Vulnerability Details

vulnerability

The vulnerability is an unintended characteristic of a computing component or system configuration that multiplies the risk of an adverse event or a loss occurring either due to accidental exposure, deliberate attack, or conflict with new system components.

Attributes

Caption	Name	Type	Description
Security Advisory	`advisory`	Advisory[]	Detail about the security advisory, that is used to publicly disclose cybersecurity vulnerabilities by a vendor.
Affected Code	`affected_code`	Affected Code[]	List of Affected Code objects that describe details about code blocks identified as vulnerable.
Affected Software Packages	`affected_packages`	Affected Software Package[]	List of software packages identified as affected by a vulnerability/vulnerabilities.
CVE	`cve`	CVE[]	Describes the Common Vulnerabilities and Exposures (CVE) details related to the vulnerability.
CWE	`cwe`	CWE[]	Describes the Common Weakness Enumeration (CWE) details related to the vulnerability.
Description	`desc`	String	The description of the vulnerability.
Exploit Last Seen Time	`exploit_last_seen_time`	Timestamp	The time when the exploit was most recently observed.
First Seen	`first_seen_time`	Timestamp	The time when the vulnerability was first observed.
Fix Availability	`fix_available`	Boolean	Indicates if a fix is available for the reported vulnerability. 🚧 WARNING: DEPRECATED Fix Availability has been deprecated since 1.1.0. Use the `is_fix_available` attribute instead.
Exploit Availability	`is_exploit_available`	Boolean	Indicates if an exploit or a PoC (proof-of-concept) is available for the reported vulnerability.
Fix Availability	`is_fix_available`	Boolean	Indicates if a fix is available for the reported vulnerability.
Knowledgebase Articles	`kb_article_list`	KB Article[]	A list of KB articles or patches related to an endpoint. A KB Article contains metadata that describes the patch or an update. 🚧 WARNING: DEPRECATED Knowledgebase Articles has been deprecated since 1.4.0. Use `advisory` attribute instead.
Knowledgebase Articles	`kb_articles`	String[]	The KB article/s related to the entity. A KB Article contains metadata that describes the patch or an update. 🚧 WARNING: DEPRECATED Knowledgebase Articles has been deprecated since 1.1.0. Use the `kb_article_list` attribute instead.
Last Seen	`last_seen_time`	Timestamp	The time when the vulnerability was most recently observed.
Software Packages	`packages`	Software Package[]	List of vulnerable packages as identified by the security product 🚧 WARNING: DEPRECATED Software Packages has been deprecated since 1.1.0. Use the `affected_packages` attribute instead.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
References	`references`	String[]	A list of reference URLs with additional information about the vulnerability.
Related Vulnerability IDs	`related_vulnerabilities`	String[]	List of vulnerability IDs (e.g. CVE ID) that are related to this vulnerability.
Remediation Guidance	`remediation`	Remediation[]	The remediation recommendations on how to mitigate the identified vulnerability.
Severity	`severity`	String	The vendor assigned severity of the vulnerability.
Title	`title`	String	A title or a brief phrase summarizing the discovered vulnerability.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.
Vendor Name	`vendor_name`	String	The name of the vendor that identified the vulnerability.

Relationships

Inbound Relationships

These objects and events reference Vulnerability Details in their attributes:

Outbound Relationships

Vulnerability Details references the following objects and events in its attributes:

This page describes ocsf-1.4.0