CVE Record Data Model
The CVE Record data model represents the National Vulnerability Database (NVD) dictionary associated with a Common Vulnerabilities and Exposures (CVE) ID. It extends the Entity Model data model.
The following table details the default attributes of the CVE Record data model:
| Order | Attribute Name | Attribute Type | Relationship Type | Required |
|---|---|---|---|---|
| 1 | cvssV2BaseScore | Number | N/A | No |
| 2 | cvssV2TemporalScore | Number | N/A | No |
| 3 | displayName | Calculated (Text) | N/A | Yes |
| 4 | cvssV2Severity | Text | N/A | No |
| 5 | cvssV2Vector | Text | N/A | No |
| 6 | cvssV2AttackVector | Text | N/A | No |
| 7 | cvssV2AccessComplexity | Text | N/A | No |
| 8 | cvssV2Authentication | Text | N/A | No |
| 9 | cvssV2ConfidentialityImpact | Text | N/A | No |
| 10 | cvssV2IntegrityImpact | Text | N/A | No |
| 11 | cvssV2AvailabilityImpact | Text | N/A | No |
| 12 | cvssV2Exploitability | Text | N/A | No |
| 13 | cvssV2RemediationLevel | Text | N/A | No |
| 14 | cvssV2ReportConfidence | Text | N/A | No |
| 15 | cvssV3BaseScore | Number | N/A | No |
| 16 | cvssV3TemporalScore | Number | N/A | No |
| 17 | cvssV3Severity | Text | N/A | No |
| 18 | cvssV3Vector | Text | N/A | No |
| 19 | cvssV3AttackVector | Text | N/A | No |
| 20 | cvssV3AttackComplexity | Text | N/A | No |
| 21 | cvssV3PrivilegesRequired | Text | N/A | No |
| 22 | cvssV3UserInteraction | Text | N/A | No |
| 23 | cvssV3ConfidentialityImpact | Text | N/A | No |
| 24 | cvssV3IntegrityImpact | Text | N/A | No |
| 25 | cvssV3AvailabilityImpact | Text | N/A | No |
| 26 | cvssV3ExploitCodeMaturity | Text | N/A | No |
| 27 | cvssV3RemediationLevel | Text | N/A | No |
| 28 | cvssV3ReportConfidence | Text | N/A | No |
| 29 | severity | Single Choice | N/A | No |
| 30 | source | Text | N/A | No |
| 31 | affected | Text (Multivalued) | N/A | No |
| 32 | weaknesses | Reference (Weakness) | EXPLOITS | No |
| 33 | severityScore | Number | N/A | No |
| 34 | references | Text (Multivalued) | N/A | No |
| 35 | exploits | Text (Multivalued) | N/A | No |
| 36 | malware | Text (Multivalued) | N/A | No |
| 37 | publishedDate | Date Time | N/A | No |
| 38 | cisaExploited | True False | N/A | No |
| 39 | cisaAddedDate | Date Time | N/A | No |
| 40 | cisaDueDate | Date Time | N/A | No |
| 41 | cisaRequiredAction | Text | N/A | No |
| 42 | cisaVulnerabilityName | Text | N/A | No |
| 43 | epssScore | Number | N/A | No |
| 44 | epssPercentile | Number | N/A | No |
| 45 | sourceCreatedDate | Date Time | N/A | No |
| 46 | sourceLastModified | Date Time | N/A | No |
| 47 | baseRiskScore | Calculated (Number) | N/A | No |
| 48 | riskFactorOffset | Calculated (Number) | N/A | No |
| 49 | riskScore | Calculated (Number) | N/A | No |
| 50 | riskRating | Calculated (Single Choice) | N/A | No |
| 51 | firstDetected | Calculated (Date Time) | N/A | No |
| 52 | daysToFirstDetection | Calculated (Number) | N/A | No |
| 53 | openFindingCount | Calculated (Number) | N/A | No |
| 54 | numberOutOfCompliance | Number | N/A | No |
| 55 | uid | Text | N/A | Yes |
| 56 | dataModelName | Calculated (Text) | N/A | No |
| 57 | sourceUids | Text (Multivalued) | N/A | No |
| 58 | connectorCategories | Text (Multivalued) | N/A | No |
| 59 | connectorNames | Text (Multivalued) | N/A | No |
| 60 | dataIntegrationTitles | Text (Multivalued) | N/A | No |
| 61 | sourcesIcons | Source data models icons | N/A | No |
| 62 | name | Text | N/A | No |
| 63 | summary | Text | N/A | No |
| 64 | description | Text | N/A | No |
| 65 | categories | Text (Multivalued) | N/A | No |
| 66 | flowState | Text | N/A | No |
| 67 | sources | Reference (Base model) | SOURCED_FROM | No |
| 68 | dateCreated | Date Time | N/A | No |
| 69 | lastUpdated | Date Time | N/A | No |
| 70 | createdBy | Text | N/A | No |
| 71 | updatedBy | Text | N/A | No |
| 72 | riskScoringModel | Risk Scoring Model | N/A | No |
| 73 | riskFactors | Risk Factors | N/A | No |
FOOTNOTES
- The Order column specifies the order of attributes being calculated in data computation.
- The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
- In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome.
- In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
- The Relationship Type column only applies to the Reference type attributes. You can use the relationship type keyword in BQL queries.