diff --git a/rfds/0459-SSVC-2-0-0-add.md b/rfds/0459-SSVC-2-0-0-add.md
new file mode 100644
index 0000000000..185c2da7b4
--- /dev/null
+++ b/rfds/0459-SSVC-2-0-0-add.md
@@ -0,0 +1,173 @@
+# Adding SSVC 2.0.0 as optional structured metrics to CVE metrics block
+
+| Field | Value |
+|:-----------------|:-------|
+| RFD Submitter | Vijay Sarvepalli (CERT/CC) |
+| RFD Pull Request | [RFD #0459](https://github.com/CVEProject/cve-schema/pull/459) |
+
+## Summary
+[summary]: #summary
+
+This proposal adds support for ** Stakeholder-Specific Vulnerability Categorization (SSVC) 2.0.0** as an optional structured element under the CVE `metrics` block.
+
+Currently, SSVC data is included inconsistently in the unstructured `"other"` field, which limits its machine readability, interoperability, and adoption. By providing a formal schema location for SSVC, CVE Records will be able to more reliably capture and distribute this emerging prioritization framework.
+
+Note: this proposal was previously approved in a QWG chaired by Jay Jacobs and Chris Coffin around December 2024 and initially merged in Jan 17 2025, but continued to evolve as SSVC has continued to evolve.
+
+## Problem Statement
+[problem-statement]: #problem-statement
+
+- SSVC is operationally used by organizations (e.g., CISA, VulnCheck, CERT/CC) to prioritize vulnerability response.
+- Today, SSVC values are often published only in custom structured, reducing consistency and limiting automated analysis.
+- Embedding SSVC data in the `"other"` field of CVE Records creates barriers to adoption:
+ - Lack of machine readability and tooling support.
+ - Inconsistent implementations across CNAs and ADPs.
+ - Increased cost for downstream consumers to parse and normalize data.
+
+Without a structured, standardized location in the CVE schema, SSVC cannot fulfill its intended role as a practical complement to CVSS and other metrics.
+
+## Proposed Solution
+[proposed-solution]: #proposed-solution
+
+- Add an optional `ssvc` object under the `metrics` block of the CVE Record schema.
+- Specify versioned support (both schema versions 1.0.0 and 2.0.0 are included).
+- Ensure fields capture the core SSVC decision points and outcomes in a standardized way.
+- Maintain backwards compatibility with existing CVE Records (non-breaking change).
+
+This ensures that CVE Records can cleanly incorporate SSVC alongside other structured metrics such as CVSS and EPSS.
+
+## Examples
+[examples]: #examples
+
+The test-cases for PR [#459](https://github.com/CVEProject/cve-schema/pull/459) illustrate how SSVC data can be expressed. For example:
+
+https://certcc.github.io/SSVC/data/schema_examples/CVE-1900-1234-Decision_Point_Value_Selection-2-0-0.json
+A minimal record looks like below
+```json
+{
+ "timestamp": "2021-09-29T15:29:44Z",
+ "schemaVersion": "2.0.0",
+ "selections": [
+ {
+ "namespace": "ssvc",
+ "key": "E",
+ "version": "1.1.0",
+ "values": [
+ {"key": "A"}
+ ]
+ }
+ ]
+}
+```
+
+A more advanced record looks like below for a similar infomration
+
+```json
+{
+ "timestamp": "2021-09-29T15:29:44Z",
+ "schemaVersion": "2.0.0",
+ "selections": [
+ {
+ "namespace": "ssvc",
+ "key": "E",
+ "version": "1.1.0",
+ "values": [
+ {"key": "A"}
+ ]
+ },
+ {
+ "namespace": "ssvc",
+ "name": "Automatable",
+ "key": "A",
+ "version": "2.0.0",
+ "values": [
+ {"name": "Yes", "key": "Y"}
+ ]
+ },
+ {
+ "namespace": "ssvc",
+ "name": "Technical Impact",
+ "key": "TI",
+ "version": "1.0.0",
+ "values": [
+ {"name": "Total","key":"T"}
+ ]
+ }
+ ],
+ "decision_point_resources": [{
+ "summary": "A JSON file containing SSVC update to Exploitation Decision Point",
+ "uri": "https://certcc.github.io/SSVC/data/json/decision_points/ssvc/exploitation_1_1_0.json"
+ }],
+ "references": [{
+ "summary": "An exploitation example was published for this vulnerability",
+ "uri": "https://example.com/report"
+ }]
+}
+```
+
+## Impact Assessment
+[impact-assessment]: #impact-assessment
+
+For CNAs/ADPs: Provides a formal schema location to include SSVC, reducing ambiguity and effort in data publication.
