Class: Cve
The Common Vulnerabilities and Exposures (CVE) object represents publicly
disclosed cybersecurity vulnerabilities defined in CVE Program catalog (<a
target='_blank' href='https://cve.mitre.org/'>CVE). There is one CVE Record
for each vulnerability in the catalog.
URI: ocsf:Cve
classDiagram
class Cve
click Cve href "../Cve/"
Object <|-- Cve
click Object href "../Object/"
Cve : created_time
Cve : cvss
Cve --> "* _recommended_" Cvss : cvss
click Cvss href "../Cvss/"
Cve : cwe
Cve --> "0..1" Cwe : cwe
click Cwe href "../Cwe/"
Cve : cwe_uid
Cve : cwe_url
Cve : desc
Cve : epss
Cve --> "0..1" Epss : epss
click Epss href "../Epss/"
Cve : modified_time
Cve : product
Cve --> "0..1" Product : product
click Product href "../Product/"
Cve : references
Cve : related_cwes
Cve --> "*" Cwe : related_cwes
click Cwe href "../Cwe/"
Cve : title
Cve : type
Cve : uid
Inheritance
- OcsfObject
- Object
- Cve
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| created_time | 0..1 recommended TimestampT |
The Record Creation Date identifies when the CVE ID was issued to a CVE | direct |
| cvss | * recommended Cvss |
The CVSS object details Common Vulnerability Scoring System (<a target='_blan... | direct |
| cwe | 0..1 Cwe |
The CWE object represents a weakness in a software system that can be exploit... | direct |
| cwe_uid | 0..1 String |
The <a target='_blank' href='https://cwe | direct |
| cwe_url | 0..1 UrlT |
Common Weakness Enumeration (CWE) definition URL | direct |
| desc | 0..1 String |
A brief description of the CVE Record | direct |
| epss | 0..1 Epss |
The Exploit Prediction Scoring System (EPSS) object describes the estimated | direct |
| modified_time | 0..1 TimestampT |
The Record Modified Date identifies when the CVE record was last updated | direct |
| product | 0..1 Product |
The product where the vulnerability was discovered | direct |
| references | * recommended String |
A list of reference URLs with additional information about the CVE Record | direct |
| related_cwes | * Cwe |
Describes the Common Weakness Enumeration <a target='_blank' | direct |
| title | 0..1 recommended String |
A title or a brief phrase summarizing the CVE record | direct |
| type | 0..1 recommended String |
The vulnerability type as selected from a large dropdown menu during CVE |
direct |
| uid | 1 String |
The Common Vulnerabilities and Exposures unique number assigned to a specific | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Vulnerability | cve | range | Cve |
| Advisory | related_cves | range | Cve |
| Malware | cves | range | Cve |
In Subsets
Aliases
- CVE
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Cve |
| native | ocsf:Cve |
| exact | cve:CVERecord |
| close | kev_catalog:KevEntry, nvd:NVDEntry, stix:Vulnerability, core:Vulnerability |
LinkML Source
Direct
name: Cve
description: 'The Common Vulnerabilities and Exposures (CVE) object represents publicly
disclosed cybersecurity vulnerabilities defined in CVE Program catalog (<a
target=''_blank'' href=''https://cve.mitre.org/''>CVE</a>). There is one CVE Record
for each vulnerability in the catalog.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- CVE
exact_mappings:
- cve:CVERecord
close_mappings:
- kev_catalog:KevEntry
- nvd:NVDEntry
- stix:Vulnerability
- core:Vulnerability
is_a: Object
slots:
- created_time
- cvss
- cwe
- cwe_uid
- cwe_url
- desc
- epss
- modified_time
- product
- references
- related_cwes
- title
- type
- uid
slot_usage:
created_time:
name: created_time
description: 'The Record Creation Date identifies when the CVE ID was issued to
a CVE
Numbering Authority (CNA) or the CVE Record was published on the CVE List. Note
that the Record Creation Date does not necessarily indicate when this
vulnerability was discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.'
recommended: true
cvss:
name: cvss
recommended: true
cwe:
name: cwe
deprecated: Use <code>related_cwes</code> attribute instead.
desc:
name: desc
description: A brief description of the CVE Record.
modified_time:
name: modified_time
description: The Record Modified Date identifies when the CVE record was last
updated.
product:
name: product
description: The product where the vulnerability was discovered.
references:
name: references
description: A list of reference URLs with additional information about the CVE
Record.
recommended: true
related_cwes:
name: related_cwes
description: 'Describes the Common Weakness Enumeration <a target=''_blank''
href=''https://cwe.mitre.org/''>(CWE)</a> details related to the CVE Record.'
title:
name: title
description: A title or a brief phrase summarizing the CVE record.
