Skip to content

Latest commit

 

History

History
493 lines (468 loc) · 78.3 KB

PREVIEW-TEMPLATING.md

File metadata and controls

493 lines (468 loc) · 78.3 KB
Raw

Secvisogram Preview Templating

HTML Templating Overview

Secvisogram offers functionality to render a CSAF JSON document as an HTML document. Therefore, the Secvisogram "Preview" function offers the possibility to view the CSAF document as a rendered HTML document as well as the underlying HTML source code.

The rendered HTML file is self-sufficient so that it may be saved as standalone HTML file, i.e. for printing or PDF export. For this purpose, Secvisogram offers the possiblity to save the generated HTML content.

Another use-case might be addressed by the Preview Source, which displays a preview of the HTML source code of the rendered document. This might be helpful for users who wish to copy-paste the source HTML content for inclusion in their content management system (CMS).

This document describes how to create and integrate custom Preview Templates.

How to create a custom HTML template

To create a custom Preview HTML template:

  1. Start the development server as described in the "Getting started" section of the README.md
  2. Open http://localhost:8080/view-tests.html?test=SecvisogramPage/PREVIEW%20(seed-1) in your browser to see a preview of the changes
  3. Edit & modify the lib/SecvisogramPage/View/shared/HTMLTemplate/Template.html file according to the instructions in this file
  4. The preview in your browser should refresh automatically and display your latest changes

Technical Overview

Secvisogram uses the popular {{ mustache }} library for the templating mechanism. Currently, the template can only be changed at build-time.

Mustache template example

The following code example illustrates the basic templating mechanism. For a detailed introduction, please refer to the mustache man page.

<h3>List of acknowledgments</h3>
{{#data.json.document.acknowledgments}}
    <h4>Acknowledgment</h4>
    <h5>List of acknowledged names</h5>
    {{#names}}{{#.}}
            <h6>Name of entity being recognized</h6>
            <p>{{.}}</p>
        {{/.}} {{/names}}
    <h5>List of contributing organizations</h5>
    {{#organizations}}{{#.}}
            <h6>Contributing organization</h6>
            <p>{{.}}</p>
        {{/.}} {{/organizations}}
    {{#summary}}
        <h5>Summary of the acknowledgment</h5>
        <p>{{summary}}</p>
    {{/summary}}
    <h5>List of URLs</h5>
    {{#urls}}{{#.}}
            <h6>URL of acknowledgment</h6>
            <p>{{.}}</p>
        {{/.}} {{/urls}}
{{/data.json.document.acknowledgments}}
  • {{#attribute}} … {{/attribute}} opens a section, referring to the template attribute attribute.
  • All CSAF document values are provided by the data.json object, as data.json.document does for the CSAF document node/attribute.
  • By nesting mustache statements, you can navigate down the CSAF object graph. Please be aware that many fields are optional and must be handled properly in your template.
  • data.json.document.acknowledgments.names refers to a list. Hence, mustache will loop over every element in the list.
  • You can use {{.}} to refer to the current element. By wrapping this into a {{#.}} … {{/.}}, you can also include content to be repeated on every loop.

Full list of template attributes

This is the full list of document properties. It reflects the structure as defined by the CSAF schema definition.

