VulnerabilityTypeExploit Target Schema

Characterizes an individual vulnerability.

In addition to capturing basic information and references to vulnerability registries, this type is intended to be extended to enable the structured description of a vulnerability by using the XML Schema extension feature. The STIX default extension uses the Common Vulnerability Reporting Format (CVRF) schema to do so. The extension that defines this is captured in the CVRF1.1InstanceType in the http://stix.mitre.org/extensions/Vulnerability#CVRF1.1-1 namespace. This type is defined in the extensions/vulnerability/cvrf_1.1.xsd file or at the URL http://stix.mitre.org/XMLSchema/extensions/vulnerability/cvrf_1.1/1.0/cvrf_1.1.xsd.

Fields

Field Name	Type	Description
Description0..1	StructuredTextType	The Description element is optional and enables a generalized description of this Vulnerability.
CVE_ID0..1	CVE_IDInlineType	The CVE_ID field is optional and specifies a CVE identifier for a particular vulnerability.
OSVDB_ID0..1	positiveInteger	The OSVDB_ID field is optional and specifies an OSVDB identifier for a particular vulnerability.
CVSS_Score0..1	CVSSVectorType	The CVSS_Score field captures the full CVSS v2.0 base, temporal, and environmental vectors in their string format.

Field Name

Type

Description

Description0..1

StructuredTextType

The Description element is optional and enables a generalized description of this Vulnerability.

CVE_ID0..1

CVE_IDInlineType

The CVE_ID field is optional and specifies a CVE identifier for a particular vulnerability.

OSVDB_ID0..1

positiveInteger

The OSVDB_ID field is optional and specifies an OSVDB identifier for a particular vulnerability.

CVSS_Score0..1

CVSSVectorType

The CVSS_Score field captures the full CVSS v2.0 base, temporal, and environmental vectors in their string format.