STIX 2.x documentation is available here. This site contains archived STIX 1.x documentation. STIX is now maintained by the OASIS CTI TC.

Heads up! These docs are for STIX 1.0.1, which is not the latest version (1.2). View the latest!

CVRF1.1InstanceType Schema

The CVRF1.1InstanceType provides an extension to the VulnerabilityType which imports and leverages the CVRF schema for structured characterization of Vulnerabilities. This could include characterization of 0-days or other vulnerabilities that do not have a CVE or OSVDB ID.

Fields

Field Name	Type	Description
Description0..1	StructuredTextType	The Description element is optional and enables a generalized description of this Vulnerability.
CVE_ID0..1	CVE_IDInlineType	The CVE_ID field is optional and specifies a CVE identifier for a particular vulnerability.
OSVDB_ID0..1	positiveInteger	The OSVDB_ID field is optional and specifies an OSVDB identifier for a particular vulnerability.
CVSS_Score0..1	CVSSVectorType	The CVSS_Score field captures the full CVSS v2.0 base, temporal, and environmental vectors in their string format.
cvrfdoc1..1	cvrfdoc	The CVRF field contains the structured characterization of Vulnerabilities utilizing the CVRF schema.