Attribute Description Example value
. Representation of security advisory information as a JSON document.
document Captures the meta-data about this document describing a particular set of security advisories.
document.acknowledgments Contains a list of acknowledgment elements associated with the whole document.
document.acknowledgments[] Acknowledges contributions by describing those that contributed.
document.acknowledgments[].names Contains the names of entities being recognized.
document.acknowledgments[].names[] Contains the name of a single person. Albert Einstein, Johann Sebastian Bach
document.acknowledgments[].organization Contains the name of a contributing organization being recognized. CISA, Google Project Zero, Talos
document.acknowledgments[].summary SHOULD represent any contextual details the document producers wish to make known about the acknowledgment or acknowledged parties. First analysis of Coordinated Multi-Stream Attack (CMSA)
document.acknowledgments[].urls Specifies a list of URLs or location of the reference to be acknowledged.
document.acknowledgments[].urls[] Contains the URL or location of the reference to be acknowledged.
document.aggregate_severity Is a vehicle that is provided by the document producer to convey the urgency and criticality with which the one or more vulnerabilities reported should be addressed. It is a document-level metric and applied to the document as a whole — not any specific vulnerability. The range of values in this field is defined according to the document producer's policies and procedures.
document.aggregate_severity.namespace Points to the namespace so referenced.
document.aggregate_severity.text Provides a severity which is independent of - and in addition to - any other standard metric for determining the impact or severity of a given vulnerability (such as CVSS). Critical, Important, Moderate
document.category Defines a short canonical name, chosen by the document producer, which will inform the end user as to the category of document. csaf_base, csaf_security_advisory, csaf_vex, Example Company Security Notice
document.csaf_version Gives the version of the CSAF specification which the document was generated for.
document.distribution Describe any constraints on how this document might be shared.
document.distribution.text Provides a textual description of additional constraints. Copyright 2021, Example Company, All Rights Reserved., Distribute freely., Share only on a need-to-know-basis only.
document.distribution.tlp Provides details about the TLP classification of the document.
document.distribution.tlp.label Provides the TLP label of the document.
document.distribution.tlp.url Provides a URL where to find the textual description of the TLP version which is used in this document. Default is the URL to the definition by FIRST. https://www.us-cert.gov/tlp, https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Kritis/Merkblatt_TLP.pdf
document.lang Identifies the language used by this document, corresponding to IETF BCP 47 / RFC 5646. de, en, fr, frc, jp
document.notes Holds notes associated with the whole document.
document.notes[] Is a place to put all manner of text blobs related to the current context.
document.notes[].audience Indicate who is intended to read it. all, executives, operational management and system administrators, safety engineers
document.notes[].category Choice of what kind of note this is.
document.notes[].text The contents of the note. Content varies depending on type.
document.notes[].title Provides a concise description of what is contained in the text of the note. Details, Executive summary, Technical summary, Impact on safety systems
document.publisher Provides information about the publisher of the document.
document.publisher.category Provides information about the category of publisher releasing the document.
document.publisher.contact_details Information on how to contact the publisher, possibly including details such as web sites, email addresses, phone numbers, and postal mail addresses. Example Company can be reached at contact_us@example.com, or via our website at https://www.example.com/contact.
document.publisher.issuing_authority Provides information about the authority of the issuing party to release the document, in particular, the party's constituency and responsibilities or other obligations.
document.publisher.name Contains the name of the issuing party. BSI, Cisco PSIRT, Siemens ProductCERT
document.publisher.namespace Contains a URL which is under control of the issuing party and can be used as a globally unique identifier for that issuing party. https://csaf.io, https://www.example.com
document.references Holds a list of references associated with the whole document.
document.references[] Holds any reference to conferences, papers, advisories, and other resources that are related and considered related to either a surrounding part of or the entire document and to be of value to the document consumer.
document.references[].category Indicates whether the reference points to the same document or vulnerability in focus (depending on scope) or to an external resource.
document.references[].summary Indicates what this reference refers to.
document.references[].url Provides the URL for the reference.
document.source_lang If this copy of the document is a translation then the value of this property describes from which language this document was translated. de, en, fr, frc, jp
document.title This SHOULD be a canonical name for the document, and sufficiently unique to distinguish it from similar documents. Cisco IPv6 Crafted Packet Denial of Service Vulnerability, Example Company Cross-Site-Scripting Vulnerability in Example Generator
document.tracking Is a container designated to hold all management attributes necessary to track a CSAF document as a whole.
document.tracking.aliases Contains a list of alternate names for the same document.
document.tracking.aliases[] Specifies a non-empty string that represents a distinct optional alternative ID used to refer to the document. CVE-2019-12345
document.tracking.current_release_date The date when the current revision of this document was released
document.tracking.generator Is a container to hold all elements related to the generation of the document. These items will reference when the document was actually created, including the date it was generated and the entity that generated it.
document.tracking.generator.date This SHOULD be the current date that the document was generated. Because documents are often generated internally by a document producer and exist for a nonzero amount of time before being released, this field MAY be different from the Initial Release Date and Current Release Date.
document.tracking.generator.engine Contains information about the engine that generated the CSAF document.
document.tracking.generator.engine.name Represents the name of the engine that generated the CSAF document. Red Hat rhsa-to-cvrf, Secvisogram, TVCE
document.tracking.generator.engine.version Contains the version of the engine that generated the CSAF document. 0.6.0, 1.0.0-beta+exp.sha.a1c44f85, 2
document.tracking.id The ID is a simple label that provides for a wide range of numbering values, types, and schemes. Its value SHOULD be assigned and maintained by the original document issuing authority. Example Company - 2019-YH3234, RHBA-2019:0024, cisco-sa-20190513-secureboot
document.tracking.initial_release_date The date when this document was first published.
