Vulnerability

A vulnerability.

JSON representation
{
  "about": {
    object (Noun)
  },
  "name": string,
  "description": string,
  "vendor": string,
  "scan_start_time": string,
  "scan_end_time": string,
  "first_found": string,
  "last_found": string,
  "severity": enum (Severity),
  "severity_details": string,
  "cvss_base_score": number,
  "cvss_vector": string,
  "cvss_version": string,
  "cve_id": string,
  "cve_description": string,
  "vendor_vulnerability_id": string,
  "vendor_knowledge_base_article_id": string
}
Fields
about

object (Noun)

If the vulnerability is about a specific noun (e.g. executable), then add it here.

name

string

Name of the vulnerability (e.g. "Unsupported OS Version detected").

description

string

Description of the vulnerability.

vendor

string

Vendor of scan that discovered vulnerability.

scan_start_time

string (Timestamp format)

If the vulnerability was discovered during an asset scan, then this field should be populated with the time the scan started. This field can be left unset if the start time is not available or not applicable.

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

scan_end_time

string (Timestamp format)

If the vulnerability was discovered during an asset scan, then this field should be populated with the time the scan ended. This field can be left unset if the end time is not available or not applicable.

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

first_found

string (Timestamp format)

Products that maintain a history of vuln scans should populate first_found with the time that a scan first detected the vulnerability on this asset.

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

last_found

string (Timestamp format)

Products that maintain a history of vuln scans should populate last_found with the time that a scan last detected the vulnerability on this asset.

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

severity

enum (Severity)

The severity of the vulnerability.

severity_details

string

Vendor-specific severity

cvss_base_score

number

CVSS Base Score in the range of 0.0 to 10.0. Useful for sorting.

cvss_vector

string

Vector of CVSS properties (e.g. "AV:L/AC:H/Au:N/C:N/I:P/A:C") Can be linked to via: https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator

cvss_version

string

Version of CVSS Vector/Score.

cve_id

string

Common Vulnerabilities and Exposures Id. https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures https://cve.mitre.org/about/faqs.html#what_is_cve_id

cve_description

string

Common Vulnerabilities and Exposures Description. https://cve.mitre.org/about/faqs.html#what_is_cve_record

vendor_vulnerability_id

string

Vendor specific vulnerability id (e.g. Microsoft security bulletin id).

vendor_knowledge_base_article_id

string

Vendor specific knowledge base article (e.g. "KBXXXXXX" from Microsoft). https://en.wikipedia.org/wiki/Microsoft_Knowledge_Base https://access.redhat.com/knowledgebase

Severity

Severity of the vulnerability.

Enums
UNKNOWN_SEVERITY The default severity level.
LOW Low severity.
MEDIUM Medium severity.
HIGH High severity.
CRITICAL Critical severity.