamp | The time when the vulnerability was most recently observed. |
Software Packages | packages |
String[] |
List of vulnerable packages as identified by the security product
|
Raw Data | raw_data |
JSON | The event data as received from the event source. |
Record ID | record_id |
String | Unique identifier for the object |
References | references |
String[] | A list of reference URLs with additional information about the vulnerability. |
Related Vulnerabilities | related_vulnerabilities |
String[] | List of vulnerabilities that are related to this vulnerability. |
Remediation Guidance | remediation |
Remediation[] | The remediation recommendations on how to mitigate the identified vulnerability. |
Severity | severity |
String | The vendor assigned severity of the vulnerability. |
Title | title |
String | A title or a brief phrase summarizing the discovered vulnerability. |
Unique ID | uid |
String |
The vulnerability unique identifier.
|
Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Vendor Name | vendor_name |
String | The name of the vendor that identified the vulnerability. |
Relationships
Inbound Relationships
These objects and events reference Vulnerability Details in their attributes:
Outbound Relationships
Vulnerability Details references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated 2 months ago