ExploitCatalogVulnAssessmentRelationship
Summary
Provides an exploit assessment of a vulnerability.
Description
An ExploitCatalogVulnAssessmentRelationship describes if a vulnerability is listed in any exploit catalog such as the CISA Known Exploited Vulnerabilities (KEV) Catalog.
Constraints
- The relationship type shall be set to hasAssessmentFor.
Example
{
"type": "security_ExploitCatalogVulnAssessmentRelationship",
"spdxId": "urn:spdx.dev:exploit-catalog-1",
"relationshipType": "hasAssessmentFor",
"security_catalogType": "kev",
"locator": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"security_exploited": "true",
"from": "urn:spdx.dev:vuln-cve-2023-2136",
"to": ["urn:product-google-chrome-112.0.5615.136"],
"suppliedBy": "urn:spdx.dev:agent-jane-doe",
"security_publishedTime": "2021-03-09T11:04:53Z"
}
Metadata
https://spdx.org/rdf/3.1/terms/Security/ExploitCatalogVulnAssessmentRelationship
| Name | ExploitCatalogVulnAssessmentRelationship |
| Instantiability | Concrete |
| SubclassOf | VulnAssessmentRelationship |
Class hierarchy
/Core/Element
/Core/Relationship
/Security/VulnAssessmentRelationship
/Security/ExploitCatalogVulnAssessmentRelationship
Properties
| Property | Type | minCount | maxCount |
|---|---|---|---|
| catalogType | ExploitCatalogType | 1 | 1 |
| exploited | xsd:boolean | 1 | 1 |
| locator | xsd:anyURI | 1 | 1 |
All properties
| Property | Type | minCount | maxCount |
|---|---|---|---|
| assessedElement | SoftwareArtifact | 0 | 1 |
| catalogType | ExploitCatalogType | 1 | 1 |
| comment | xsd:string | 0 | 1 |
| completeness | RelationshipCompleteness | 0 | 1 |
| creationInfo | CreationInfo | 1 | 1 |
| description | xsd:string | 0 | 1 |
| endTime | DateTime | 0 | 1 |
| exploited | xsd:boolean | 1 | 1 |
| extension | Extension | 0 | * |
| externalIdentifier | ExternalIdentifier | 0 | * |
| externalRef | ExternalRef | 0 | * |
| from | Element | 1 | 1 |
| locator | xsd:anyURI | 1 | 1 |
| modifiedTime | DateTime | 0 | 1 |
| name | xsd:string | 0 | 1 |
| publishedTime | DateTime | 0 | 1 |
| relationshipType | RelationshipType | 1 | 1 |
| spdxId | xsd:anyURI | 1 | 1 |
| startTime | DateTime | 0 | 1 |
| summary | xsd:string | 0 | 1 |
| suppliedBy | Agent | 0 | 1 |
| to | Element | 1 | * |
| verifiedUsing | IntegrityMethod | 0 | * |
| withdrawnTime | DateTime | 0 | 1 |