document.tracking.revision_history Holds one revision item for each version of the CSAF document, including the initial one.
document.tracking.revision_history[] Contains all the information elements required to track the evolution of a CSAF document.
document.tracking.revision_history[].date The date of the revision entry
document.tracking.revision_history[].legacy_version Contains the version string used in an existing document with the same content.
document.tracking.revision_history[].number Specifies a version string to denote clearly the evolution of the content of the document. Format must be either integer or semantic versioning. 1, 4, 0.9.0, 1.4.3, 2.40.0+21AF26D3
document.tracking.revision_history[].summary Holds a single non-empty string representing a short description of the changes. Initial version.
document.tracking.status Defines the draft status of the document.
document.tracking.version Specifies a version string to denote clearly the evolution of the content of the document. Format must be either integer or semantic versioning. 1, 4, 0.9.0, 1.4.3, 2.40.0+21AF26D3
product_tree Is a container for all fully qualified product names that can be referenced elsewhere in the document.
product_tree.branches Contains branch elements as children of the current element.
product_tree.branches[] Is a part of the hierarchical structure of the product tree.
product_tree.branches[].branches Contains branch elements as children of the current element.
product_tree.branches[].branches[] Is a part of the hierarchical structure of the product tree.
product_tree.branches[].branches[].branches Contains branch elements as children of the current element.
product_tree.branches[].branches[].branches[] Is a part of the hierarchical structure of the product tree.
product_tree.branches[].branches[].branches[].branches Contains branch elements as children of the current element.
product_tree.branches[].branches[].branches[].branches[] Is a part of the hierarchical structure of the product tree.
product_tree.branches[].branches[].branches[].branches[].category Describes the characteristics of the labeled branch.
product_tree.branches[].branches[].branches[].branches[].name Contains the canonical descriptor or 'friendly name' of the branch. 10, 365, Microsoft, Office, PCS 7, SIMATIC, Siemens, Windows
product_tree.branches[].branches[].branches[].category Describes the characteristics of the labeled branch.
product_tree.branches[].branches[].branches[].name Contains the canonical descriptor or 'friendly name' of the branch. 10, 365, Microsoft, Office, PCS 7, SIMATIC, Siemens, Windows
product_tree.branches[].branches[].branches[].product Specifies information about the product and assigns the product_id.
product_tree.branches[].branches[].branches[].product.name The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document. Cisco AnyConnect Secure Mobility Client 2.3.185, Microsoft Host Integration Server 2006 Service Pack 1
product_tree.branches[].branches[].branches[].product.product_id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
product_tree.branches[].branches[].branches[].product.product_identification_helper Provides at least one method which aids in identifying the product in an asset database.
product_tree.branches[].branches[].branches[].product.product_identification_helper.cpe The Common Platform Enumeration (CPE) attribute refers to a method for naming platforms external to this specification.
product_tree.branches[].branches[].branches[].product.product_identification_helper.hashes Contains a list of cryptographic hashes usable to identify files.
product_tree.branches[].branches[].branches[].product.product_identification_helper.model_numbers Contains a list of parts, or full model numbers.
product_tree.branches[].branches[].branches[].product.product_identification_helper.purl The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification.
product_tree.branches[].branches[].branches[].product.product_identification_helper.sbom_urls Contains a list of URLs where SBOMs for this product can be retrieved.
product_tree.branches[].branches[].branches[].product.product_identification_helper.serial_numbers Contains a list of parts, or full serial numbers.
product_tree.branches[].branches[].branches[].product.product_identification_helper.skus Contains a list of parts, or full stock keeping units.
product_tree.branches[].branches[].branches[].product.product_identification_helper.x_generic_uris Contains a list of identifiers which are either vendor-specific or derived from a standard not yet supported.
product_tree.branches[].branches[].category Describes the characteristics of the labeled branch.
product_tree.branches[].branches[].name Contains the canonical descriptor or 'friendly name' of the branch. 10, 365, Microsoft, Office, PCS 7, SIMATIC, Siemens, Windows
product_tree.branches[].branches[].product Specifies information about the product and assigns the product_id.
product_tree.branches[].branches[].product.name The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document. Cisco AnyConnect Secure Mobility Client 2.3.185, Microsoft Host Integration Server 2006 Service Pack 1
product_tree.branches[].branches[].product.product_id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
product_tree.branches[].branches[].product.product_identification_helper Provides at least one method which aids in identifying the product in an asset database.
product_tree.branches[].branches[].product.product_identification_helper.cpe The Common Platform Enumeration (CPE) attribute refers to a method for naming platforms external to this specification.
product_tree.branches[].branches[].product.product_identification_helper.hashes Contains a list of cryptographic hashes usable to identify files.
product_tree.branches[].branches[].product.product_identification_helper.hashes[] Contains all information to identify a file based on its cryptographic hash values.
product_tree.branches[].branches[].product.product_identification_helper.hashes[].file_hashes Contains a list of cryptographic hashes for this file.
product_tree.branches[].branches[].product.product_identification_helper.hashes[].filename Contains the name of the file which is identified by the hash values. WINWORD.EXE, msotadddin.dll, sudoers.so
product_tree.branches[].branches[].product.product_identification_helper.model_numbers Contains a list of parts, or full model numbers.
product_tree.branches[].branches[].product.product_identification_helper.model_numbers[] Contains a part, or a full model number of the component to identify.
product_tree.branches[].branches[].product.product_identification_helper.purl The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification.
product_tree.branches[].branches[].product.product_identification_helper.sbom_urls Contains a list of URLs where SBOMs for this product can be retrieved.
product_tree.branches[].branches[].product.product_identification_helper.sbom_urls[] Contains a URL of one SBOM for this product.
product_tree.branches[].branches[].product.product_identification_helper.serial_numbers Contains a list of parts, or full serial numbers.
product_tree.branches[].branches[].product.product_identification_helper.serial_numbers[] Contains a part, or a full serial number of the component to identify.
product_tree.branches[].branches[].product.product_identification_helper.skus Contains a list of parts, or full stock keeping units.
