Enum: ReferenceTag
A tag describing the type or nature of the resource referenced by a URL.
URI: cve:ReferenceTag
Permissible Values
| Value | Meaning | Description |
|---|---|---|
| broken-link | None | The reference link is returning a 404 error, or the site is no longer online |
| customer-entitlement | None | Similar to Privileges Required, but specific to references that require non-p... |
| exploit | None | Reference contains an in-depth description of steps to exploit a vulnerabilit... |
| government-resource | None | All reference links that are from a government agency or organization |
| issue-tracking | None | The reference is a post from a bug tracking tool such as MantisBT, Bugzilla, ... |
| mailing-list | None | The reference is from a mailing list -- often specific to a product or vendor |
| mitigation | None | The reference contains information on steps to mitigate against the vulnerabi... |
| not-applicable | None | The reference link is not applicable to the vulnerability and was likely asso... |
| patch | None | The reference contains an update to the software that fixes the vulnerability |
| permissions-required | None | The reference link provided is blocked by a logon page |
| media-coverage | None | The reference is from a media outlet such as a newspaper, magazine, social me... |
| product | None | A reference appropriate for describing a product for the purpose of CPE or SW... |
| related | None | A reference that is for a related (but not the same) vulnerability |
| release-notes | None | The reference is in the format of a vendor or open source project's release n... |
| signature | None | The reference contains a method to detect or prevent the presence or exploita... |
| technical-description | None | The reference contains in-depth technical information about a vulnerability a... |
| third-party-advisory | None | Advisory is from an organization that is not the vulnerable product's vendor,... |
| vendor-advisory | None | Advisory is from the vendor, publisher, or maintainer of the product or the p... |
| vdb-entry | None | VDBs are loosely defined as sites that provide information about this vulnera... |
Slots
| Name | Description |
|---|---|
| reference_tags | An array of tags describing the resource referenced by the URL |
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/cve
LinkML Source
name: ReferenceTag
description: A tag describing the type or nature of the resource referenced by a URL.
from_schema: https://w3id.org/lmodel/cve
rank: 1000
permissible_values:
broken-link:
text: broken-link
description: The reference link is returning a 404 error, or the site is no longer
online.
customer-entitlement:
text: customer-entitlement
description: Similar to Privileges Required, but specific to references that require
non-public or paid access for customers of the particular vendor.
exploit:
text: exploit
description: Reference contains an in-depth description of steps to exploit a
vulnerability OR contains legitimate Proof of Concept (PoC) code or an exploit
kit.
government-resource:
text: government-resource
description: All reference links that are from a government agency or organization.
issue-tracking:
text: issue-tracking
description: The reference is a post from a bug tracking tool such as MantisBT,
Bugzilla, JIRA, GitHub Issues, etc.
mailing-list:
text: mailing-list
description: The reference is from a mailing list -- often specific to a product
or vendor.
mitigation:
text: mitigation
description: The reference contains information on steps to mitigate against the
vulnerability when a patch cannot be applied or is unavailable, or for EOL product
situations.
not-applicable:
text: not-applicable
description: The reference link is not applicable to the vulnerability and was
likely associated accidentally (should be used sparingly).
patch:
text: patch
description: The reference contains an update to the software that fixes the vulnerability.
permissions-required:
text: permissions-required
description: The reference link provided is blocked by a logon page.
media-coverage:
text: media-coverage
description: The reference is from a media outlet such as a newspaper, magazine,
social media, or weblog. Not intended for individual personal social media accounts.
product:
text: product
description: A reference appropriate for describing a product for the purpose
of CPE or SWID.
related:
text: related
description: A reference that is for a related (but not the same) vulnerability.
release-notes:
text: release-notes
description: The reference is in the format of a vendor or open source project's
release notes or change log.
signature:
text: signature
description: The reference contains a method to detect or prevent the presence
or exploitation of the vulnerability.
technical-description:
text: technical-description
description: The reference contains in-depth technical information about a vulnerability
and its exploitation process, typically in the form of a presentation or whitepaper.
third-party-advisory:
text: third-party-advisory
description: Advisory is from an organization that is not the vulnerable product's
vendor, publisher, or maintainer.
vendor-advisory:
text: vendor-advisory
description: Advisory is from the vendor, publisher, or maintainer of the product
or the parent organization.
vdb-entry:
text: vdb-entry
description: VDBs are loosely defined as sites that provide information about
this vulnerability, such as advisories, with identifiers.