+
+For Consumers: Simplifies automated ingestion of SSVC data, reducing the need for scraping or custom parsers.
+
+For the CVE Program: Strengthens the role of CVE Records as a hub for standardized vulnerability metadata, aligning with the needs of defenders and decision-makers.
+
+## Compatibility and Migration
+[compatibility-and-migration]: #compatibility-and-migration
+
+Backwards compatible: Existing CVE Records and tooling remain unaffected.
+
+Adoption is optional: CNAs/ADPs can choose whether to include SSVC.
+
+Migration path: CNAs currently embedding SSVC in "other" fields can gradually shift to using the structured ssvc block.
+
+## Success Metrics [success-metrics]: #success-metrics
+
+RFD will be considered successful if:
+* At least one ADP (e.g., CISA, VulnCheck, CERT/CC) adopts the new structured ssvc block within one year.
+
+* Major consumer tools (CVE Services,vuln enrichment pipelines, dashboards) can automatically parse SSVC data without special parsing logic.
+
+If adoption is slow, additional tooling or guidance may be provided to ease integration.
+
+## Supporting Data or Research
+[supporting-data-or-research]: #supporting-data-or-research
+
+CISA Vulnrichment and VulnCheck both actively publish SSVC prioritization data, but not in a standardized, machine-readable format.
+
+VulnCheck currently has SSVC coverage for 244,866 CVEs, while CISA Vulnrichment covers 64,142 CVEs.
+
+See: Automating SSVC (VulnCheck blog)[[https://www.vulncheck.com/blog/automating-ssvc]
+
+See: SSVC community which captures usage of SSVC in the real-world at (SSVC Dicssions Sightings)[https://github.com/CERTCC/SSVC/discussions/291]
+
+
+## Related Issues or Proposals
+[related-issues-or-proposals]: #related-issues-or-proposals
+
+* CVE Schema discussion on extending metrics beyond CVSS.
+
+* Related work on EPSS and KEV integration into CVE Records.
+
+## Recommended Priority
+[recommended-priority]: #recommended-priority
+
+Medium.
+
+SSVC is not yet universal, but adoption is growing rapidly.
+
+Providing structured schema support now will prevent fragmentation and reduce downstream costs.
+
+## Unresolved Questions
+[unresolved-questions]: #unresolved-questions
+
+No new questions arise except other known concerns in metrics
+
+## Future Possibilities
+[future-possibilities]: #future-possibilities
+
+Tooling for Vulnogram and cveClient to adopt and use SSVC natively
+
+
diff --git a/schema/docs/full-record-advanced-example.json b/schema/docs/full-record-advanced-example.json
index 89ce394fe1..06cda6590b 100644
--- a/schema/docs/full-record-advanced-example.json
+++ b/schema/docs/full-record-advanced-example.json
@@ -1,383 +1,398 @@
{
- "dataType": "CVE_RECORD",
- "dataVersion": "5.1",
- "cveMetadata": {
- "cveId": "CVE-1900-1234",
- "assignerOrgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6",
- "assignerShortName": "example",
- "requesterUserId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6",
- "serial": 1,
- "state": "PUBLISHED"
- },
- "containers": {
- "cna": {
- "providerMetadata": {
- "orgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6",
- "shortName": "example",
- "dateUpdated": "2021-09-08T16:24:00.000Z"
- },
- "title": "Buffer overflow in Example Enterprise allows Privilege Escalation.",
- "datePublic": "2021-09-08T16:24:00.000Z",
- "problemTypes": [
- {
- "descriptions": [
- {
- "lang": "en",
- "cweId": "CWE-78",
- "description": "CWE-78 OS Command Injection",
- "type": "CWE"
- }
- ]
- }
- ],
- "impacts": [
- {
- "capecId": "CAPEC-233",
- "descriptions": [
- {
- "lang": "en",
- "value": "CAPEC-233 Privilege Escalation"
- }
- ]
- }
- ],
- "affected": [
- {
- "vendor": "Example.org",
- "product": "Example Enterprise",
- "platforms": [
- "Windows",
- "MacOS",
- "XT-4500"
- ],
- "collectionURL": "https://example.org/packages",
- "packageName": "example_enterprise",
- "repo": "git://example.org/source/example_enterprise",
- "modules": [
- "Web-Management-Interface"