product_tree.branches[].branches[].product.product_identification_helper.skus[] Contains a part, or a full stock keeping unit (SKU) which is used in the ordering process to identify the component.
product_tree.branches[].branches[].product.product_identification_helper.x_generic_uris Contains a list of identifiers which are either vendor-specific or derived from a standard not yet supported.
product_tree.branches[].branches[].product.product_identification_helper.x_generic_uris[] Provides a generic extension point for any identifier which is either vendor-specific or derived from a standard not yet supported.
product_tree.branches[].branches[].product.product_identification_helper.x_generic_uris[].namespace Refers to a URL which provides the name and knowledge about the specification used or is the namespace in which these values are valid.
product_tree.branches[].branches[].product.product_identification_helper.x_generic_uris[].uri Contains the identifier itself.
product_tree.branches[].category Describes the characteristics of the labeled branch.
product_tree.branches[].name Contains the canonical descriptor or 'friendly name' of the branch. 10, 365, Microsoft, Office, PCS 7, SIMATIC, Siemens, Windows
product_tree.branches[].product Specifies information about the product and assigns the product_id.
product_tree.branches[].product.name The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document. Cisco AnyConnect Secure Mobility Client 2.3.185, Microsoft Host Integration Server 2006 Service Pack 1
product_tree.branches[].product.product_id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
product_tree.branches[].product.product_identification_helper Provides at least one method which aids in identifying the product in an asset database.
product_tree.branches[].product.product_identification_helper.cpe The Common Platform Enumeration (CPE) attribute refers to a method for naming platforms external to this specification.
product_tree.branches[].product.product_identification_helper.hashes Contains a list of cryptographic hashes usable to identify files.
product_tree.branches[].product.product_identification_helper.hashes[] Contains all information to identify a file based on its cryptographic hash values.
product_tree.branches[].product.product_identification_helper.hashes[].file_hashes Contains a list of cryptographic hashes for this file.
product_tree.branches[].product.product_identification_helper.hashes[].file_hashes[] Contains one hash value and algorithm of the file to be identified.
product_tree.branches[].product.product_identification_helper.hashes[].file_hashes[].algorithm Contains the name of the cryptographic hash algorithm used to calculate the value. blake2b512, sha256, sha3-512, sha384, sha512
product_tree.branches[].product.product_identification_helper.hashes[].file_hashes[].value Contains the cryptographic hash value in hexadecimal representation. 37df33cb7464da5c7f077f4d56a32bc84987ec1d85b234537c1c1a4d4fc8d09dc29e2e762cb5203677bf849a2855a0283710f1f5fe1d6ce8d5ac85c645d0fcb3, 4775203615d9534a8bfca96a93dc8b461a489f69124a130d786b42204f3341cc, 9ea4c8200113d49d26505da0e02e2f49055dc078d1ad7a419b32e291c7afebbb84badfbd46dec42883bea0b2a1fa697c
product_tree.branches[].product.product_identification_helper.hashes[].filename Contains the name of the file which is identified by the hash values. WINWORD.EXE, msotadddin.dll, sudoers.so
product_tree.branches[].product.product_identification_helper.model_numbers Contains a list of parts, or full model numbers.
product_tree.branches[].product.product_identification_helper.model_numbers[] Contains a part, or a full model number of the component to identify.
product_tree.branches[].product.product_identification_helper.purl The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification.
product_tree.branches[].product.product_identification_helper.sbom_urls Contains a list of URLs where SBOMs for this product can be retrieved.
product_tree.branches[].product.product_identification_helper.sbom_urls[] Contains a URL of one SBOM for this product.
product_tree.branches[].product.product_identification_helper.serial_numbers Contains a list of parts, or full serial numbers.
product_tree.branches[].product.product_identification_helper.serial_numbers[] Contains a part, or a full serial number of the component to identify.
product_tree.branches[].product.product_identification_helper.skus Contains a list of parts, or full stock keeping units.
product_tree.branches[].product.product_identification_helper.skus[] Contains a part, or a full stock keeping unit (SKU) which is used in the ordering process to identify the component.
product_tree.branches[].product.product_identification_helper.x_generic_uris Contains a list of identifiers which are either vendor-specific or derived from a standard not yet supported.
product_tree.branches[].product.product_identification_helper.x_generic_uris[] Provides a generic extension point for any identifier which is either vendor-specific or derived from a standard not yet supported.
product_tree.branches[].product.product_identification_helper.x_generic_uris[].namespace Refers to a URL which provides the name and knowledge about the specification used or is the namespace in which these values are valid.
product_tree.branches[].product.product_identification_helper.x_generic_uris[].uri Contains the identifier itself.
product_tree.full_product_names Contains a list of full product names.
product_tree.full_product_names[] Specifies information about the product and assigns the product_id.
product_tree.full_product_names[].name The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document. Cisco AnyConnect Secure Mobility Client 2.3.185, Microsoft Host Integration Server 2006 Service Pack 1
product_tree.full_product_names[].product_id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
product_tree.full_product_names[].product_identification_helper Provides at least one method which aids in identifying the product in an asset database.
product_tree.full_product_names[].product_identification_helper.cpe The Common Platform Enumeration (CPE) attribute refers to a method for naming platforms external to this specification.
product_tree.full_product_names[].product_identification_helper.hashes Contains a list of cryptographic hashes usable to identify files.
product_tree.full_product_names[].product_identification_helper.hashes[] Contains all information to identify a file based on its cryptographic hash values.
product_tree.full_product_names[].product_identification_helper.hashes[].file_hashes Contains a list of cryptographic hashes for this file.
product_tree.full_product_names[].product_identification_helper.hashes[].file_hashes[] Contains one hash value and algorithm of the file to be identified.
product_tree.full_product_names[].product_identification_helper.hashes[].file_hashes[].algorithm Contains the name of the cryptographic hash algorithm used to calculate the value. blake2b512, sha256, sha3-512, sha384, sha512
product_tree.full_product_names[].product_identification_helper.hashes[].file_hashes[].value Contains the cryptographic hash value in hexadecimal representation. 37df33cb7464da5c7f077f4d56a32bc84987ec1d85b234537c1c1a4d4fc8d09dc29e2e762cb5203677bf849a2855a0283710f1f5fe1d6ce8d5ac85c645d0fcb3, 4775203615d9534a8bfca96a93dc8b461a489f69124a130d786b42204f3341cc, 9ea4c8200113d49d26505da0e02e2f49055dc078d1ad7a419b32e291c7afebbb84badfbd46dec42883bea0b2a1fa697c
product_tree.full_product_names[].product_identification_helper.hashes[].filename Contains the name of the file which is identified by the hash values. WINWORD.EXE, msotadddin.dll, sudoers.so
