Vulnerability Details
vulnerability
The vulnerability is an unintended characteristic of a computing component or system configuration that multiplies the risk of an adverse event or a loss occurring either due to accidental exposure, deliberate attack, or conflict with new system components.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Security Advisory | advisory | Advisory[] | Detail about the security advisory, that is used to publicly disclose cybersecurity vulnerabilities by a vendor. |
Affected Code | affected_code | Affected Code[] | List of Affected Code objects that describe details about code blocks identified as vulnerable. |
Affected Software Packages | affected_packages | Affected Software Package[] | List of software packages identified as affected by a vulnerability/vulnerabilities. |
CVE | cve | CVE[] | Describes the Common Vulnerabilities and Exposures (CVE) details related to the vulnerability. |
CWE | cwe | CWE[] | Describes the Common Weakness Enumeration (CWE) details related to the vulnerability. |
Description | desc | String | The description of the vulnerability. |
Exploit Last Seen Time | exploit_last_seen_time | Timestamp | The time when the exploit was most recently observed. |
First Seen | first_seen_time | Timestamp | The time when the vulnerability was first observed. |
Fix Availability | fix_available | Boolean | Indicates if a fix is available for the reported vulnerability.
|
Exploit Availability | is_exploit_available | Boolean | Indicates if an exploit or a PoC (proof-of-concept) is available for the reported vulnerability. |
Fix Availability | is_fix_available | Boolean | Indicates if a fix is available for the reported vulnerability. |
Knowledgebase Articles | kb_article_list | KB Article[] | A list of KB articles or patches related to an endpoint. A KB Article contains metadata that describes the patch or an update.
|
Knowledgebase Articles | kb_articles | String[] | The KB article/s related to the entity. A KB Article contains metadata that describes the patch or an update.
|
Last Seen | last_seen_time | Timestamp | The time when the vulnerability was most recently observed. |
Software Packages | packages | Software Package[] | List of vulnerable packages as identified by the security product
|
Raw Data | raw_data | JSON | Group: |
Record ID | record_id | String | Group: |
References | references | String[] | A list of reference URLs with additional information about the vulnerability. |
Related Vulnerability IDs | related_vulnerabilities | String[] | List of vulnerability IDs (e.g. CVE ID) that are related to this vulnerability. |
Remediation Guidance | remediation | Remediation[] | The remediation recommendations on how to mitigate the identified vulnerability. |
Severity | severity | String | The vendor assigned severity of the vulnerability. |
Title | title | String | A title or a brief phrase summarizing the discovered vulnerability. |
Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
Vendor Name | vendor_name | String | The name of the vendor that identified the vulnerability. |
Relationships
Inbound Relationships
These objects and events reference Vulnerability Details in their attributes:
Outbound Relationships
Vulnerability Details references the following objects and events in its attributes:
This page describes ocsf-1.4.0
Updated 9 days ago