{ "$id": "https://raw.githubusercontent.com/muchdogesec/stix2extensions/main/schemas/properties/vulnerability-opencti.json", "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "vulnerability-opencti", "description": "This extension adds OpenCTI-specific properties to STIX Vulnerability SDOs, including CVSS v2/v3/v4 metrics, CWE, CISA KEV, and EPSS.", "type": "object", "allOf": [ { "$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/master/schemas/sdos/vulnerability.json" }, { "properties": { "extensions": { "type": "object", "properties": { "extension-definition--ec658473-1319-53b4-879f-488e47805554": { "type": "object", "properties": { "extension_type": { "enum": [ "toplevel-property-extension" ] } }, "required": ["extension_type"] } }, "required": ["extension-definition--ec658473-1319-53b4-879f-488e47805554"] }, "x_opencti_cvss_v2_base_score": { "type": "number", "minimum": 0, "maximum": 10, "description": "CVSS v2 Base Score (0.0–10.0).", "examples": [8.5] }, "x_opencti_cvss_v2_temporal_score": { "type": "number", "minimum": 0, "maximum": 10, "description": "CVSS v2 Temporal Score (0.0–10.0), reflecting exploit code maturity, remediation, and report confidence at a point in time.", "examples": [8.5] }, "x_opencti_cvss_v2_vector_string": { "type": "string", "description": "CVSS v2 vector string", "examples": ["AV:N/AC:L/Au:N/C:P/I:P/A:P"] }, "x_opencti_cvss_v2_access_vector": { "type": "string", "description": "CVSS v2 Access Vector (AV). Not required if vector string passed.", "enum": ["NETWORK","ADJACENT_NETWORK","LOCAL"] }, "x_opencti_cvss_v2_access_complexity": { "type": "string", "description": "CVSS v2 Access Complexity (AC). Not required if vector string passed.", "enum": ["HIGH","MEDIUM","LOW"] }, "x_opencti_cvss_v2_authentication": { "type": "string", "description": "CVSS v2 Authentication (Au). Not required if vector string passed.", "enum": ["MULTIPLE","SINGLE","NONE"] }, "x_opencti_cvss_v2_confidentiality_impact": { "type": "string", "description": "CVSS v2 Confidentiality Impact (C). Not required if vector string passed.", "enum": ["NONE","PARTIAL","COMPLETE"] }, "x_opencti_cvss_v2_integrity_impact": { "type": "string", "description": "CVSS v2 Integrity Impact (I). Not required if vector string passed.", "enum": ["NONE","PARTIAL","COMPLETE"] }, "x_opencti_cvss_v2_availability_impact": { "type": "string", "description": "CVSS v2 Availability Impact (A). Not required if vector string passed.", "enum": ["NONE","PARTIAL","COMPLETE"] }, "x_opencti_cvss_v2_exploitability": { "type": "string", "description": "CVSS v2 Temporal metric: Exploitability", "enum": ["UNPROVEN","PROOF_OF_CONCEPT","FUNCTIONAL","HIGH","NOT_DEFINED"] }, "x_opencti_cvss_v2_remediation_level": { "type": "string", "description": "CVSS v2 Temporal metric: Remediation Level", "enum": ["OFFICIAL_FIX","TEMPORARY_FIX","WORKAROUND","UNAVAILABLE","NOT_DEFINED"] }, "x_opencti_cvss_v2_report_confidence": { "type": "string", "description": "CVSS v2 Temporal metric: Report Confidence", "enum": ["UNCONFIRMED","UNCORROBORATED","CONFIRMED","NOT_DEFINED"] }, "x_opencti_cvss_base_score": { "type": "number", "minimum": 0, "maximum": 10, "description": "CVSS v3.x Base Score (0.0–10.0).", "examples": [8.5] }, "x_opencti_cvss_temporal_score": { "type": "number", "minimum": 0, "maximum": 10, "description": "CVSS v3.x Temporal Score (0.0–10.0), incorporating exploit code maturity, remediation level, and report confidence.", "examples": [8.5] }, "x_opencti_cvss_vector_string": { "type": "string", "description": "CVSS v3.x vector string", "examples": ["CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"] }, "x_opencti_cvss_base_severity": { "type": "string", "description": "CVSS v3.x Base Severity.", "enum": ["NONE","LOW","MEDIUM","HIGH","CRITICAL"] }, "x_opencti_cvss_attack_vector": { "type": "string", "description": "CVSS v3.x Attack Vector (AV). Not required if vector string passed.", "enum": ["NETWORK","ADJACENT_NETWORK","LOCAL","PHYSICAL"] }, "x_opencti_cvss_attack_complexity": { "type": "string", "description": "CVSS v3.x Attack Complexity (AC). Not required if vector string passed.", "enum": ["HIGH","LOW"] }, "x_opencti_cvss_privileges_required": { "type": "string", "description": "CVSS v3.x Privileges Required (PR). Not required if vector string passed.", "enum": ["HIGH","LOW","NONE"] }, "x_opencti_cvss_user_interaction": { "type": "string", "description": "CVSS v3.x User Interaction (UI). Not required if vector string passed.", "enum": ["NONE","REQUIRED"] }, "x_opencti_cvss_scope": { "type": "string", "description": "CVSS v3.x Scope (S). Not required if vector string