Class: Vulnerability

The vulnerability is an unintended characteristic of a computing component or

system configuration that multiplies the risk of an adverse event or a loss

occurring either due to accidental exposure, deliberate attack, or conflict

with new system components.

 classDiagram
    class Vulnerability
    click Vulnerability href "../Vulnerability/"
      Object <|-- Vulnerability
        click Object href "../Object/"

      Vulnerability : advisory





        Vulnerability --> "0..1" Advisory : advisory
        click Advisory href "../Advisory/"



      Vulnerability : affected_code





        Vulnerability --> "*" AffectedCode : affected_code
        click AffectedCode href "../AffectedCode/"



      Vulnerability : affected_packages





        Vulnerability --> "*" AffectedPackage : affected_packages
        click AffectedPackage href "../AffectedPackage/"



      Vulnerability : category

      Vulnerability : cve





        Vulnerability --> "0..1 _recommended_" Cve : cve
        click Cve href "../Cve/"



      Vulnerability : cwe





        Vulnerability --> "0..1 _recommended_" Cwe : cwe
        click Cwe href "../Cwe/"



      Vulnerability : dependency_chain

      Vulnerability : desc

      Vulnerability : exploit_last_seen_time

      Vulnerability : exploit_ref_url

      Vulnerability : exploit_requirement

      Vulnerability : exploit_type

      Vulnerability : first_seen_time

      Vulnerability : fix_available

      Vulnerability : fix_coverage

      Vulnerability : fix_coverage_id





        Vulnerability --> "0..1" VulnerabilityFixCoverageIdEnum : fix_coverage_id
        click VulnerabilityFixCoverageIdEnum href "../VulnerabilityFixCoverageIdEnum/"



      Vulnerability : is_exploit_available

      Vulnerability : is_fix_available

      Vulnerability : kb_article_list





        Vulnerability --> "*" KbArticle : kb_article_list
        click KbArticle href "../KbArticle/"



      Vulnerability : kb_articles

      Vulnerability : last_seen_time

      Vulnerability : packages





        Vulnerability --> "*" Package : packages
        click Package href "../Package/"



      Vulnerability : references

      Vulnerability : related_vulnerabilities

      Vulnerability : remediation





        Vulnerability --> "0..1" Remediation : remediation
        click Remediation href "../Remediation/"



      Vulnerability : severity

      Vulnerability : title

      Vulnerability : vendor_name

Inheritance

OcsfObject
- Object
  - Vulnerability

Slots

Name	Cardinality and Range	Description	Inheritance
advisory	0..1 Advisory	Detail about the security advisory, that is used to publicly disclose	direct
affected_code	* AffectedCode	List of Affected Code objects that describe details about code blocks	direct
affected_packages	* AffectedPackage	List of software packages identified as affected by a	direct
category	0..1 String	The category of a vulnerability or weakness, as reported by the source tool,	direct
cve	0..1 recommended Cve	Describes the Common Vulnerabilities and Exposures <a target='_blank'	direct
cwe	0..1 recommended Cwe	Describes the Common Weakness Enumeration <a target='_blank'	direct
dependency_chain	0..1 String	Information about the chain of dependencies related to the issue as reported ...	direct
desc	0..1 String	The description of the vulnerability	direct
exploit_last_seen_time	0..1 TimestampT	The time when the exploit was most recently observed	direct
exploit_ref_url	0..1 UrlT	The URL of the exploit code or Proof-of-Concept (PoC)	direct
exploit_requirement	0..1 String	The requirement description related to any constraints around exploit	direct
exploit_type	0..1 String	The categorization or type of Exploit	direct
first_seen_time	0..1 TimestampT	The time when the vulnerability was first observed	direct
fix_available	0..1 Boolean	Indicates if a fix is available for the reported vulnerability	direct
fix_coverage	0..1 String	The fix coverage, normalized to the caption of the `fix_coverage_id</cod...`	direct
fix_coverage_id	0..1 VulnerabilityFixCoverageIdEnum	The normalized identifier for fix coverage, applicable to this vulnerability	direct
is_exploit_available	0..1 Boolean	Indicates if an exploit or a PoC (proof-of-concept) is available for the	direct
is_fix_available	0..1 Boolean	Indicates if a fix is available for the reported vulnerability	direct
kb_article_list	* KbArticle	A list of KB articles or patches related to an endpoint	direct
kb_articles	* String	The KB article/s related to the entity	direct
last_seen_time	0..1 TimestampT	The time when the vulnerability was most recently observed	direct
packages	* Package	List of vulnerable packages as identified by the security product	direct
references	* recommended String	A list of reference URLs with additional information about the vulnerability	direct
related_vulnerabilities	* String	List of vulnerability IDs (e	direct
remediation	0..1 Remediation	The remediation recommendations on how to mitigate the identified	direct
severity	0..1 String	The vendor assigned severity of the vulnerability	direct
title	0..1 String	A title or a brief phrase summarizing the discovered vulnerability	direct
vendor_name	0..1 String	The name of the vendor that identified the vulnerability	direct

