A vulnerability.
JSON representation |
---|
{ "about": { object ( |
Fields | |
---|---|
about |
If the vulnerability is about a specific noun (e.g. executable), then add it here. |
name |
Name of the vulnerability (e.g. "Unsupported OS Version detected"). |
description |
Description of the vulnerability. |
vendor |
Vendor of scan that discovered vulnerability. |
scan_ |
If the vulnerability was discovered during an asset scan, then this field should be populated with the time the scan started. This field can be left unset if the start time is not available or not applicable. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: |
scan_ |
If the vulnerability was discovered during an asset scan, then this field should be populated with the time the scan ended. This field can be left unset if the end time is not available or not applicable. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: |
first_ |
Products that maintain a history of vuln scans should populate first_found with the time that a scan first detected the vulnerability on this asset. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: |
last_ |
Products that maintain a history of vuln scans should populate last_found with the time that a scan last detected the vulnerability on this asset. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: |
severity |
The severity of the vulnerability. |
severity_ |
Vendor-specific severity |
cvss_ |
CVSS Base Score in the range of 0.0 to 10.0. Useful for sorting. |
cvss_ |
Vector of CVSS properties (e.g. "AV:L/AC:H/Au:N/C:N/I:P/A:C") Can be linked to via: https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator |
cvss_ |
Version of CVSS Vector/Score. |
cve_ |
Common Vulnerabilities and Exposures Id. https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures https://cve.mitre.org/about/faqs.html#what_is_cve_id |
cve_ |
Common Vulnerabilities and Exposures Description. https://cve.mitre.org/about/faqs.html#what_is_cve_record |
vendor_ |
Vendor specific vulnerability id (e.g. Microsoft security bulletin id). |
vendor_ |
Vendor specific knowledge base article (e.g. "KBXXXXXX" from Microsoft). https://en.wikipedia.org/wiki/Microsoft_Knowledge_Base https://access.redhat.com/knowledgebase |
Severity
Severity of the vulnerability.
Enums | |
---|---|
UNKNOWN_SEVERITY |
The default severity level. |
LOW |
Low severity. |
MEDIUM |
Medium severity. |
HIGH |
High severity. |
CRITICAL |
Critical severity. |