product_tree.full_product_names[].product_identification_helper.model_numbers Contains a list of parts, or full model numbers.
product_tree.full_product_names[].product_identification_helper.model_numbers[] Contains a part, or a full model number of the component to identify.
product_tree.full_product_names[].product_identification_helper.purl The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification.
product_tree.full_product_names[].product_identification_helper.sbom_urls Contains a list of URLs where SBOMs for this product can be retrieved.
product_tree.full_product_names[].product_identification_helper.sbom_urls[] Contains a URL of one SBOM for this product.
product_tree.full_product_names[].product_identification_helper.serial_numbers Contains a list of parts, or full serial numbers.
product_tree.full_product_names[].product_identification_helper.serial_numbers[] Contains a part, or a full serial number of the component to identify.
product_tree.full_product_names[].product_identification_helper.skus Contains a list of parts, or full stock keeping units.
product_tree.full_product_names[].product_identification_helper.skus[] Contains a part, or a full stock keeping unit (SKU) which is used in the ordering process to identify the component.
product_tree.full_product_names[].product_identification_helper.x_generic_uris Contains a list of identifiers which are either vendor-specific or derived from a standard not yet supported.
product_tree.full_product_names[].product_identification_helper.x_generic_uris[] Provides a generic extension point for any identifier which is either vendor-specific or derived from a standard not yet supported.
product_tree.full_product_names[].product_identification_helper.x_generic_uris[].namespace Refers to a URL which provides the name and knowledge about the specification used or is the namespace in which these values are valid.
product_tree.full_product_names[].product_identification_helper.x_generic_uris[].uri Contains the identifier itself.
product_tree.product_groups Contains a list of product groups.
product_tree.product_groups[] Defines a new logical group of products that can then be referred to in other parts of the document to address a group of products with a single identifier.
product_tree.product_groups[].group_id Token required to identify a group of products so that it can be referred to from other parts in the document. There is no predefined or required format for the product_group_id as long as it uniquely identifies a group in the context of the current document. CSAFGID-0001, CSAFGID-0002, CSAFGID-0020
product_tree.product_groups[].product_ids Lists the product_ids of those products which known as one group in the document.
product_tree.product_groups[].product_ids[] Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
product_tree.product_groups[].summary Gives a short, optional description of the group. Products supporting Modbus., The x64 versions of the operating system.
product_tree.relationships Contains a list of relationships.
product_tree.relationships[] Establishes a link between two existing full_product_name_t elements, allowing the document producer to define a combination of two products that form a new full_product_name entry.
product_tree.relationships[].category Defines the category of relationship for the referenced component.
product_tree.relationships[].full_product_name Specifies information about the product and assigns the product_id.
product_tree.relationships[].full_product_name.name The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document. Cisco AnyConnect Secure Mobility Client 2.3.185, Microsoft Host Integration Server 2006 Service Pack 1
product_tree.relationships[].full_product_name.product_id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
product_tree.relationships[].full_product_name.product_identification_helper Provides at least one method which aids in identifying the product in an asset database.
product_tree.relationships[].full_product_name.product_identification_helper.cpe The Common Platform Enumeration (CPE) attribute refers to a method for naming platforms external to this specification.
product_tree.relationships[].full_product_name.product_identification_helper.hashes Contains a list of cryptographic hashes usable to identify files.
product_tree.relationships[].full_product_name.product_identification_helper.hashes[] Contains all information to identify a file based on its cryptographic hash values.
product_tree.relationships[].full_product_name.product_identification_helper.hashes[].file_hashes Contains a list of cryptographic hashes for this file.
product_tree.relationships[].full_product_name.product_identification_helper.hashes[].file_hashes[] Contains one hash value and algorithm of the file to be identified.
product_tree.relationships[].full_product_name.product_identification_helper.hashes[].file_hashes[].algorithm Contains the name of the cryptographic hash algorithm used to calculate the value. blake2b512, sha256, sha3-512, sha384, sha512
product_tree.relationships[].full_product_name.product_identification_helper.hashes[].file_hashes[].value Contains the cryptographic hash value in hexadecimal representation. 37df33cb7464da5c7f077f4d56a32bc84987ec1d85b234537c1c1a4d4fc8d09dc29e2e762cb5203677bf849a2855a0283710f1f5fe1d6ce8d5ac85c645d0fcb3, 4775203615d9534a8bfca96a93dc8b461a489f69124a130d786b42204f3341cc, 9ea4c8200113d49d26505da0e02e2f49055dc078d1ad7a419b32e291c7afebbb84badfbd46dec42883bea0b2a1fa697c
product_tree.relationships[].full_product_name.product_identification_helper.hashes[].filename Contains the name of the file which is identified by the hash values. WINWORD.EXE, msotadddin.dll, sudoers.so
product_tree.relationships[].full_product_name.product_identification_helper.model_numbers Contains a list of parts, or full model numbers.
product_tree.relationships[].full_product_name.product_identification_helper.model_numbers[] Contains a part, or a full model number of the component to identify.
product_tree.relationships[].full_product_name.product_identification_helper.purl The package URL (purl) attribute refers to a method for reliably identifying and locating software packages external to this specification.
product_tree.relationships[].full_product_name.product_identification_helper.sbom_urls Contains a list of URLs where SBOMs for this product can be retrieved.
product_tree.relationships[].full_product_name.product_identification_helper.sbom_urls[] Contains a URL of one SBOM for this product.
product_tree.relationships[].full_product_name.product_identification_helper.serial_numbers Contains a list of parts, or full serial numbers.
product_tree.relationships[].full_product_name.product_identification_helper.serial_numbers[] Contains a part, or a full serial number of the component to identify.
product_tree.relationships[].full_product_name.product_identification_helper.skus Contains a list of parts, or full stock keeping units.
product_tree.relationships[].full_product_name.product_identification_helper.skus[] Contains a part, or a full stock keeping unit (SKU) which is used in the ordering process to identify the component.
product_tree.relationships[].full_product_name.product_identification_helper.x_generic_uris Contains a list of identifiers which are either vendor-specific or derived from a standard not yet supported.
product_tree.relationships[].full_product_name.product_identification_helper.x_generic_uris[] Provides a generic extension point for any identifier which is either vendor-specific or derived from a standard not yet supported.
