CVRF1.1InstanceType Schema

The CVRF1.1InstanceType provides an extension to the VulnerabilityType which imports and leverages the CVRF schema for structured characterization of Vulnerabilities. This could include characterization of 0-days or other vulnerabilities that do not have a CVE or OSVDB ID.

Fields

Field Name	Type	Description
@is_knownoptional	boolean	The @is_known field captures whether or not the vulnerability is known (i.e. not a 0-day) at the time of characterization.
@is_publicly_acknowledgedoptional	boolean	The @is_publicly_acknowledged field captures whether or not the vulnerability is publicly acknowledged by the vendor.
Title0..1	string	The Title field provides a simple title for this vulnerability.
Description0..1	StructuredTextType	The Description field provides an unstructured, text description of this vulnerability.
Short_Description0..1	StructuredTextType	The Short_Description field provides a short, unstructured, text description of this vulnerability.
CVE_ID0..1	CVE_IDInlineType	The CVE_ID field specifies a CVE identifier for a particular vulnerability.
OSVDB_ID0..1	positiveInteger	The OSVDB_ID field specifies an OSVDB identifier for a particular vulnerability.
Source0..1	string	The Source field describes the source of the CVE or OSVDB as a textual description or URL.
CVSS_Score0..1	CVSSVectorType	The CVSS_Score field captures the full CVSS v2.0 base, temporal, and environmental vectors in their string format.
Discovered_DateTime0..1	DateTimeWithPrecisionType	The date and time that this vulnerability was first discovered.
Published_DateTime0..1	DateTimeWithPrecisionType	The date and time that this vulnerability was first published.
Affected_Software0..1	AffectedSoftwareType	The Affected_Software field captures the list of platforms and software that are affected by this vulnerability. It is implemented through the CybOX Observables, the suggested CybOX objects to use are the Product Object, the Device Object, the System Object, and the Code Object.
References0..1	ReferencesType	The References field captures a list of external references describing this vulnerability.
cvrfdoc1..1	cvrfdoc	The CVRF field contains the structured characterization of Vulnerabilities utilizing the CVRF schema.

Field Name

Type

Description

@is_knownoptional

boolean

The @is_known field captures whether or not the vulnerability is known (i.e. not a 0-day) at the time of characterization.

@is_publicly_acknowledgedoptional

boolean

The @is_publicly_acknowledged field captures whether or not the vulnerability is publicly acknowledged by the vendor.

Title0..1

string

The Title field provides a simple title for this vulnerability.

Description0..1

StructuredTextType

The Description field provides an unstructured, text description of this vulnerability.

Short_Description0..1

StructuredTextType

The Short_Description field provides a short, unstructured, text description of this vulnerability.

CVE_ID0..1

CVE_IDInlineType

The CVE_ID field specifies a CVE identifier for a particular vulnerability.

OSVDB_ID0..1

positiveInteger

The OSVDB_ID field specifies an OSVDB identifier for a particular vulnerability.

Source0..1

string

The Source field describes the source of the CVE or OSVDB as a textual description or URL.

CVSS_Score0..1

CVSSVectorType

The CVSS_Score field captures the full CVSS v2.0 base, temporal, and environmental vectors in their string format.

Discovered_DateTime0..1

DateTimeWithPrecisionType

The date and time that this vulnerability was first discovered.

Published_DateTime0..1

DateTimeWithPrecisionType

The date and time that this vulnerability was first published.

Affected_Software0..1

AffectedSoftwareType

The Affected_Software field captures the list of platforms and software that are affected by this vulnerability. It is implemented through the CybOX Observables, the suggested CybOX objects to use are the Product Object, the Device Object, the System Object, and the Code Object.

References0..1

ReferencesType

The References field captures a list of external references describing this vulnerability.

cvrfdoc1..1

cvrfdoc

The CVRF field contains the structured characterization of Vulnerabilities utilizing the CVRF schema.