Vulnerability Details
vulnerability
The vulnerability is an unintended characteristic of a computing component or system configuration that multiplies the risk of an adverse event or a loss occurring either due to accidental exposure, deliberate attack, or conflict with new system components.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Security Advisory | advisory | Advisory[] | Detail about the security advisory, that is used to publicly disclose cybersecurity vulnerabilities by a vendor. |
| Affected Code | affected_code | Affected Code[] | List of Affected Code objects that describe details about code blocks identified as vulnerable. |
| Affected Software Packages | affected_packages | Affected Software Package[] | List of software packages identified as affected by a vulnerability/vulnerabilities. |
| Category | category | String | The category of a vulnerability or weakness, as reported by the source tool, such as Container Security or Open Source Security. |
| CVE | cve | CVE[] | Describes the Common Vulnerabilities and Exposures (CVE) details related to the vulnerability. |
| CWE | cwe | CWE[] | Describes the Common Weakness Enumeration (CWE) details related to the vulnerability. |
| Dependency Chain | dependency_chain | String | Information about the chain of dependencies related to the issue as reported by an Application Security or Vulnerability Management tool. E.g., serverless-offline -> @serverless/utils -> memoizee -> es5-ext. |
| Description | desc | String | The description of the vulnerability. |
| Exploit Last Seen Time | exploit_last_seen_time | Timestamp | The time when the exploit was most recently observed. |
| Exploit URL | exploit_ref_url | URL String | Entity: |
| Exploit Requirement | exploit_requirement | String | The requirement description related to any constraints around exploit execution. |
| Exploit Type | exploit_type | String | The categorization or type of Exploit. E.g., Network or Physical. |
| First Seen | first_seen_time | Timestamp | The time when the vulnerability was first observed. |
| Fix Availability | fix_available | Boolean | Indicates if a fix is available for the reported vulnerability.
|
| Fix Coverage | fix_coverage | String | The fix coverage, normalized to the caption of the fix_coverage_id value. |
| Fix Coverage ID | fix_coverage_id | Integer | The normalized identifier for fix coverage, applicable to this vulnerability. Typically useful, when there are multiple affected packages but only a subset have available fixes.
|
| Exploit Availability | is_exploit_available | Boolean | Indicates if an exploit or a PoC (proof-of-concept) is available for the reported vulnerability. |
| Fix Availability | is_fix_available | Boolean | Indicates if a fix is available for the reported vulnerability. |
| Knowledgebase Articles | kb_article_list | KB Article[] | A list of KB articles or patches related to an endpoint. A KB Article contains metadata that describes the patch or an update.
|
| Knowledgebase Articles | kb_articles | String[] | The KB article/s related to the entity. A KB Article contains metadata that describes the patch or an update.
|
| Last Seen | last_seen_time | Timestamp | The time when the vulnerability was most recently observed. |
| Software Packages | packages | Software Package[] | List of vulnerable packages as identified by the security product
|
| Raw Data | raw_data | JSON | Group: |
| Record ID | record_id | String | Group: |
| References | references | String[] | A list of reference URLs with additional information about the vulnerability. |
| Related Vulnerability IDs | related_vulnerabilities | String[] | List of vulnerability IDs (e.g. CVE ID) that are related to this vulnerability. |
| Remediation Guidance | remediation | Remediation[] | The remediation recommendations on how to mitigate the identified vulnerability. |
| Severity | severity | String | The vendor assigned severity of the vulnerability. |
| Title | title | String | A title or a brief phrase summarizing the discovered vulnerability. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
| Vendor Name | vendor_name | String | The name of the vendor that identified the vulnerability. |
Relationships
Inbound Relationships
These objects and events reference Vulnerability Details in their attributes:
Outbound Relationships
Vulnerability Details references the following objects and events in its attributes:
This page describes qdm-1.5.1+ocsf-1.6.0
Updated 22 days ago