product_tree.relationships[].full_product_name.product_identification_helper.x_generic_uris[].namespace Refers to a URL which provides the name and knowledge about the specification used or is the namespace in which these values are valid.
product_tree.relationships[].full_product_name.product_identification_helper.x_generic_uris[].uri Contains the identifier itself.
product_tree.relationships[].product_reference Holds a Product ID that refers to the Full Product Name element, which is referenced as the first element of the relationship. CSAFPID-0004, CSAFPID-0008
product_tree.relationships[].relates_to_product_reference Holds a Product ID that refers to the Full Product Name element, which is referenced as the second element of the relationship. CSAFPID-0004, CSAFPID-0008
vulnerabilities Represents a list of all relevant vulnerability information items.
vulnerabilities[] Is a container for the aggregation of all fields that are related to a single vulnerability in the document.
vulnerabilities[].acknowledgments Contains a list of acknowledgment elements associated with this vulnerability item.
vulnerabilities[].acknowledgments[] Acknowledges contributions by describing those that contributed.
vulnerabilities[].acknowledgments[].names Contains the names of entities being recognized.
vulnerabilities[].acknowledgments[].names[] Contains the name of a single person. Albert Einstein, Johann Sebastian Bach
vulnerabilities[].acknowledgments[].organization Contains the name of a contributing organization being recognized. CISA, Google Project Zero, Talos
vulnerabilities[].acknowledgments[].summary SHOULD represent any contextual details the document producers wish to make known about the acknowledgment or acknowledged parties. First analysis of Coordinated Multi-Stream Attack (CMSA)
vulnerabilities[].acknowledgments[].urls Specifies a list of URLs or location of the reference to be acknowledged.
vulnerabilities[].acknowledgments[].urls[] Contains the URL or location of the reference to be acknowledged.
vulnerabilities[].cve Holds the MITRE standard Common Vulnerabilities and Exposures (CVE) tracking number for the vulnerability.
vulnerabilities[].cwe Holds the MITRE standard Common Weakness Enumeration (CWE) for the weakness associated.
vulnerabilities[].cwe.id Holds the ID for the weakness associated. CWE-22, CWE-352, CWE-79
vulnerabilities[].cwe.name Holds the full name of the weakness as given in the CWE specification. Cross-Site Request Forgery (CSRF), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulnerabilities[].discovery_date Holds the date and time the vulnerability was originally discovered.
vulnerabilities[].flags Contains a list of machine readable flags.
vulnerabilities[].flags[] Contains product specific information in regard to this vulnerability as a single machine readable flag.
vulnerabilities[].flags[].date Contains the date when assessment was done or the flag was assigned.
vulnerabilities[].flags[].group_ids Specifies a list of product_group_ids to give context to the parent item.
vulnerabilities[].flags[].group_ids[] Token required to identify a group of products so that it can be referred to from other parts in the document. There is no predefined or required format for the product_group_id as long as it uniquely identifies a group in the context of the current document. CSAFGID-0001, CSAFGID-0002, CSAFGID-0020
vulnerabilities[].flags[].label Specifies the machine readable label.
vulnerabilities[].flags[].product_ids Specifies a list of product_ids to give context to the parent item.
vulnerabilities[].flags[].product_ids[] Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
vulnerabilities[].ids Represents a list of unique labels or tracking IDs for the vulnerability (if such information exists).
vulnerabilities[].ids[] Contains a single unique label or tracking ID for the vulnerability.
vulnerabilities[].ids[].system_name Indicates the name of the vulnerability tracking or numbering system. Cisco Bug ID, GitHub Issue
vulnerabilities[].ids[].text Is unique label or tracking ID for the vulnerability (if such information exists). CSCso66472, oasis-tcs/csaf#210
vulnerabilities[].involvements Contains a list of involvements.
vulnerabilities[].involvements[] Is a container, that allows the document producers to comment on the level of involvement (or engagement) of themselves or third parties in the vulnerability identification, scoping, and remediation process.
vulnerabilities[].involvements[].date Holds the date and time of the involvement entry.
vulnerabilities[].involvements[].party Defines the category of the involved party.
vulnerabilities[].involvements[].status Defines contact status of the involved party.
vulnerabilities[].involvements[].summary Contains additional context regarding what is going on.
vulnerabilities[].notes Holds notes associated with this vulnerability item.
vulnerabilities[].notes[] Is a place to put all manner of text blobs related to the current context.
vulnerabilities[].notes[].audience Indicate who is intended to read it. all, executives, operational management and system administrators, safety engineers
vulnerabilities[].notes[].category Choice of what kind of note this is.
vulnerabilities[].notes[].text The contents of the note. Content varies depending on type.
vulnerabilities[].notes[].title Provides a concise description of what is contained in the text of the note. Details, Executive summary, Technical summary, Impact on safety systems
vulnerabilities[].product_status Contains different lists of product_ids which provide details on the status of the referenced product related to the current vulnerability.
vulnerabilities[].product_status.first_affected These are the first versions of the releases known to be affected by the vulnerability.
vulnerabilities[].product_status.first_affected[] Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
vulnerabilities[].product_status.first_fixed These versions contain the first fix for the vulnerability but may not be the recommended fixed versions.
vulnerabilities[].product_status.first_fixed[] Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
vulnerabilities[].product_status.fixed These versions contain a fix for the vulnerability but may not be the recommended fixed versions.
vulnerabilities[].product_status.fixed[] Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
vulnerabilities[].product_status.known_affected These versions are known to be affected by the vulnerability.
vulnerabilities[].product_status.known_affected[] Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
vulnerabilities[].product_status.known_not_affected These versions are known not to be affected by the vulnerability.
vulnerabilities[].product_status.known_not_affected[] Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
vulnerabilities[].product_status.last_affected These are the last versions in a release train known to be affected by the vulnerability. Subsequently released versions would contain a fix for the vulnerability.
vulnerabilities[].product_status.last_affected[] Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
vulnerabilities[].product_status.recommended These versions have a fix for the vulnerability and are the vendor-recommended versions for fixing the vulnerability.
vulnerabilities[].product_status.recommended[] Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