recommended: true
type:
name: type
description: '<p>The vulnerability type as selected from a large dropdown menu
during CVE
refinement.</p>Most frequently used vulnerability types are: <code>DoS</code>,
<code>Code Execution</code>, <code>Overflow</code>, <code>Memory
Corruption</code>, <code>Sql Injection</code>, <code>XSS</code>,
<code>Directory Traversal</code>, <code>Http Response Splitting</code>,
<code>Bypass something</code>, <code>Gain Information</code>, <code>Gain
Privileges</code>, <code>CSRF</code>, <code>File Inclusion</code>. For more
information see <a target=''_blank''
href=''https://www.cvedetails.com/vulnerabilities-by-types.php''>Vulnerabilities
By Type</a> distributions.'
recommended: true
uid:
name: uid
description: 'The Common Vulnerabilities and Exposures unique number assigned
to a specific
computer vulnerability. A CVE Identifier begins with 4 digits representing the
year followed by a sequence of digits that acts as a unique identifier. For
example: <code>CVE-2021-12345</code>.'
required: true
Induced
name: Cve
description: 'The Common Vulnerabilities and Exposures (CVE) object represents publicly
disclosed cybersecurity vulnerabilities defined in CVE Program catalog (<a
target=''_blank'' href=''https://cve.mitre.org/''>CVE</a>). There is one CVE Record
for each vulnerability in the catalog.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- CVE
exact_mappings:
- cve:CVERecord
close_mappings:
- kev_catalog:KevEntry
- nvd:NVDEntry
- stix:Vulnerability
- core:Vulnerability
is_a: Object
slot_usage:
created_time:
name: created_time
description: 'The Record Creation Date identifies when the CVE ID was issued to
a CVE
Numbering Authority (CNA) or the CVE Record was published on the CVE List. Note
that the Record Creation Date does not necessarily indicate when this
vulnerability was discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.'
recommended: true
cvss:
name: cvss
recommended: true
cwe:
name: cwe
deprecated: Use <code>related_cwes</code> attribute instead.
desc:
name: desc
description: A brief description of the CVE Record.
modified_time:
name: modified_time
description: The Record Modified Date identifies when the CVE record was last
updated.
product:
name: product
description: The product where the vulnerability was discovered.
references:
name: references
description: A list of reference URLs with additional information about the CVE
Record.
recommended: true
related_cwes:
name: related_cwes
description: 'Describes the Common Weakness Enumeration <a target=''_blank''
href=''https://cwe.mitre.org/''>(CWE)</a> details related to the CVE Record.'
title:
name: title
description: A title or a brief phrase summarizing the CVE record.
recommended: true
type:
name: type
description: '<p>The vulnerability type as selected from a large dropdown menu
during CVE
refinement.</p>Most frequently used vulnerability types are: <code>DoS</code>,
<code>Code Execution</code>, <code>Overflow</code>, <code>Memory
Corruption</code>, <code>Sql Injection</code>, <code>XSS</code>,
<code>Directory Traversal</code>, <code>Http Response Splitting</code>,
<code>Bypass something</code>, <code>Gain Information</code>, <code>Gain
Privileges</code>, <code>CSRF</code>, <code>File Inclusion</code>. For more
information see <a target=''_blank''
href=''https://www.cvedetails.com/vulnerabilities-by-types.php''>Vulnerabilities
By Type</a> distributions.'
recommended: true
uid:
name: uid
description: 'The Common Vulnerabilities and Exposures unique number assigned
to a specific
computer vulnerability. A CVE Identifier begins with 4 digits representing the
year followed by a sequence of digits that acts as a unique identifier. For
example: <code>CVE-2021-12345</code>.'
required: true
attributes:
created_time:
name: created_time
description: 'The Record Creation Date identifies when the CVE ID was issued to
a CVE
Numbering Authority (CNA) or the CVE Record was published on the CVE List. Note
that the Record Creation Date does not necessarily indicate when this
vulnerability was discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Created Time
rank: 1000
alias: created_time
owner: Cve
domain_of:
- Osint
- RelatedEvent
- Sbom
- Scim
- Session
- Sso
- Token
- Whois
- Resource
- Advisory
- AuthenticationToken
- Certificate
- Cve
- Database
- Databucket
- DigitalSignature
- Enrichment
- Epss
- File
- FindingObject
- FindingInfo
- Job
- KbArticle
- LdapPerson
- ProcessEntity
- Table
- Device
range: TimestampT
recommended: true
cvss:
name: cvss
description: 'The CVSS object details Common Vulnerability Scoring System (<a
target=''_blank''
href=''https://www.first.org/cvss/''>CVSS</a>) scores from the advisory that
are
related to the vulnerability.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- CVSS Score
rank: 1000
alias: cvss
owner: Cve
domain_of:
- Cve
range: Cvss
recommended: true
multivalued: true
cwe:
name: cwe
description: 'The CWE object represents a weakness in a software system that can
be exploited
by a threat actor to perform an attack. The CWE object is based on the <a
target=''_blank'' href=''https://cwe.mitre.org/''>Common Weakness Enumeration
(CWE)</a> catalog.'
