Cve(mapping=None, *, ignore_unknown_fields=False, **kwargs)CVE stands for Common Vulnerabilities and Exposures. Information
from the CVE
record <https://www.cve.org/ResourcesSupport/Glossary>__ that
describes this vulnerability.
Attributes | |
|---|---|
| Name | Description |
id |
str
The unique identifier for the vulnerability. e.g. CVE-2021-34527 |
references |
MutableSequence[google.cloud.securitycenter_v1.types.Reference]
Additional information about the CVE. e.g. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527 |
cvssv3 |
google.cloud.securitycenter_v1.types.Cvssv3
Describe Common Vulnerability Scoring System specified at https://www.first.org/cvss/v3.1/specification-document |
upstream_fix_available |
bool
Whether upstream fix is available for the CVE. |
impact |
google.cloud.securitycenter_v1.types.Cve.RiskRating
The potential impact of the vulnerability if it was to be exploited. |
exploitation_activity |
google.cloud.securitycenter_v1.types.Cve.ExploitationActivity
The exploitation activity of the vulnerability in the wild. |
observed_in_the_wild |
bool
Whether or not the vulnerability has been observed in the wild. |
zero_day |
bool
Whether or not the vulnerability was zero day when the finding was published. |
Classes
ExploitationActivity
ExploitationActivity(value)The possible values of exploitation activity of the vulnerability in the wild.
Values: EXPLOITATION_ACTIVITY_UNSPECIFIED (0): Invalid or empty value. WIDE (1): Exploitation has been reported or confirmed to widely occur. CONFIRMED (2): Limited reported or confirmed exploitation activities. AVAILABLE (3): Exploit is publicly available. ANTICIPATED (4): No known exploitation activity, but has a high potential for exploitation. NO_KNOWN (5): No known exploitation activity.
RiskRating
RiskRating(value)The possible values of impact of the vulnerability if it was to be exploited.
Values: RISK_RATING_UNSPECIFIED (0): Invalid or empty value. LOW (1): Exploitation would have little to no security impact. MEDIUM (2): Exploitation would enable attackers to perform activities, or could allow attackers to have a direct impact, but would require additional steps. HIGH (3): Exploitation would enable attackers to have a notable direct impact without needing to overcome any major mitigating factors. CRITICAL (4): Exploitation would fundamentally undermine the security of affected systems, enable actors to perform significant attacks with minimal effort, with little to no mitigating factors to overcome.