Class Cve (1.28.0)

Cve(mapping=None, *, ignore_unknown_fields=False, **kwargs)

CVE stands for Common Vulnerabilities and Exposures. Information from the CVE record <https://www.cve.org/ResourcesSupport/Glossary>__ that describes this vulnerability.

Attributes

NameDescription
id str
The unique identifier for the vulnerability. e.g. CVE-2021-34527
references MutableSequence[google.cloud.securitycenter_v1.types.Reference]
Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527
cvssv3 google.cloud.securitycenter_v1.types.Cvssv3
Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document
upstream_fix_available bool
Whether upstream fix is available for the CVE.
impact google.cloud.securitycenter_v1.types.Cve.RiskRating
The potential impact of the vulnerability if it was to be exploited.
exploitation_activity google.cloud.securitycenter_v1.types.Cve.ExploitationActivity
The exploitation activity of the vulnerability in the wild.
observed_in_the_wild bool
Whether or not the vulnerability has been observed in the wild.
zero_day bool
Whether or not the vulnerability was zero day when the finding was published.

Classes

ExploitationActivity

ExploitationActivity(value)

The possible values of exploitation activity of the vulnerability in the wild.

Values: EXPLOITATION_ACTIVITY_UNSPECIFIED (0): Invalid or empty value. WIDE (1): Exploitation has been reported or confirmed to widely occur. CONFIRMED (2): Limited reported or confirmed exploitation activities. AVAILABLE (3): Exploit is publicly available. ANTICIPATED (4): No known exploitation activity, but has a high potential for exploitation. NO_KNOWN (5): No known exploitation activity.

RiskRating

RiskRating(value)

The possible values of impact of the vulnerability if it was to be exploited.

Values: RISK_RATING_UNSPECIFIED (0): Invalid or empty value. LOW (1): Exploitation would have little to no security impact. MEDIUM (2): Exploitation would enable attackers to perform activities, or could allow attackers to have a direct impact, but would require additional steps. HIGH (3): Exploitation would enable attackers to have a notable direct impact without needing to overcome any major mitigating factors. CRITICAL (4): Exploitation would fundamentally undermine the security of affected systems, enable actors to perform significant attacks with minimal effort, with little to no mitigating factors to overcome.