Usages

used by	used in	type	used
Osint	vulnerabilities	range	Vulnerability
ApplicationSecurityPostureFinding	vulnerabilities	range	Vulnerability
DetectionFinding	vulnerabilities	range	Vulnerability
SecurityFinding	vulnerabilities	range	Vulnerability
VulnerabilityFinding	vulnerabilities	range	Vulnerability

Rules

Rule Applied	Preconditions	Postconditions	Elseconditions
exactly_one_of		`[{'slot_conditions': {'advisory': {'required': True}}}, {'slot_conditions': {'cve': {'required': True}}}, {'slot_conditions': {'cwe': {'required': True}}}]`

In Subsets

objects_subset

Aliases

Vulnerability Details

Identifier and Mapping Information

Annotations

property	value
ocsf_constraints	{"just_one": ["advisory", "cve", "cwe"]}

Schema Source

from schema: https://w3id.org/lmodel/ocsf

Mappings

Mapping Type	Mapped Value
self	ocsf:Vulnerability
native	ocsf:Vulnerability
exact	stix:Vulnerability, core:Vulnerability
related	capec:AttackPattern, cwe:Weakness
close	cve:CVERecord, kev_catalog:KevEntry, nvd:NVDEntry

LinkML Source

Direct

name: Vulnerability
annotations:
  ocsf_constraints:
    tag: ocsf_constraints
    value: '{"just_one": ["advisory", "cve", "cwe"]}'
description: 'The vulnerability is an unintended characteristic of a computing component
  or

  system configuration that multiplies the risk of an adverse event or a loss

  occurring either due to accidental exposure, deliberate attack, or conflict

  with new system components.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Vulnerability Details
exact_mappings:
- stix:Vulnerability
- core:Vulnerability
close_mappings:
- cve:CVERecord
- kev_catalog:KevEntry
- nvd:NVDEntry
related_mappings:
- capec:AttackPattern
- cwe:Weakness
is_a: Object
slots:
- advisory
- affected_code
- affected_packages
- category
- cve
- cwe
- dependency_chain
- desc
- exploit_last_seen_time
- exploit_ref_url
- exploit_requirement
- exploit_type
- first_seen_time
- fix_available
- fix_coverage
- fix_coverage_id
- is_exploit_available
- is_fix_available
- kb_article_list
- kb_articles
- last_seen_time
- packages
- references
- related_vulnerabilities
- remediation
- severity
- title
- vendor_name
slot_usage:
  category:
    name: category
    description: 'The category of a vulnerability or weakness, as reported by the
      source tool,

      such as <code>Container Security</code> or <code>Open Source Security</code>.'
  cve:
    name: cve
    description: 'Describes the Common Vulnerabilities and Exposures <a target=''_blank''

      href=''https://cve.mitre.org/''>(CVE)</a> details related to the vulnerability.'
    recommended: true
  cwe:
    name: cwe
    description: 'Describes the Common Weakness Enumeration <a target=''_blank''

      href=''https://cwe.mitre.org/''>(CWE)</a> details related to the vulnerability.'
    recommended: true
  desc:
    name: desc
    description: The description of the vulnerability.
  first_seen_time:
    name: first_seen_time
    description: The time when the vulnerability was first observed.
  fix_coverage:
    name: fix_coverage
    description: 'The fix coverage, normalized to the caption of the <code>fix_coverage_id</code>

      value.'
  fix_coverage_id:
    name: fix_coverage_id
    description: 'The normalized identifier for fix coverage, applicable to this vulnerability.