- ],
- "programFiles": [
- "example_enterprise/example.php"
- ],
- "programRoutines": [
- {
- "name": "parseFilename"
- }
- ],
- "versions": [
- {
- "version": "1.0.0",
- "status": "affected",
- "lessThan": "1.0.6",
- "versionType": "semver"
- },
- {
- "version": "2.1.0",
- "status": "unaffected",
- "lessThan": "2.1.*",
- "changes": [
- {
- "at": "2.1.6",
- "status": "affected"
- },
- {
- "at": "2.1.9",
- "status": "unaffected"
- }
- ],
- "versionType": "semver"
- },
- {
- "version": "3.0.0",
- "status": "unaffected",
- "lessThan": "*",
- "versionType": "semver"
- }
- ],
- "defaultStatus": "unaffected"
- }
- ],
- "cpeApplicability": [
- {
- "operator": "AND",
- "nodes": [
- {
- "operator": "OR",
- "negate": false,
- "cpeMatch": [
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:example_org:example_enterprise:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "1.0.0",
- "versionEndExcluding": "1.0.6"
- },
- {
- "vulnerable": true,
- "criteria": "cpe:2.3:a:example_org:example_enterprise:*:*:*:*:*:*:*:*",
- "versionStartIncluding": "2.1.6",
- "versionEndExcluding": "2.1.9"
- }
- ]
- },
- {
- "operator": "OR",
- "negate": false,
- "cpeMatch": [
- {
- "vulnerable": false,
- "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*"
- },
- {
- "vulnerable": false,
- "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
- },
- {
- "vulnerable": false,
- "criteria": "cpe:2.3:h:some_company:xt-4500:*:*:*:*:*:*:*:*"
- }
- ]
- }
- ]
- }
- ],
- "descriptions": [
- {
- "lang": "en",
- "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges. This issue affects: 1.0 versions before 1.0.6, 2.1 versions from 2.16 until 2.1.9.",
- "supportingMedia": [
- {
- "type": "text/html",
- "base64": false,
- "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges.
This issue affects:
- 1.0 versions before 1.0.6
- 2.1 versions from 2.16 until 2.1.9.
"
- }
- ]
- },
- {
- "lang": "eo",
- "value": "OS-komand-injekta vundebleco parseFilename funkcio de example.php en la Web Administrado-Interfaco de Example.org Example Enterprise \u0109e Windows, macOS kaj XT-4500 permesas al malproksimaj nea\u016dtentikigitaj atakantoj eskaladi privilegiojn. \u0108i tiu afero efikas: 1.0-versioj anta\u016d 1.0.6, 2.1-versioj de 2.16 \u011dis 2.1.9.",
- "supportingMedia": [
- {
- "type": "text/html",
- "base64": false,
- "value": "OS-komand-injekta vundebleco parseFilename funkcio de example.php en la Web Administrado-Interfaco de Example.org Example Enterprise \u0109e Windows, macOS kaj XT-4500 permesas al malproksimaj nea\u016dtentikigitaj atakantoj eskaladi privilegiojn.
\u0108i tiu afero efikas:
- 1.0-versioj anta\u016d 1.0.6
- 2.1-versioj de 2.16 \u011dis 2.1.9.
"
- }
- ]
- }
- ],
- "metrics": [
- {
- "format": "CVSS",
- "scenarios": [
- {
- "lang": "en",
- "value": "GENERAL"
- }
- ],
- "ssvcV1_0_1": {
- "id": "CVE-1900-1234",
- "selections": [
- {
- "namespace": "ssvc",
- "name": "Exploitation",
- "values": [
- "Public PoC",
- "Active"
- ],
- "version": "1.1.0"
- },
- {
- "namespace": "ssvc",
- "name": "Technical Impact",
- "values": [
- "Total"
- ],
- "version": "1.0.0"
- }
- ],
- "timestamp": "1999-04-23T18:25:43.511Z",
- "schemaVersion": "1-0-1"
- },
- "cvssV4_0": {
- "baseScore": 7.8,
- "baseSeverity": "HIGH",
- "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L",
- "version": "4.0"
- },
- "cvssV3_1": {
- "version": "3.1",
- "attackVector": "NETWORK",
- "attackComplexity": "LOW",
- "privilegesRequired": "NONE",
- "userInteraction": "NONE",
- "scope": "UNCHANGED",
- "confidentialityImpact": "HIGH",
- "integrityImpact": "HIGH",
- "availabilityImpact": "HIGH",
- "baseScore": 9.8,
- "baseSeverity": "CRITICAL",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
- }
- },
- {
- "format": "CVSS",
- "scenarios": [
- {
- "lang": "en",
- "value": "If the enhanced host protection mode is turned on, this vulnerability can only be exploited to run os commands as user 'nobody'. Privilege escalation is not possible."