deprecated: Use <code>related_cwes</code> attribute instead.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- CWE
rank: 1000
alias: cwe
owner: Cve
domain_of:
- Vulnerability
- Cve
range: Cwe
cwe_uid:
name: cwe_uid
description: 'The <a target=''_blank'' href=''https://cwe.mitre.org/''>Common
Weakness
Enumeration (CWE)</a> unique identifier. For example: <code>CWE-787</code>.'
deprecated: Use the <code>related_cwes</code> object attributes instead. (since
1.1.0)
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- CWE UID
rank: 1000
alias: cwe_uid
owner: Cve
domain_of:
- Cve
range: string
cwe_url:
name: cwe_url
description: 'Common Weakness Enumeration (CWE) definition URL. For example:
<code>https://cwe.mitre.org/data/definitions/787.html</code>.'
deprecated: Use the <code>related_cwes</code> object attributes instead. (since
1.1.0)
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- CWE URL
rank: 1000
alias: cwe_url
owner: Cve
domain_of:
- Cve
range: UrlT
desc:
name: desc
description: A brief description of the CVE Record.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Description
rank: 1000
alias: desc
owner: Cve
domain_of:
- Osint
- RelatedEvent
- Remediation
- Vulnerability
- Advisory
- Analytic
- ApplicationObject
- Assessment
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- Compliance
- Cve
- Database
- Databucket
- Enrichment
- File
- FindingObject
- FindingInfo
- Graph
- Group
- Job
- Location
- Node
- Policy
- Rule
- Table
- WebResource
- Device
- IncidentFinding
range: string
epss:
name: epss
description: 'The Exploit Prediction Scoring System (EPSS) object describes the
estimated
probability a vulnerability will be exploited. EPSS is a community-driven
effort to combine descriptive information about vulnerabilities (CVEs) with
evidence of actual exploitation in-the-wild. (<a target=''_blank''
href=''https://www.first.org/epss/''>EPSS</a>).'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- EPSS
rank: 1000
alias: epss
owner: Cve
domain_of:
- Cve
range: Epss
modified_time:
name: modified_time
description: The Record Modified Date identifies when the CVE record was last
updated.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Modified Time
rank: 1000
alias: modified_time
owner: Cve
domain_of:
- Osint
- RelatedEvent
- Scim
- Sso
- Token
- Resource
- Advisory
- Cve
- Database
- Databucket
- File
- FindingObject
- FindingInfo
- LdapPerson
- Metadata
- Table
- Device
- RegKey
- RegValue
range: TimestampT
product:
name: product
description: The product where the vulnerability was discovered.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Product
rank: 1000
alias: product
owner: Cve
domain_of:
- RelatedEvent
- Sbom
- Advisory
- Cve
- File
- FindingObject
- FindingInfo
- KbArticle
- Logger
- Metadata
- TransformationInfo
- SoftwareInfo
range: Product
references:
name: references
description: A list of reference URLs with additional information about the CVE
Record.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- References
rank: 1000
alias: references
owner: Cve
domain_of:
- Osint
- Remediation
- Vulnerability
- Advisory
- Cve
range: string
recommended: true
multivalued: true
related_cwes:
name: related_cwes
description: 'Describes the Common Weakness Enumeration <a target=''_blank''
href=''https://cwe.mitre.org/''>(CWE)</a> details related to the CVE Record.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Related CWEs
rank: 1000
alias: related_cwes
owner: Cve
domain_of:
- Advisory
- Cve
range: Cwe
multivalued: true
title:
name: title
description: A title or a brief phrase summarizing the CVE record.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Title
rank: 1000
alias: title
owner: Cve
domain_of:
- RelatedEvent
- Ticket
- Vulnerability
- Advisory
- Cve
- FindingObject
- FindingInfo
- KbArticle
range: string
recommended: true
type:
name: type
description: '<p>The vulnerability type as selected from a large dropdown menu
during CVE
refinement.</p>Most frequently used vulnerability types are: <code>DoS</code>,
<code>Code Execution</code>, <code>Overflow</code>, <code>Memory
Corruption</code>, <code>Sql Injection</code>, <code>XSS</code>,
<code>Directory Traversal</code>, <code>Http Response Splitting</code>,
<code>Bypass something</code>, <code>Gain Information</code>, <code>Gain
Privileges</code>, <code>CSRF</code>, <code>File Inclusion</code>. For more
information see <a target=''_blank''
href=''https://www.cvedetails.com/vulnerabilities-by-types.php''>Vulnerabilities
By Type</a> distributions.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: Cve
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
recommended: true
uid:
name: uid
description: 'The Common Vulnerabilities and Exposures unique number assigned
to a specific
computer vulnerability. A CVE Identifier begins with 4 digits representing the
year followed by a sequence of digits that acts as a unique identifier. For
example: <code>CVE-2021-12345</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: Cve
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
required: true