schemas.v1.1.1.external.cvrf_1.1.cvss-v2_0.9.xsd Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of stix Show documentation
Show all versions of stix Show documentation
The Java bindings for STIX v.1.2.0.2
Value restriction to single decimal values from 0.0 to 10.0, as used in CVSS scores
Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version
"This schema was intentionally designed to avoid mixing classes and attributes between CVSS version 1, CVSS version 2, and future versions. Scores in the CVSS system are interdependent. The temporal score is a multiplier of the base score. The environmental score, in turn, is a multiplier of the temporal score. The ability to transfer these scores independently is provided on the assumption that the user understands the business logic. For any given metric, it is preferred that the score, as a minimum is provided, however the score can be re-created from the metrics or the multiplier and any scores they are dependent on."
Base type for metrics that defines common attributes of all metrics.
Indicates if the metrics have been upgraded from a previous version of CVSS. If fields that were approximated will have an approximated attribute set to 'true'.
Base severity score assigned to a vulnerability by a source
Base exploit sub-score assigned to a vulnerability by a source
Base impact sub-score assigned to a vulnerability by a source
Data source the vector was obtained from. Example: http://nvd.nist.gov or com.symantec.deepsight
Data source the vector was obtained from. Example: gov.nist.nvd or com.symantec.deepsight
The temporal score is the temporal multiplier times the base score.
The temporal multiplier is a number between zero and one. Reference the CVSS standard for computation.