- }
- ],
- "cvssV3_1": {
- "version": "3.1",
- "attackVector": "NETWORK",
- "attackComplexity": "LOW",
- "privilegesRequired": "NONE",
- "userInteraction": "NONE",
- "scope": "UNCHANGED",
- "confidentialityImpact": "LOW",
- "integrityImpact": "LOW",
- "availabilityImpact": "LOW",
- "baseScore": 7.3,
- "baseSeverity": "HIGH",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
- }
- }
- ],
- "solutions": [
- {
- "lang": "en",
- "value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions.",
- "supportingMedia": [
- {
- "type": "text/html",
- "base64": false,
- "value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions."
- }
- ]
- }
- ],
- "workarounds": [
- {
- "lang": "en",
- "value": "Disable the web management interface with the command\n> service disable webmgmt",
- "supportingMedia": [
- {
- "type": "text/html",
- "base64": false,
- "value": "Disable the web management interface with the command
> service disable webmgmt
"
- }
- ]
- }
- ],
- "configurations": [
- {
- "lang": "en",
- "value": "Web management interface should be enabled.\n> service status webmgmt\nwebmgmt running",
- "supportingMedia": [
- {
- "type": "text/html",
- "base64": false,
- "value": "Web management interface should be enabled.
> service status webmgmt
webmgmt running
"
- }
- ]
- }
- ],
- "exploits": [
- {
- "lang": "en",
- "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available.",
- "supportingMedia": [
- {
- "type": "text/html",
- "base64": false,
- "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available."
- }
- ]
- }
- ],
- "timeline": [
- {
- "time": "2001-09-01T07:31:00.000Z",
- "lang": "en",
- "value": "Issue discovered by Alice using Acme Autofuzz"
- },
- {
- "time": "2021-09-02T16:36:00.000Z",
- "lang": "en",
- "value": "Confirmed by Bob"
- },
- {
- "time": "2021-09-07T16:37:00.000Z",
- "lang": "en",
- "value": "Fixes released"
- }
- ],
- "credits": [
- {
- "lang": "en",
- "value": "Alice",
- "type": "finder"
- },
- {
- "lang": "en",
- "value": "Bob",
- "type": "analyst"
- },
- {
- "lang": "en",
- "value": "Acme Autofuzz",
- "type": "tool"
- }
- ],
- "references": [
- {
- "url": "https://example.org/ESA-22-11-CVE-1900-1234",
- "name": "ESA-22-11",
- "tags": [
- "vendor-advisory"
- ]
- },
- {
- "url": "https://example.com/blog/alice/pwning_example_enterprise",
- "name": "Pwning Example Enterprise",
- "tags": [
- "technical-description",
- "third-party-advisory"
- ]
- },
- {
- "url": "https://example.org/bugs/EXAMPLE-1234",
- "name": "EXAMPLE-1234",
- "tags": [
- "issue-tracking"
- ]
- },
- {
- "url": "https://example.org/ExampleEnterprise",
- "tags": [
- "product"
- ]
- }
- ],
- "source": {
- "defects": [
- "EXAMPLE-1234"
- ],
- "advisory": "ESA-22-11",
- "discovery": "EXTERNAL"
- },
- "taxonomyMappings": [
- {
- "taxonomyName": "ATT&CK",
- "taxonomyVersion": "v9",
- "taxonomyRelations": [
- {
- "taxonomyId": "T1190",
- "relationshipName": "mitigated by",
- "relationshipValue": "M1048"
- }
- ]
- }
- ]
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-1900-1234",
+ "assignerOrgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6",
+ "assignerShortName": "example",
+ "requesterUserId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6",
+ "serial": 1,
+ "state": "PUBLISHED"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "b3476cb9-2e3d-41a6-98d0-0f47421a65b6",
+ "shortName": "example",
+ "dateUpdated": "2021-09-08T16:24:00.000Z"
+ },
+ "title": "Buffer overflow in Example Enterprise allows Privilege Escalation.",
+ "datePublic": "2021-09-08T16:24:00.000Z",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "cweId": "CWE-78",
+ "description": "CWE-78 OS Command Injection",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "impacts": [
+ {
+ "capecId": "CAPEC-233",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "CAPEC-233 Privilege Escalation"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "Example.org",
+ "product": "Example Enterprise",
+ "platforms": [
+ "Windows",
+ "MacOS",
+ "XT-4500"
+ ],
+ "collectionURL": "https://example.org/packages",
+ "packageName": "example_enterprise",
