Skip to main content

CVE Record Data Model

The CVE Record data model represents the National Vulnerability Database (NVD) dictionary associated with a Common Vulnerabilities and Exposures (CVE) ID. It extends the Entity Model data model.

The following table details the default attributes of the CVE Record data model:

OrderAttribute NameAttribute TypeRelationship TypeRequired
1cvssV2BaseScoreNumberN/ANo
2cvssV2TemporalScoreNumberN/ANo
3baseRiskScoreCalculated (Number)N/ANo
4displayNameCalculated (Text)N/AYes
5cvssV2SeverityTextN/ANo
6riskFactorOffsetCalculated (Number)N/ANo
7cvssV2VectorTextN/ANo
8riskScoreCalculated (Number)N/ANo
9cvssV2AttackVectorTextN/ANo
10riskRatingCalculated (Single Choice)N/ANo
11cvssV2AccessComplexityTextN/ANo
12cvssV2AuthenticationTextN/ANo
13cvssV2ConfidentialityImpactTextN/ANo
14cvssV2IntegrityImpactTextN/ANo
15cvssV2AvailabilityImpactTextN/ANo
16cvssV2ExploitabilityTextN/ANo
17cvssV2RemediationLevelTextN/ANo
18cvssV2ReportConfidenceTextN/ANo
19cvssV3BaseScoreNumberN/ANo
20cvssV3TemporalScoreNumberN/ANo
21cvssV3SeverityTextN/ANo
22cvssV3VectorTextN/ANo
23cvssV3AttackVectorTextN/ANo
24cvssV3AttackComplexityTextN/ANo
25cvssV3PrivilegesRequiredTextN/ANo
26cvssV3UserInteractionTextN/ANo
27cvssV3ConfidentialityImpactTextN/ANo
28cvssV3IntegrityImpactTextN/ANo
29cvssV3AvailabilityImpactTextN/ANo
30cvssV3ExploitCodeMaturityTextN/ANo
31cvssV3RemediationLevelTextN/ANo
32cvssV3ReportConfidenceTextN/ANo
33severitySingle ChoiceN/ANo
34sourceTextN/ANo
35affectedText (Multivalued)N/ANo
36weaknessesReference (Weakness)EXPLOITSNo
37referencesText (Multivalued)N/ANo
38exploitsText (Multivalued)N/ANo
39malwareText (Multivalued)N/ANo
40cisaExploitedTrue FalseN/ANo
41publishedDateDate TimeN/ANo
42cisaDueDateDate TimeN/ANo
43epssScoreNumberN/ANo
44epssPercentileNumberN/ANo
45sourceCreatedDateDate TimeN/ANo
46sourceLastModifiedDate TimeN/ANo
47riskScoreDefinitionCategoryN/ANo
48firstDetectedCalculated (Date Time)N/ANo
49daysToFirstDetectionCalculated (Number)N/ANo
50openFindingCountCalculated (Number)N/ANo
51riskScoringModelRisk Scoring ModelN/ANo
52uidTextN/AYes
53numberOutOfComplianceNumberN/ANo
54nameTextN/ANo
55summaryTextN/ANo
56descriptionTextN/ANo
57dataModelNameCalculated (Text)N/ANo
58sourceUidsText (Multivalued)N/ANo
59connectorCategoriesText (Multivalued)N/ANo
60connectorNamesText (Multivalued)N/ANo
61dataIntegrationTitlesText (Multivalued)N/ANo
62sourcesIconsSource data models iconsN/ANo
63flowStateTextN/ANo
63sourcesReference (Base model)SOURCED_FROMNo
65dateCreatedDate TimeN/ANo
66lastUpdatedDate TimeN/ANo
67createdByTextN/ANo
68updatedByTextN/ANo
69categoriesText (Multivalued)N/ANo
FOOTNOTES
  • The Order column specifies the order of attributes being calculated in data computation.
  • The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
  • In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome.
  • In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
  • The Relationship Type column only applies to the Reference type attributes. You can use the relationship type keyword in BQL queries.