Heads up! These docs are for STIX 1.0.1, which is not the latest version (1.2). View the latest!

CVRF1.1InstanceType Schema

The CVRF1.1InstanceType provides an extension to the VulnerabilityType which imports and leverages the CVRF schema for structured characterization of Vulnerabilities. This could include characterization of 0-days or other vulnerabilities that do not have a CVE or OSVDB ID.


Field Name Type Description
Description0..1 StructuredTextType

The Description element is optional and enables a generalized description of this Vulnerability.

CVE_ID0..1 CVE_IDInlineType

The CVE_ID field is optional and specifies a CVE identifier for a particular vulnerability.

OSVDB_ID0..1 positiveInteger

The OSVDB_ID field is optional and specifies an OSVDB identifier for a particular vulnerability.

CVSS_Score0..1 CVSSVectorType

The CVSS_Score field captures the full CVSS v2.0 base, temporal, and environmental vectors in their string format.

cvrfdoc1..1 cvrfdoc

The CVRF field contains the structured characterization of Vulnerabilities utilizing the CVRF schema.