      Typically useful, when there are multiple affected packages but only a subset

      have available fixes.'
    range: VulnerabilityFixCoverageIdEnum
  kb_article_list:
    name: kb_article_list
    deprecated: Use <code>advisory</code> attribute instead.
  last_seen_time:
    name: last_seen_time
    description: The time when the vulnerability was most recently observed.
  references:
    name: references
    description: A list of reference URLs with additional information about the vulnerability.
    recommended: true
  remediation:
    name: remediation
    description: 'The remediation recommendations on how to mitigate the identified

      vulnerability.'
  severity:
    name: severity
    description: The vendor assigned severity of the vulnerability.
  title:
    name: title
    description: A title or a brief phrase summarizing the discovered vulnerability.
  vendor_name:
    name: vendor_name
    description: The name of the vendor that identified the vulnerability.
rules:
- postconditions:
    exactly_one_of:
    - slot_conditions:
        advisory:
          name: advisory
          required: true
    - slot_conditions:
        cve:
          name: cve
          required: true
    - slot_conditions:
        cwe:
          name: cwe
          required: true
  description: 'OCSF just_one: exactly one of [''advisory'', ''cve'', ''cwe''] must
    be set.'

Induced

name: Vulnerability
annotations:
  ocsf_constraints:
    tag: ocsf_constraints
    value: '{"just_one": ["advisory", "cve", "cwe"]}'
description: 'The vulnerability is an unintended characteristic of a computing component
  or

  system configuration that multiplies the risk of an adverse event or a loss

  occurring either due to accidental exposure, deliberate attack, or conflict

  with new system components.'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Vulnerability Details
exact_mappings:
- stix:Vulnerability
- core:Vulnerability
close_mappings:
- cve:CVERecord
- kev_catalog:KevEntry
- nvd:NVDEntry
related_mappings:
- capec:AttackPattern
- cwe:Weakness
is_a: Object
slot_usage:
  category:
    name: category
    description: 'The category of a vulnerability or weakness, as reported by the
      source tool,

      such as <code>Container Security</code> or <code>Open Source Security</code>.'
  cve:
    name: cve
    description: 'Describes the Common Vulnerabilities and Exposures <a target=''_blank''

      href=''https://cve.mitre.org/''>(CVE)</a> details related to the vulnerability.'
    recommended: true
  cwe:
    name: cwe
    description: 'Describes the Common Weakness Enumeration <a target=''_blank''

      href=''https://cwe.mitre.org/''>(CWE)</a> details related to the vulnerability.'
    recommended: true
  desc:
    name: desc
    description: The description of the vulnerability.
  first_seen_time:
    name: first_seen_time
    description: The time when the vulnerability was first observed.
  fix_coverage:
    name: fix_coverage
    description: 'The fix coverage, normalized to the caption of the <code>fix_coverage_id</code>

      value.'
  fix_coverage_id:
    name: fix_coverage_id
    description: 'The normalized identifier for fix coverage, applicable to this vulnerability.

      Typically useful, when there are multiple affected packages but only a subset

      have available fixes.'
    range: VulnerabilityFixCoverageIdEnum
  kb_article_list:
    name: kb_article_list
    deprecated: Use <code>advisory</code> attribute instead.
  last_seen_time:
    name: last_seen_time
    description: The time when the vulnerability was most recently observed.
  references:
    name: references
    description: A list of reference URLs with additional information about the vulnerability.
    recommended: true
  remediation:
    name: remediation
    description: 'The remediation recommendations on how to mitigate the identified

      vulnerability.'
  severity:
    name: severity
    description: The vendor assigned severity of the vulnerability.
  title:
    name: title
    description: A title or a brief phrase summarizing the discovered vulnerability.
  vendor_name:
    name: vendor_name
    description: The name of the vendor that identified the vulnerability.
attributes:
  advisory:
    name: advisory
    description: 'Detail about the security advisory, that is used to publicly disclose

      cybersecurity vulnerabilities by a vendor.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Security Advisory
    rank: 1000
    alias: advisory
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: Advisory
  affected_code:
    name: affected_code
    description: 'List of Affected Code objects that describe details about code blocks

      identified as vulnerable.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Affected Code
    rank: 1000
    alias: affected_code
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: AffectedCode
    multivalued: true
  affected_packages:
    name: affected_packages
    description: 'List of software packages identified as affected by a

      vulnerability/vulnerabilities.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Affected Software Packages
    rank: 1000
    alias: affected_packages
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: AffectedPackage
    multivalued: true
  category:
    name: category
    description: 'The category of a vulnerability or weakness, as reported by the
      source tool,

