CVE Record Data Model
The CVE Record data model represents the National Vulnerability Database (NVD) dictionary associated with a Common Vulnerabilities and Exposures (CVE) ID. It extends the Entity Model data model.
The following table details the default attributes of the CVE Record data model:
Order | Attribute Name | Attribute Type | Relationship Type | Required |
---|---|---|---|---|
1 | cvssV2BaseScore | Number | N/A | No |
2 | cvssV2TemporalScore | Number | N/A | No |
3 | displayName | Calculated (Text) | N/A | Yes |
4 | cvssV2Severity | Text | N/A | No |
5 | cvssV2Vector | Text | N/A | No |
6 | cvssV2AttackVector | Text | N/A | No |
7 | cvssV2AccessComplexity | Text | N/A | No |
8 | cvssV2Authentication | Text | N/A | No |
9 | cvssV2ConfidentialityImpact | Text | N/A | No |
10 | cvssV2IntegrityImpact | Text | N/A | No |
11 | cvssV2AvailabilityImpact | Text | N/A | No |
12 | cvssV2Exploitability | Text | N/A | No |
13 | cvssV2RemediationLevel | Text | N/A | No |
14 | cvssV2ReportConfidence | Text | N/A | No |
15 | cvssV3BaseScore | Number | N/A | No |
16 | cvssV3TemporalScore | Number | N/A | No |
17 | cvssV3Severity | Text | N/A | No |
18 | cvssV3Vector | Text | N/A | No |
19 | cvssV3AttackVector | Text | N/A | No |
20 | cvssV3AttackComplexity | Text | N/A | No |
21 | cvssV3PrivilegesRequired | Text | N/A | No |
22 | cvssV3UserInteraction | Text | N/A | No |
23 | cvssV3ConfidentialityImpact | Text | N/A | No |
24 | cvssV3IntegrityImpact | Text | N/A | No |
25 | cvssV3AvailabilityImpact | Text | N/A | No |
26 | cvssV3ExploitCodeMaturity | Text | N/A | No |
27 | cvssV3RemediationLevel | Text | N/A | No |
28 | cvssV3ReportConfidence | Text | N/A | No |
29 | severity | Single Choice | N/A | No |
30 | source | Text | N/A | No |
31 | affected | Text (Multivalued) | N/A | No |
32 | weaknesses | Reference (Weakness) | EXPLOITS | No |
33 | severityScore | Number | N/A | No |
34 | references | Text (Multivalued) | N/A | No |
35 | exploits | Text (Multivalued) | N/A | No |
36 | malware | Text (Multivalued) | N/A | No |
37 | publishedDate | Date Time | N/A | No |
38 | cisaExploited | True False | N/A | No |
39 | cisaAddedDate | Date Time | N/A | No |
40 | cisaDueDate | Date Time | N/A | No |
41 | cisaRequiredAction | Text | N/A | No |
42 | cisaVulnerabilityName | Text | N/A | No |
43 | epssScore | Number | N/A | No |
44 | epssPercentile | Number | N/A | No |
45 | sourceCreatedDate | Date Time | N/A | No |
46 | sourceLastModified | Date Time | N/A | No |
47 | baseRiskScore | Calculated (Number) | N/A | No |
48 | riskFactorOffset | Calculated (Number) | N/A | No |
49 | riskScore | Calculated (Number) | N/A | No |
50 | riskRating | Calculated (Single Choice) | N/A | No |
51 | firstDetected | Calculated (Date Time) | N/A | No |
52 | daysToFirstDetection | Calculated (Number) | N/A | No |
53 | openFindingCount | Calculated (Number) | N/A | No |
54 | numberOutOfCompliance | Number | N/A | No |
55 | uid | Text | N/A | Yes |
56 | dataModelName | Calculated (Text) | N/A | No |
57 | sourceUids | Text (Multivalued) | N/A | No |
58 | connectorCategories | Text (Multivalued) | N/A | No |
59 | connectorNames | Text (Multivalued) | N/A | No |
60 | dataIntegrationTitles | Text (Multivalued) | N/A | No |
61 | sourcesIcons | Source data models icons | N/A | No |
62 | name | Text | N/A | No |
63 | summary | Text | N/A | No |
64 | description | Text | N/A | No |
65 | categories | Text (Multivalued) | N/A | No |
66 | flowState | Text | N/A | No |
67 | sources | Reference (Base model) | SOURCED_FROM | No |
68 | dateCreated | Date Time | N/A | No |
69 | lastUpdated | Date Time | N/A | No |
70 | createdBy | Text | N/A | No |
71 | updatedBy | Text | N/A | No |
72 | riskScoringModel | Risk Scoring Model | N/A | No |
73 | riskFactors | Risk Factors | N/A | No |
FOOTNOTES
- The Order column specifies the order of attributes being calculated in data computation.
- The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
- In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome.
- In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
- The Relationship Type column only applies to the Reference type attributes. You can use the relationship type keyword in BQL queries.