ExploitCatalogVulnAssessmentRelationship

Summary

Provides an exploit assessment of a vulnerability.

Description

An ExploitCatalogVulnAssessmentRelationship describes if a vulnerability is listed in any exploit catalog such as the CISA Known Exploited Vulnerabilities (KEV) Catalog.

Constraints

  • The relationship type must be set to hasAssessmentFor.

Example

{
  "type": "ExploitCatalogVulnAssessmentRelationship",
  "spdxId": "urn:spdx.dev:exploit-catalog-1",
  "relationshipType": "hasAssessmentFor",
  "security_catalogType": "kev",
  "locator": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
  "security_exploited": "true",
  "from": "urn:spdx.dev:vuln-cve-2023-2136",
  "to": ["urn:product-google-chrome-112.0.5615.136"],
  "suppliedBy": ["urn:spdx.dev:agent-jane-doe"],
  "publishedTime": "2021-03-09T11:04:53Z"
}

Metadata

https://spdx.org/rdf/3.0.1/terms/Security/ExploitCatalogVulnAssessmentRelationship

Name ExploitCatalogVulnAssessmentRelationship
Instantiability Concrete
SubclassOf VulnAssessmentRelationship

Superclasses

/Core/Element
       /Core/Relationship
             /Security/VulnAssessmentRelationship
                   /Security/ExploitCatalogVulnAssessmentRelationship

Properties

Property Type minCount maxCount
catalogType ExploitCatalogType 1 1
exploited xsd:boolean 1 1
locator xsd:anyURI 1 1

All properties

Property Type minCount maxCount
assessedElement SoftwareArtifact 0 1
catalogType ExploitCatalogType 1 1
comment xsd:string 0 1
completeness RelationshipCompleteness 0 1
creationInfo CreationInfo 1 1
description xsd:string 0 1
endTime DateTime 0 1
exploited xsd:boolean 1 1
extension Extension 0 *
externalIdentifier ExternalIdentifier 0 *
externalRef ExternalRef 0 *
from Element 1 1
locator xsd:anyURI 1 1
modifiedTime DateTime 0 1
name xsd:string 0 1
publishedTime DateTime 0 1
relationshipType RelationshipType 1 1
spdxId xsd:anyURI 1 1
startTime DateTime 0 1
summary xsd:string 0 1
suppliedBy Agent 0 1
to Element 1 *
verifiedUsing IntegrityMethod 0 *
withdrawnTime DateTime 0 1