passed.", "enum": ["UNCHANGED","CHANGED"] }, "x_opencti_cvss_confidentiality_impact": { "type": "string", "description": "CVSS v3.x Confidentiality Impact (C). Not required if vector string passed.", "enum": ["N","L","H"] }, "x_opencti_cvss_integrity_impact": { "type": "string", "description": "CVSS v3.x Integrity Impact (I). Not required if vector string passed.", "enum": ["NONE","LOW","HIGH"] }, "x_opencti_cvss_availability_impact": { "type": "string", "description": "CVSS v3.x Availability Impact (A). Not required if vector string passed.", "enum": ["NONE","LOW","HIGH"] }, "x_opencti_cvss_exploit_code_maturity": { "type": "string", "description": "CVSS v3.x Temporal metric: Exploit Code Maturity.", "enum": ["UNPROVEN","PROOF_OF_CONCEPT","FUNCTIONAL","HIGH","NOT_DEFINED" ] }, "x_opencti_cvss_remediation_level": { "type": "string", "description": "CVSS v3.x Temporal metric: Remediation Level.", "enum": ["OFFICIAL_FIX","TEMPORARY_FIX","WORKAROUND","UNAVAILABLE","NOT_DEFINED"] }, "x_opencti_cvss_report_confidence": { "type": "string", "description": "CVSS v3.x Temporal metric: Report Confidence.", "enum": ["UNKNOWN","REASONABLE","CONFIRMED","NOT_DEFINED"] }, "x_opencti_cvss_v4_base_score": { "type": "number", "minimum": 0, "maximum": 10, "description": "CVSS v4.0 Base Score (0.0–10.0).", "examples": [8.5] }, "x_opencti_cvss_v4_vector_string": { "type": "string", "description": "CVSS v4.0 vector string", "examples": ["CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H"] }, "x_opencti_cvss_v4_base_severity": { "type": "string", "description": "CVSS v4.0 Base Severity.", "enum": ["NONE","LOW","MEDIUM","HIGH","CRITICAL"] }, "x_opencti_cvss_v4_attack_vector": { "type": "string", "description": "CVSS v4.0 Attack Vector (AV). Not required if vector string passed.", "enum": ["NETWORK","ADJACENT","LOCAL","PHYSICAL"] }, "x_opencti_cvss_v4_attack_complexity": { "type": "string", "description": "CVSS v4.0 Attack Complexity (AC). Not required if vector string passed.", "enum": ["HIGH","LOW"] }, "x_opencti_cvss_v4_attack_requirements": { "type": "string", "description": "CVSS v4.0 Attack Requirements (AT). Not required if vector string passed.", "enum": ["NONE","PRESENT"] }, "x_opencti_cvss_v4_privileges_required": { "type": "string", "description": "CVSS v4.0 Privileges Required (PR). Not required if vector string passed.", "enum": ["HIGH","LOW","NONE"] }, "x_opencti_cvss_v4_user_interaction": { "type": "string", "description": "CVSS v4.0 User Interaction (UI). Not required if vector string passed.", "enum": ["NONE","PASSIVE","ACTIVE"] }, "x_opencti_cvss_v4_confidentiality_impact_v": { "type": "string", "description": "CVSS v4.0 Vulnerable System Confidentiality (VC). Not required if vector string passed.", "enum": ["NONE","LOW","HIGH"] }, "x_opencti_cvss_v4_confidentiality_impact_s": { "type": "string", "description": "CVSS v4.0 Subsequent System Confidentiality (SC). Not required if vector string passed.", "enum": ["NONE","LOW","HIGH"] }, "x_opencti_cvss_v4_integrity_impact_v": { "type": "string", "description": "CVSS v4.0 Vulnerable System Integrity (VI). Not required if vector string passed.", "enum": ["NONE","LOW","HIGH"] }, "x_opencti_cvss_v4_integrity_impact_s": { "type": "string", "description": "CVSS v4.0 Subsequent System Integrity (SI). Not required if vector string passed.", "enum": ["NONE","LOW","HIGH"] }, "x_opencti_cvss_v4_availability_impact_v": { "type": "string", "description": "CVSS v4.0 Vulnerable System Availability (VA). Not required if vector string passed.", "enum": ["NONE","LOW","HIGH"] }, "x_opencti_cvss_v4_availability_impact_s": { "type": "string", "description": "CVSS v4.0 Subsequent System Availability (SA). Not required if vector string passed.", "enum": ["NONE","LOW","HIGH"] }, "x_opencti_cvss_v4_exploit_maturity": { "type": "string", "description": "CVSS v4.0 Supplemental: Exploit Maturity.", "enum": ["UNREPORTED","PROOF_OF_CONCEPT","ATTACKED","NOT_DEFINED"] }, "x_opencti_cwe": { "type": "string", "description": "Primary CWE identifier associated with the vulnerability.", "examples": ["CWE-79"] }, "x_opencti_cisa_kev": { "type": "boolean", "description": "True if the CVE is listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog; otherwise false.", "examples": [true] }, "x_opencti_epss_score": { "type": "number", "minimum": 0, "maximum": 1, "description": "EPSS score (0.0–1.0) estimating the probability of exploitation in the wild.", "examples": [0.11] }, "x_opencti_epss_percentile": { "type": "number", "minimum": 0, "maximum": 1, "description": "EPSS percentile (0.0–1.0) indicating how the EPSS score ranks relative to other vulnerabilities.", "examples": [0.11] } } } ] }