      such as <code>Container Security</code> or <code>Open Source Security</code>.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Category
    rank: 1000
    alias: category
    owner: Vulnerability
    domain_of:
    - Osint
    - Vulnerability
    - Analytic
    - Assessment
    - Compliance
    - DataClassification
    - Rule
    - Trait
    range: string
  cve:
    name: cve
    description: 'Describes the Common Vulnerabilities and Exposures <a target=''_blank''

      href=''https://cve.mitre.org/''>(CVE)</a> details related to the vulnerability.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - CVE
    rank: 1000
    alias: cve
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: Cve
    recommended: true
  cwe:
    name: cwe
    description: 'Describes the Common Weakness Enumeration <a target=''_blank''

      href=''https://cwe.mitre.org/''>(CWE)</a> details related to the vulnerability.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - CWE
    rank: 1000
    alias: cwe
    owner: Vulnerability
    domain_of:
    - Vulnerability
    - Cve
    range: Cwe
    recommended: true
  dependency_chain:
    name: dependency_chain
    description: 'Information about the chain of dependencies related to the issue
      as reported by

      an Application Security or Vulnerability Management tool. E.g.,

      <code>serverless-offline -> @serverless/utils -> memoizee -> es5-ext</code>.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Dependency Chain
    rank: 1000
    alias: dependency_chain
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: string
  desc:
    name: desc
    description: The description of the vulnerability.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Description
    rank: 1000
    alias: desc
    owner: Vulnerability
    domain_of:
    - Osint
    - RelatedEvent
    - Remediation
    - Vulnerability
    - Advisory
    - Analytic
    - ApplicationObject
    - Assessment
    - Check
    - CisBenchmark
    - CisBenchmarkResult
    - CisControl
    - Compliance
    - Cve
    - Database
    - Databucket
    - Enrichment
    - File
    - FindingObject
    - FindingInfo
    - Graph
    - Group
    - Job
    - Location
    - Node
    - Policy
    - Rule
    - Table
    - WebResource
    - Device
    - IncidentFinding
    range: string
  exploit_last_seen_time:
    name: exploit_last_seen_time
    description: The time when the exploit was most recently observed.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Exploit Last Seen Time
    rank: 1000
    alias: exploit_last_seen_time
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: TimestampT
  exploit_ref_url:
    name: exploit_ref_url
    description: The URL of the exploit code or Proof-of-Concept (PoC).
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Exploit URL
    rank: 1000
    alias: exploit_ref_url
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: UrlT
  exploit_requirement:
    name: exploit_requirement
    description: 'The requirement description related to any constraints around exploit

      execution.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Exploit Requirement
    rank: 1000
    alias: exploit_requirement
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: string
  exploit_type:
    name: exploit_type
    description: 'The categorization or type of Exploit. E.g., <code>Network</code>
      or

      <code>Physical</code>.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Exploit Type
    rank: 1000
    alias: exploit_type
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: string
  first_seen_time:
    name: first_seen_time
    description: The time when the vulnerability was first observed.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - First Seen
    rank: 1000
    alias: first_seen_time
    owner: Vulnerability
    domain_of:
    - RelatedEvent
    - Vulnerability
    - FindingObject
    - FindingInfo
    - IdentityActivityMetrics
    - Device
    range: TimestampT
  fix_available:
    name: fix_available
    description: Indicates if a fix is available for the reported vulnerability.
    deprecated: Use the <code>is_fix_available</code> attribute instead. (since 1.1.0)
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Fix Availability
    rank: 1000
    alias: fix_available
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: boolean
  fix_coverage:
    name: fix_coverage
    description: 'The fix coverage, normalized to the caption of the <code>fix_coverage_id</code>

      value.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Fix Coverage
    rank: 1000
    alias: fix_coverage
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: string
  fix_coverage_id:
    name: fix_coverage_id
    annotations:
      sibling:
        tag: sibling
        value: fix_coverage
    description: 'The normalized identifier for fix coverage, applicable to this vulnerability.