vulnerabilities[].product_status.under_investigation It is not known yet whether these versions are or are not affected by the vulnerability. However, it is still under investigation - the result will be provided in a later release of the document.
vulnerabilities[].product_status.under_investigation[] Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
vulnerabilities[].references Holds a list of references associated with this vulnerability item.
vulnerabilities[].references[] Holds any reference to conferences, papers, advisories, and other resources that are related and considered related to either a surrounding part of or the entire document and to be of value to the document consumer.
vulnerabilities[].references[].category Indicates whether the reference points to the same document or vulnerability in focus (depending on scope) or to an external resource.
vulnerabilities[].references[].summary Indicates what this reference refers to.
vulnerabilities[].references[].url Provides the URL for the reference.
vulnerabilities[].release_date Holds the date and time the vulnerability was originally released into the wild.
vulnerabilities[].remediations Contains a list of remediations.
vulnerabilities[].remediations[] Specifies details on how to handle (and presumably, fix) a vulnerability.
vulnerabilities[].remediations[].category Specifies the category which this remediation belongs to.
vulnerabilities[].remediations[].date Contains the date from which the remediation is available.
vulnerabilities[].remediations[].details Contains a thorough human-readable discussion of the remediation.
vulnerabilities[].remediations[].entitlements Contains a list of entitlements.
vulnerabilities[].remediations[].entitlements[] Contains any possible vendor-defined constraints for obtaining fixed software or hardware that fully resolves the vulnerability.
vulnerabilities[].remediations[].group_ids Specifies a list of product_group_ids to give context to the parent item.
vulnerabilities[].remediations[].group_ids[] Token required to identify a group of products so that it can be referred to from other parts in the document. There is no predefined or required format for the product_group_id as long as it uniquely identifies a group in the context of the current document. CSAFGID-0001, CSAFGID-0002, CSAFGID-0020
vulnerabilities[].remediations[].product_ids Specifies a list of product_ids to give context to the parent item.
vulnerabilities[].remediations[].product_ids[] Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
vulnerabilities[].remediations[].restart_required Provides information on category of restart is required by this remediation to become effective.
vulnerabilities[].remediations[].restart_required.category Specifies what category of restart is required by this remediation to become effective.
vulnerabilities[].remediations[].restart_required.details Provides additional information for the restart. This can include details on procedures, scope or impact.
vulnerabilities[].remediations[].url Contains the URL where to obtain the remediation.
vulnerabilities[].scores contains score objects for the current vulnerability.
vulnerabilities[].scores[] specifies information about (at least one) score of the vulnerability and for which products the given value applies.
vulnerabilities[].scores[].cvss_v2
vulnerabilities[].scores[].cvss_v2.version CVSS Version
vulnerabilities[].scores[].cvss_v2.vectorString
vulnerabilities[].scores[].cvss_v2.accessVector
vulnerabilities[].scores[].cvss_v2.accessComplexity
vulnerabilities[].scores[].cvss_v2.authentication
vulnerabilities[].scores[].cvss_v2.confidentialityImpact
vulnerabilities[].scores[].cvss_v2.integrityImpact
vulnerabilities[].scores[].cvss_v2.availabilityImpact
vulnerabilities[].scores[].cvss_v2.baseScore
vulnerabilities[].scores[].cvss_v2.exploitability
vulnerabilities[].scores[].cvss_v2.remediationLevel
vulnerabilities[].scores[].cvss_v2.reportConfidence
vulnerabilities[].scores[].cvss_v2.temporalScore
vulnerabilities[].scores[].cvss_v2.collateralDamagePotential
vulnerabilities[].scores[].cvss_v2.targetDistribution
vulnerabilities[].scores[].cvss_v2.confidentialityRequirement
vulnerabilities[].scores[].cvss_v2.integrityRequirement
vulnerabilities[].scores[].cvss_v2.availabilityRequirement
vulnerabilities[].scores[].cvss_v2.environmentalScore
vulnerabilities[].scores[].cvss_v3
vulnerabilities[].scores[].cvss_v3.version CVSS Version
vulnerabilities[].scores[].cvss_v3.vectorString
vulnerabilities[].scores[].cvss_v3.attackVector
vulnerabilities[].scores[].cvss_v3.attackComplexity
vulnerabilities[].scores[].cvss_v3.privilegesRequired
vulnerabilities[].scores[].cvss_v3.userInteraction
vulnerabilities[].scores[].cvss_v3.scope
vulnerabilities[].scores[].cvss_v3.confidentialityImpact
vulnerabilities[].scores[].cvss_v3.integrityImpact
vulnerabilities[].scores[].cvss_v3.availabilityImpact
vulnerabilities[].scores[].cvss_v3.baseScore
vulnerabilities[].scores[].cvss_v3.baseSeverity
vulnerabilities[].scores[].cvss_v3.exploitCodeMaturity
vulnerabilities[].scores[].cvss_v3.remediationLevel
vulnerabilities[].scores[].cvss_v3.reportConfidence
vulnerabilities[].scores[].cvss_v3.temporalScore
vulnerabilities[].scores[].cvss_v3.temporalSeverity
vulnerabilities[].scores[].cvss_v3.confidentialityRequirement
vulnerabilities[].scores[].cvss_v3.integrityRequirement
vulnerabilities[].scores[].cvss_v3.availabilityRequirement
vulnerabilities[].scores[].cvss_v3.modifiedAttackVector
vulnerabilities[].scores[].cvss_v3.modifiedAttackComplexity
vulnerabilities[].scores[].cvss_v3.modifiedPrivilegesRequired
vulnerabilities[].scores[].cvss_v3.modifiedUserInteraction
vulnerabilities[].scores[].cvss_v3.modifiedScope
vulnerabilities[].scores[].cvss_v3.modifiedConfidentialityImpact
vulnerabilities[].scores[].cvss_v3.modifiedIntegrityImpact
vulnerabilities[].scores[].cvss_v3.modifiedAvailabilityImpact
vulnerabilities[].scores[].cvss_v3.environmentalScore
vulnerabilities[].scores[].cvss_v3.environmentalSeverity
vulnerabilities[].scores[].products Specifies a list of product_ids to give context to the parent item.
vulnerabilities[].scores[].products[] Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
vulnerabilities[].threats Contains information about a vulnerability that can change with time.
vulnerabilities[].threats[] Contains the vulnerability kinetic information. This information can change as the vulnerability ages and new information becomes available.
vulnerabilities[].threats[].category Categorizes the threat according to the rules of the specification.
vulnerabilities[].threats[].date Contains the date when the assessment was done or the threat appeared.
vulnerabilities[].threats[].details Represents a thorough human-readable discussion of the threat.
vulnerabilities[].threats[].group_ids Specifies a list of product_group_ids to give context to the parent item.
vulnerabilities[].threats[].group_ids[] Token required to identify a group of products so that it can be referred to from other parts in the document. There is no predefined or required format for the product_group_id as long as it uniquely identifies a group in the context of the current document. CSAFGID-0001, CSAFGID-0002, CSAFGID-0020
vulnerabilities[].threats[].product_ids Specifies a list of product_ids to give context to the parent item.
vulnerabilities[].threats[].product_ids[] Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document. CSAFPID-0004, CSAFPID-0008
vulnerabilities[].title Gives the document producer the ability to apply a canonical name or title to the vulnerability.

