Class: Cvss
The Common Vulnerability Scoring System (<a target='_blank'
href='https://www.first.org/cvss/'>CVSS) object provides a way to capture
the principal characteristics of a vulnerability and produce a numerical score
reflecting its severity.
URI: ocsf:Cvss
classDiagram
class Cvss
click Cvss href "../Cvss/"
Object <|-- Cvss
click Object href "../Object/"
Cvss : base_score
Cvss : depth
Cvss --> "0..1 _recommended_" DepthEnum : depth
click DepthEnum href "../DepthEnum/"
Cvss : metrics
Cvss --> "*" Metric : metrics
click Metric href "../Metric/"
Cvss : overall_score
Cvss : severity
Cvss : src_url
Cvss : vector_string
Cvss : vendor_name
Cvss : version
Inheritance
- OcsfObject
- Object
- Cvss
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| base_score | 1 Float |
The CVSS base score | direct |
| depth | 0..1 recommended DepthEnum |
The CVSS depth represents a depth of the equation used to calculate CVSS scor... | direct |
| metrics | * Metric |
The Common Vulnerability Scoring System metrics | direct |
| overall_score | 0..1 recommended Float |
The CVSS overall score, impacted by base, temporal, and environmental metrics | direct |
| severity | 0..1 String |
The Common Vulnerability Scoring System (CVSS) Qualitative Severity Rating |
direct |
| src_url | 0..1 UrlT |
The source URL for the CVSS score | direct |
| vector_string | 0..1 String |
The CVSS vector string is a text representation of a set of CVSS metrics | direct |
| vendor_name | 0..1 recommended String |
The vendor that provided the CVSS score | direct |
| version | 1 String |
The CVSS version | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Cve | cvss | range | Cvss |
In Subsets
Aliases
- CVSS Score
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Cvss |
| native | ocsf:Cvss |
| exact | nvd:CVSSMetric |
| related | cve:CnaContainer |
| close | core:Impact |
LinkML Source
Direct
name: Cvss
description: 'The Common Vulnerability Scoring System (<a target=''_blank''
href=''https://www.first.org/cvss/''>CVSS</a>) object provides a way to capture
the principal characteristics of a vulnerability and produce a numerical score
reflecting its severity.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- CVSS Score
exact_mappings:
- nvd:CVSSMetric
close_mappings:
- core:Impact
related_mappings:
- cve:CnaContainer
is_a: Object
slots:
- base_score
- depth
- metrics
- overall_score
- severity
- src_url
- vector_string
- vendor_name
- version
slot_usage:
base_score:
name: base_score
description: 'The CVSS base score. For example: <code>9.1</code>.'
required: true
depth:
name: depth
recommended: true
metrics:
name: metrics
description: 'The Common Vulnerability Scoring System metrics. This attribute
contains
information on the CVE''s impact. If the CVE has been analyzed, this attribute
will contain any CVSSv2 or CVSSv3 information associated with the
vulnerability. For example: <code>{ {"Access Vector", "Network"}, {"Access
Complexity", "Low"}, ...}</code>.'
overall_score:
name: overall_score
description: 'The CVSS overall score, impacted by base, temporal, and environmental
metrics.
For example: <code>9.1</code>.'
recommended: true
severity:
name: severity
description: '<p>The Common Vulnerability Scoring System (CVSS) Qualitative Severity
Rating.
A textual representation of the numeric score.</p><strong>CVSS
v2.0</strong><ul><li>Low (0.0 – 3.9)</li><li>Medium (4.0 – 6.9)</li><li>High
(7.0 – 10.0)</li></ul></p><strong>CVSS v3.0</strong><ul><li>None
(0.0)</li><li>Low (0.1 - 3.9)</li><li>Medium (4.0 - 6.9)</li><li>High (7.0 -
8.9)</li><li>Critical (9.0 - 10.0)</li></ul>'
src_url:
name: src_url
description: 'The source URL for the CVSS score. For example:
<code>https://nvd.nist.gov/vuln/detail/CVE-2021-44228</code>'
vendor_name:
name: vendor_name
description: 'The vendor that provided the CVSS score. For example: <code>NVD,
REDHAT</code>
etc.'
recommended: true
version:
name: version
description: 'The CVSS version. For example: <code>3.1</code>.'
required: true
Induced
name: Cvss
description: 'The Common Vulnerability Scoring System (<a target=''_blank''
href=''https://www.first.org/cvss/''>CVSS</a>) object provides a way to capture
the principal characteristics of a vulnerability and produce a numerical score
reflecting its severity.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- CVSS Score
exact_mappings:
- nvd:CVSSMetric
close_mappings:
- core:Impact
related_mappings:
- cve:CnaContainer
is_a: Object
slot_usage:
base_score:
name: base_score
description: 'The CVSS base score. For example: <code>9.1</code>.'
required: true
depth:
name: depth
recommended: true
metrics:
name: metrics
description: 'The Common Vulnerability Scoring System metrics. This attribute
contains
information on the CVE''s impact. If the CVE has been analyzed, this attribute
will contain any CVSSv2 or CVSSv3 information associated with the
vulnerability. For example: <code>{ {"Access Vector", "Network"}, {"Access
Complexity", "Low"}, ...}</code>.'
overall_score:
name: overall_score
description: 'The CVSS overall score, impacted by base, temporal, and environmental
metrics.
