Heads up! These docs are for STIX 1.0, which is not the latest version (1.2). View the latest!

VulnerabilityTypeExploit Target Schema

Characterizes an individual vulnerability.

In addition to capturing basic information and references to vulnerability registries, this type is intended to be extended to enable the structured description of a vulnerability by using the XML Schema extension feature. The STIX default extension uses the Common Vulnerability Reporting Format (CVRF) schema to do so. The extension that defines this is captured in the CVRF1.1InstanceType in the http://stix.mitre.org/extensions/Vulnerability#CVRF1.1-1 namespace. This type is defined in the extensions/vulnerability/cvrf_1.1.xsd file or at the URL http://stix.mitre.org/XMLSchema/extensions/vulnerability/cvrf_1.1/1.0/cvrf_1.1.xsd.


Field Name Type Description
Description0..1 StructuredTextType

The Description element is optional and enables a generalized description of this Vulnerability.

CVE_ID0..1 CVE_IDInlineType

The CVE_ID field is optional and specifies a CVE identifier for a particular vulnerability.

OSVDB_ID0..1 positiveInteger

The OSVDB_ID field is optional and specifies an OSVDB identifier for a particular vulnerability.

CVSS_Score0..1 CVSSVectorType

The CVSS_Score field captures the full CVSS v2.0 base, temporal, and environmental vectors in their string format.