Heads up! These docs are for STIX 1.1.1, which is not the latest version (1.2). View the latest!

CVRF1.1InstanceType Schema

The CVRF1.1InstanceType provides an extension to the VulnerabilityType which imports and leverages the CVRF schema for structured characterization of Vulnerabilities. This could include characterization of 0-days or other vulnerabilities that do not have a CVE or OSVDB ID.


Fields

Field Name Type Description
@is_knownoptional boolean

The @is_known field captures whether or not the vulnerability is known (i.e. not a 0-day) at the time of characterization.

@is_publicly_acknowledgedoptional boolean

The @is_publicly_acknowledged field captures whether or not the vulnerability is publicly acknowledged by the vendor.

Title0..1 string

The Title field provides a simple title for this vulnerability.

Description0..1 StructuredTextType

The Description field provides an unstructured, text description of this vulnerability.

Short_Description0..1 StructuredTextType

The Short_Description field provides a short, unstructured, text description of this vulnerability.

CVE_ID0..1 CVE_IDInlineType

The CVE_ID field specifies a CVE identifier for a particular vulnerability.

OSVDB_ID0..1 positiveInteger

The OSVDB_ID field specifies an OSVDB identifier for a particular vulnerability.

Source0..1 string

The Source field describes the source of the CVE or OSVDB as a textual description or URL.

CVSS_Score0..1 CVSSVectorType

The CVSS_Score field captures the full CVSS v2.0 base, temporal, and environmental vectors in their string format.

Discovered_DateTime0..1 DateTimeWithPrecisionType

The date and time that this vulnerability was first discovered.

Published_DateTime0..1 DateTimeWithPrecisionType

The date and time that this vulnerability was first published.

Affected_Software0..1 AffectedSoftwareType

The Affected_Software field captures the list of platforms and software that are affected by this vulnerability. It is implemented through the CybOX Observables, the suggested CybOX objects to use are the Product Object, the Device Object, the System Object, and the Code Object.

References0..1 ReferencesType

The References field captures a list of external references describing this vulnerability.

cvrfdoc1..1 cvrfdoc

The CVRF field contains the structured characterization of Vulnerabilities utilizing the CVRF schema.