For example: <code>9.1</code>.'
recommended: true
severity:
name: severity
description: '<p>The Common Vulnerability Scoring System (CVSS) Qualitative Severity
Rating.
A textual representation of the numeric score.</p><strong>CVSS
v2.0</strong><ul><li>Low (0.0 – 3.9)</li><li>Medium (4.0 – 6.9)</li><li>High
(7.0 – 10.0)</li></ul></p><strong>CVSS v3.0</strong><ul><li>None
(0.0)</li><li>Low (0.1 - 3.9)</li><li>Medium (4.0 - 6.9)</li><li>High (7.0 -
8.9)</li><li>Critical (9.0 - 10.0)</li></ul>'
src_url:
name: src_url
description: 'The source URL for the CVSS score. For example:
<code>https://nvd.nist.gov/vuln/detail/CVE-2021-44228</code>'
vendor_name:
name: vendor_name
description: 'The vendor that provided the CVSS score. For example: <code>NVD,
REDHAT</code>
etc.'
recommended: true
version:
name: version
description: 'The CVSS version. For example: <code>3.1</code>.'
required: true
attributes:
base_score:
name: base_score
description: 'The CVSS base score. For example: <code>9.1</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Base Score
rank: 1000
alias: base_score
owner: Cvss
domain_of:
- Reputation
- Cvss
range: float
required: true
depth:
name: depth
description: The CVSS depth represents a depth of the equation used to calculate
CVSS score.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- CVSS Depth
rank: 1000
alias: depth
owner: Cvss
domain_of:
- Cvss
range: DepthEnum
recommended: true
metrics:
name: metrics
description: 'The Common Vulnerability Scoring System metrics. This attribute
contains
information on the CVE''s impact. If the CVE has been analyzed, this attribute
will contain any CVSSv2 or CVSSv3 information associated with the
vulnerability. For example: <code>{ {"Access Vector", "Network"}, {"Access
Complexity", "Low"}, ...}</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Metrics
rank: 1000
alias: metrics
owner: Cvss
domain_of:
- Cvss
- LoadBalancer
range: Metric
multivalued: true
overall_score:
name: overall_score
description: 'The CVSS overall score, impacted by base, temporal, and environmental
metrics.
For example: <code>9.1</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Overall Score
rank: 1000
alias: overall_score
owner: Cvss
domain_of:
- Cvss
range: float
recommended: true
severity:
name: severity
description: '<p>The Common Vulnerability Scoring System (CVSS) Qualitative Severity
Rating.
A textual representation of the numeric score.</p><strong>CVSS
v2.0</strong><ul><li>Low (0.0 – 3.9)</li><li>Medium (4.0 – 6.9)</li><li>High
(7.0 – 10.0)</li></ul></p><strong>CVSS v3.0</strong><ul><li>None
(0.0)</li><li>Low (0.1 - 3.9)</li><li>Medium (4.0 - 6.9)</li><li>High (7.0 -
8.9)</li><li>Critical (9.0 - 10.0)</li></ul>'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Severity
rank: 1000
alias: severity
owner: Cvss
domain_of:
- Osint
- RelatedEvent
- VendorAttributes
- Vulnerability
- Check
- Cvss
- KbArticle
- Malware
- BaseEvent
range: string
src_url:
name: src_url
description: 'The source URL for the CVSS score. For example:
<code>https://nvd.nist.gov/vuln/detail/CVE-2021-44228</code>'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Source URL
rank: 1000
alias: src_url
owner: Cvss
domain_of:
- Osint
- Package
- Ticket
- Advisory
- Cvss
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Enrichment
- FindingObject
- FindingInfo
- KbArticle
- Mitigation
- SubTechnique
- Tactic
- Technique
- IncidentProfile
- IncidentFinding
range: UrlT
vector_string:
name: vector_string
description: 'The CVSS vector string is a text representation of a set of CVSS
metrics. It is
commonly used to record or transfer CVSS metric information in a concise form.
For example: <code>3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Vector String
rank: 1000
alias: vector_string
owner: Cvss
domain_of:
- Cvss
range: string
vendor_name:
name: vendor_name
description: 'The vendor that provided the CVSS score. For example: <code>NVD,
REDHAT</code>
etc.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Vendor Name
rank: 1000
alias: vendor_name
owner: Cvss
domain_of:
- Osint
- Package
- Scim
- Sso
- Vulnerability
- Agent
- Cvss
- DeviceHwInfo
- GpuInfo
- PeripheralDevice
- Product
- Device
range: string
recommended: true
version:
name: version
description: 'The CVSS version. For example: <code>3.1</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Version
rank: 1000
alias: version
owner: Cvss
domain_of:
- Os
- Package
- RpcInterface
- Sbom
- Scim
- SoftwareComponent
- Tls
- Agent
- AiModel
- Analytic
- Api
- ApplicationObject
- Attack
- Certificate
- Check
- CisControl
- CisCsc
- Cvss
- D3fend
- Databucket
- Epss
- Extension
- Feature
- File
- HttpRequest
- Logger
- ManagedEntity
- Metadata
- Policy
- Product
- ResourceDetails
- Rule
- Service
- NtpActivity
range: string
required: true