Vulnerability

A vulnerability.

JSON representation
{
  "about": {
    object (Noun)
  },
  "name": string,
  "description": string,
  "vendor": string,
  "scanStartTime": string,
  "scanEndTime": string,
  "firstFound": string,
  "lastFound": string,
  "severity": enum (Severity),
  "severityDetails": string,
  "cvssBaseScore": number,
  "cvssVector": string,
  "cvssVersion": string,
  "cveId": string,
  "cveDescription": string,
  "vendorVulnerabilityId": string,
  "vendorKnowledgeBaseArticleId": string
}
Fields
about

object (Noun)

If the vulnerability is about a specific noun (e.g. executable), then add it here.

name

string

Name of the vulnerability (e.g. "Unsupported OS Version detected").

description

string

Description of the vulnerability.

vendor

string

Vendor of scan that discovered vulnerability.

scanStartTime

string (Timestamp format)

If the vulnerability was discovered during an asset scan, then this field should be populated with the time the scan started. This field can be left unset if the start time is not available or not applicable.

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

scanEndTime

string (Timestamp format)

If the vulnerability was discovered during an asset scan, then this field should be populated with the time the scan ended. This field can be left unset if the end time is not available or not applicable.

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

firstFound

string (Timestamp format)

Products that maintain a history of vuln scans should populate firstFound with the time that a scan first detected the vulnerability on this asset.

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

lastFound

string (Timestamp format)

Products that maintain a history of vuln scans should populate lastFound with the time that a scan last detected the vulnerability on this asset.

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

severity

enum (Severity)

The severity of the vulnerability.

severityDetails

string

Vendor-specific severity

cvssBaseScore

number

CVSS Base Score in the range of 0.0 to 10.0. Useful for sorting.

cvssVector

string

Vector of CVSS properties (e.g. "AV:L/AC:H/Au:N/C:N/I:P/A:C") Can be linked to via: https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator

cvssVersion

string

Version of CVSS Vector/Score.

cveId

string

Common Vulnerabilities and Exposures Id. https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures https://cve.mitre.org/about/faqs.html#what_is_cve_id

cveDescription

string

Common Vulnerabilities and Exposures Description. https://cve.mitre.org/about/faqs.html#what_is_cve_record

vendorVulnerabilityId

string

Vendor specific vulnerability id (e.g. Microsoft security bulletin id).

vendorKnowledgeBaseArticleId

string

Vendor specific knowledge base article (e.g. "KBXXXXXX" from Microsoft). https://en.wikipedia.org/wiki/Microsoft_Knowledge_Base https://access.redhat.com/knowledgebase

Severity

Severity of the vulnerability.

Enums
UNKNOWN_SEVERITY The default severity level.
LOW Low severity.
MEDIUM Medium severity.
HIGH High severity.
CRITICAL Critical severity.