Skip to main content

CVE Record Data Model

The CVE Record data model represents the National Vulnerability Database (NVD) dictionary associated with a Common Vulnerabilities and Exposures (CVE) ID. It extends the Entity Model data model.

The following table details the default attributes of the CVE Record data model:

OrderAttribute NameAttribute TypeRelationship TypeRequired
1cvssV2BaseScoreNumberN/ANo
2cvssV2TemporalScoreNumberN/ANo
3displayNameCalculated (Text)N/AYes
4cvssV2SeverityTextN/ANo
5cvssV2VectorTextN/ANo
6cvssV2AttackVectorTextN/ANo
7cvssV2AccessComplexityTextN/ANo
8cvssV2AuthenticationTextN/ANo
9cvssV2ConfidentialityImpactTextN/ANo
10cvssV2IntegrityImpactTextN/ANo
11cvssV2AvailabilityImpactTextN/ANo
12cvssV2ExploitabilityTextN/ANo
13cvssV2RemediationLevelTextN/ANo
14cvssV2ReportConfidenceTextN/ANo
15cvssV3BaseScoreNumberN/ANo
16cvssV3TemporalScoreNumberN/ANo
17cvssV3SeverityTextN/ANo
18cvssV3VectorTextN/ANo
19cvssV3AttackVectorTextN/ANo
20cvssV3AttackComplexityTextN/ANo
21cvssV3PrivilegesRequiredTextN/ANo
22cvssV3UserInteractionTextN/ANo
23cvssV3ConfidentialityImpactTextN/ANo
24cvssV3IntegrityImpactTextN/ANo
25cvssV3AvailabilityImpactTextN/ANo
26cvssV3ExploitCodeMaturityTextN/ANo
27cvssV3RemediationLevelTextN/ANo
28cvssV3ReportConfidenceTextN/ANo
29severitySingle ChoiceN/ANo
30sourceTextN/ANo
31affectedText (Multivalued)N/ANo
32weaknessesReference (Weakness)EXPLOITSNo
33severityScoreNumberN/ANo
34referencesText (Multivalued)N/ANo
35exploitsText (Multivalued)N/ANo
36malwareText (Multivalued)N/ANo
37publishedDateDate TimeN/ANo
38cisaExploitedTrue FalseN/ANo
39cisaAddedDateDate TimeN/ANo
40cisaDueDateDate TimeN/ANo
41cisaRequiredActionTextN/ANo
42cisaVulnerabilityNameTextN/ANo
43epssScoreNumberN/ANo
44epssPercentileNumberN/ANo
45sourceCreatedDateDate TimeN/ANo
46sourceLastModifiedDate TimeN/ANo
47baseRiskScoreCalculated (Number)N/ANo
48riskFactorOffsetCalculated (Number)N/ANo
49riskScoreCalculated (Number)N/ANo
50riskRatingCalculated (Single Choice)N/ANo
51firstDetectedCalculated (Date Time)N/ANo
52daysToFirstDetectionCalculated (Number)N/ANo
53openFindingCountCalculated (Number)N/ANo
54numberOutOfComplianceNumberN/ANo
55uidTextN/AYes
56dataModelNameCalculated (Text)N/ANo
57sourceUidsText (Multivalued)N/ANo
58connectorCategoriesText (Multivalued)N/ANo
59connectorNamesText (Multivalued)N/ANo
60dataIntegrationTitlesText (Multivalued)N/ANo
61sourcesIconsSource data models iconsN/ANo
62nameTextN/ANo
63summaryTextN/ANo
64descriptionTextN/ANo
65categoriesText (Multivalued)N/ANo
66flowStateTextN/ANo
67sourcesReference (Base model)SOURCED_FROMNo
68dateCreatedDate TimeN/ANo
69lastUpdatedDate TimeN/ANo
70createdByTextN/ANo
71updatedByTextN/ANo
72riskScoringModelRisk Scoring ModelN/ANo
73riskFactorsRisk FactorsN/ANo
FOOTNOTES
  • The Order column specifies the order of attributes being calculated in data computation.
  • The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
  • In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome.
  • In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
  • The Relationship Type column only applies to the Reference type attributes. You can use the relationship type keyword in BQL queries.