Full list of extended template attributes

This is the full list of document properties that were added to allow the desired preview. They are implemented in app/lib/shared/Core/entities/DocumentEntity.js.

Attribute Description
document.max_base_score The maximum baseScore of all vulnerabilities[].scores.
document.notes_summary[] Contains notes of category summary which are specific to the current context.
document.notes_details[] Contains notes of category details which are specific to the current context.
document.notes_general[] Contains notes of category general which are specific to the current context.
document.notes_description[] Contains notes of category description which are specific to the current context.
document.notes_other[] Contains notes of category other which are specific to the current context.
document.notes_faq[] Contains notes of category faq which are specific to the current context.
document.notes_legal_disclaimer[] Contains notes of category legal_disclaimer which are specific to the current context.
document.notes_unknown[] Contains notes of unknown category which are specific to the current context.
product_tree.product_groups[].product_ids[].id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.
product_tree.product_groups[].product_ids[].name The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.
vulnerabilities[].notes_summary[] Contains notes of category summary which are specific to the current context.
vulnerabilities[].notes_details[] Contains notes of category details which are specific to the current context.
vulnerabilities[].notes_general[] Contains notes of category general which are specific to the current context.
vulnerabilities[].notes_description[] Contains notes of category description which are specific to the current context.
vulnerabilities[].notes_other[] Contains notes of category other which are specific to the current context.
vulnerabilities[].notes_faq[] Contains notes of category faq which are specific to the current context.
vulnerabilities[].notes_legal_disclaimer[] Contains notes of category legal_disclaimer which are specific to the current context.
vulnerabilities[].notes_unknown[] Contains notes of unknown category which are specific to the current context.
vulnerabilities[].product_status.known_affected[].id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.
vulnerabilities[].product_status.known_affected[].name The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.
vulnerabilities[].product_status.known_affected[].vectorString The vectorString of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.known_affected[].baseScore The baseScore of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.first_affected[].id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.
vulnerabilities[].product_status.first_affected[].name The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.
vulnerabilities[].product_status.first_affected[].vectorString The vectorString of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.first_affected[].baseScore The baseScore of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.last_affected[].id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.
vulnerabilities[].product_status.last_affected[].name The value should be the prduct’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.
vulnerabilities[].product_status.last_affected[].vectorString The vectorString of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.last_affected[].baseScore The baseScore of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.known_not_affected[].id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.
vulnerabilities[].product_status.known_not_affected[].name The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.
vulnerabilities[].product_status.known_not_affected[].vectorString The vectorString of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.known_not_affected[].baseScore The baseScore of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.recommended[].id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.
vulnerabilities[].product_status.recommended[].name The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.
vulnerabilities[].product_status.recommended[].vectorString The vectorString of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.recommended[].baseScore The baseScore of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.fixed[].id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.
vulnerabilities[].product_status.fixed[].name The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.
vulnerabilities[].product_status.fixed[].vectorString The vectorString of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.fixed[].baseScore The baseScore of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.first_fixed[].id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.
vulnerabilities[].product_status.first_fixed[].name The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.
vulnerabilities[].product_status.first_fixed[].vectorString The vectorString of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.first_fixed[].baseScore The baseScore of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.under_investigation[].id Token required to identify a full_product_name so that it can be referred to from other parts in the document. There is no predefined or required format for the product_id as long as it uniquely identifies a product in the context of the current document.
vulnerabilities[].product_status.under_investigation[].name The value should be the product’s full canonical name, including version number and other attributes, as it would be used in a human-friendly document.
vulnerabilities[].product_status.under_investigation[].vectorString The vectorString of the score in which this product_status is referenced by id.
vulnerabilities[].product_status.under_investigation[].baseScore The baseScore of the score in which this product_status is referenced by id.
vulnerabilities[].remediations_vendor_fix Remediations of category vendor_fix sorted by date.
vulnerabilities[].remediations_mitigation Remediations of category mitigation sorted by date.
vulnerabilities[].remediations_workaround Remediations of category workaround sorted by date.
vulnerabilities[].remediations_none_available Remediations of category none_available sorted by date.
vulnerabilities[].remediations_no_fix_planned Remediations of category no_fix_planned sorted by date.
vulnerabilities[].remediations_unknown Remediations of unknown category sorted by date.
vulnerabilities[].threats_exploit_status Threats of category exploit_status sorted by date.
vulnerabilities[].threats_impact Threats of category impact sorted by date.
vulnerabilities[].threats_target_set Threats of category target_set sorted by date.
vulnerabilities[].threats_unknown Threats of unknown category sorted by date.