      Typically useful, when there are multiple affected packages but only a subset

      have available fixes.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Fix Coverage ID
    rank: 1000
    alias: fix_coverage_id
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: VulnerabilityFixCoverageIdEnum
  is_exploit_available:
    name: is_exploit_available
    description: 'Indicates if an exploit or a PoC (proof-of-concept) is available
      for the

      reported vulnerability.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Exploit Availability
    rank: 1000
    alias: is_exploit_available
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: boolean
  is_fix_available:
    name: is_fix_available
    description: Indicates if a fix is available for the reported vulnerability.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Fix Availability
    rank: 1000
    alias: is_fix_available
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: boolean
  kb_article_list:
    name: kb_article_list
    description: 'A list of KB articles or patches related to an endpoint. A KB Article
      contains

      metadata that describes the patch or an update.'
    deprecated: Use <code>advisory</code> attribute instead.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Knowledgebase Articles
    rank: 1000
    alias: kb_article_list
    owner: Vulnerability
    domain_of:
    - Remediation
    - Vulnerability
    - PatchState
    range: KbArticle
    multivalued: true
  kb_articles:
    name: kb_articles
    description: 'The KB article/s related to the entity. A KB Article contains metadata
      that

      describes the patch or an update.'
    deprecated: Use the <code>kb_article_list</code> attribute instead. (since 1.1.0)
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Knowledgebase Articles
    rank: 1000
    alias: kb_articles
    owner: Vulnerability
    domain_of:
    - Remediation
    - Vulnerability
    range: string
    multivalued: true
  last_seen_time:
    name: last_seen_time
    description: The time when the vulnerability was most recently observed.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Last Seen
    rank: 1000
    alias: last_seen_time
    owner: Vulnerability
    domain_of:
    - RelatedEvent
    - Vulnerability
    - Whois
    - FindingObject
    - FindingInfo
    - IdentityActivityMetrics
    - Device
    range: TimestampT
  packages:
    name: packages
    description: List of vulnerable packages as identified by the security product
    deprecated: Use the <code>affected_packages</code> attribute instead. (since 1.1.0)
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Software Packages
    rank: 1000
    alias: packages
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: Package
    multivalued: true
  references:
    name: references
    description: A list of reference URLs with additional information about the vulnerability.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - References
    rank: 1000
    alias: references
    owner: Vulnerability
    domain_of:
    - Osint
    - Remediation
    - Vulnerability
    - Advisory
    - Cve
    range: string
    recommended: true
    multivalued: true
  related_vulnerabilities:
    name: related_vulnerabilities
    description: List of vulnerability IDs (e.g. CVE ID) that are related to this
      vulnerability.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Related Vulnerability IDs
    rank: 1000
    alias: related_vulnerabilities
    owner: Vulnerability
    domain_of:
    - Vulnerability
    range: string
    multivalued: true
  remediation:
    name: remediation
    description: 'The remediation recommendations on how to mitigate the identified

      vulnerability.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Remediation Guidance
    rank: 1000
    alias: remediation
    owner: Vulnerability
    domain_of:
    - Vulnerability
    - AffectedCode
    - AffectedPackage
    - CisBenchmarkResult
    - FindingObject
    - ApplicationSecurityPostureFinding
    - ComplianceFinding
    - DetectionFinding
    - IamAnalysisFinding
    - RemediationActivity
    range: Remediation
  severity:
    name: severity
    description: The vendor assigned severity of the vulnerability.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Severity
    rank: 1000
    alias: severity
    owner: Vulnerability
    domain_of:
    - Osint
    - RelatedEvent
    - VendorAttributes
    - Vulnerability
    - Check
    - Cvss
    - KbArticle
    - Malware
    - BaseEvent
    range: string
  title:
    name: title
    description: A title or a brief phrase summarizing the discovered vulnerability.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Title
    rank: 1000
    alias: title
    owner: Vulnerability
    domain_of:
    - RelatedEvent
    - Ticket
    - Vulnerability
    - Advisory
    - Cve
    - FindingObject
    - FindingInfo
    - KbArticle
    range: string
  vendor_name:
    name: vendor_name
    description: The name of the vendor that identified the vulnerability.
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Vendor Name
    rank: 1000
    alias: vendor_name
    owner: Vulnerability
    domain_of:
    - Osint
    - Package
    - Scim
    - Sso
    - Vulnerability
    - Agent
    - Cvss
    - DeviceHwInfo
    - GpuInfo
    - PeripheralDevice
    - Product
    - Device
    range: string
rules:
- postconditions:
    exactly_one_of:
    - slot_conditions:
        advisory:
          name: advisory
          required: true
    - slot_conditions:
        cve:
          name: cve
          required: true
    - slot_conditions:
        cwe:
          name: cwe
          required: true
  description: 'OCSF just_one: exactly one of [''advisory'', ''cve'', ''cwe''] must
    be set.'