+ "repo": "git://example.org/source/example_enterprise",
+ "modules": [
+ "Web-Management-Interface"
+ ],
+ "programFiles": [
+ "example_enterprise/example.php"
+ ],
+ "programRoutines": [
+ {
+ "name": "parseFilename"
+ }
+ ],
+ "versions": [
+ {
+ "version": "1.0.0",
+ "status": "affected",
+ "lessThan": "1.0.6",
+ "versionType": "semver"
+ },
+ {
+ "version": "2.1.0",
+ "status": "unaffected",
+ "lessThan": "2.1.*",
+ "changes": [
+ {
+ "at": "2.1.6",
+ "status": "affected"
+ },
+ {
+ "at": "2.1.9",
+ "status": "unaffected"
+ }
+ ],
+ "versionType": "semver"
+ },
+ {
+ "version": "3.0.0",
+ "status": "unaffected",
+ "lessThan": "*",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "cpeApplicability": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:example_org:example_enterprise:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "1.0.0",
+ "versionEndExcluding": "1.0.6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:example_org:example_enterprise:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.1.6",
+ "versionEndExcluding": "2.1.9"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
+ },
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:some_company:xt-4500:*:*:*:*:*:*:*:*"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges. This issue affects: 1.0 versions before 1.0.6, 2.1 versions from 2.16 until 2.1.9.",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "OS Command Injection vulnerability parseFilename function of example.php in the Web Management Interface of Example.org Example Enterprise on Windows, macOS, and XT-4500 allows remote unauthenticated attackers to escalate privileges.
This issue affects:
- 1.0 versions before 1.0.6
- 2.1 versions from 2.16 until 2.1.9.
"
+ }
+ ]
+ },
+ {
+ "lang": "eo",
+ "value": "OS-komand-injekta vundebleco parseFilename funkcio de example.php en la Web Administrado-Interfaco de Example.org Example Enterprise \u0109e Windows, macOS kaj XT-4500 permesas al malproksimaj nea\u016dtentikigitaj atakantoj eskaladi privilegiojn. \u0108i tiu afero efikas: 1.0-versioj anta\u016d 1.0.6, 2.1-versioj de 2.16 \u011dis 2.1.9.",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "OS-komand-injekta vundebleco parseFilename funkcio de example.php en la Web Administrado-Interfaco de Example.org Example Enterprise \u0109e Windows, macOS kaj XT-4500 permesas al malproksimaj nea\u016dtentikigitaj atakantoj eskaladi privilegiojn.
\u0108i tiu afero efikas:
- 1.0-versioj anta\u016d 1.0.6
- 2.1-versioj de 2.16 \u011dis 2.1.9.
"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ],
+ "ssvcV1_0_1": {
+ "id": "CVE-1900-1234",
+ "selections": [
+ {
+ "namespace": "ssvc",
+ "name": "Exploitation",
+ "values": [
+ "Public PoC",
+ "Active"
+ ],
+ "version": "1.1.0"
+ },
+ {
+ "namespace": "ssvc",
+ "name": "Technical Impact",
+ "values": [
+ "Total"
+ ],
+ "version": "1.0.0"
+ }
+ ],
+ "timestamp": "1999-04-23T18:25:43.511Z",
+ "schemaVersion": "1-0-1"
+ },
+ "ssvcV2_0_0":{
+ "timestamp": "2021-09-29T15:29:44Z",
+ "schemaVersion": "2.0.0",
+ "selections": [
+ {
+ "namespace": "ssvc",
+ "key": "E",
+ "version": "1.1.0",
+ "values": [
+ {"key": "A"}
+ ]
+ }
+ ]
+ },
+
+ "cvssV4_0": {
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L",
+ "version": "4.0"
+ },
+ "cvssV3_1": {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ }
+ },
+ {
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "If the enhanced host protection mode is turned on, this vulnerability can only be exploited to run os commands as user 'nobody'. Privilege escalation is not possible."
+ }
+ ],
+ "cvssV3_1": {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+ }
+ }
+ ],
+ "solutions": [
+ {
+ "lang": "en",
+ "value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions.",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "This issue is fixed in 1.0.6, 2.1.9, and 3.0.0 and all later versions."
+ }
+ ]
+ }
+ ],
+ "workarounds": [
+ {
+ "lang": "en",
+ "value": "Disable the web management interface with the command\n> service disable webmgmt",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Disable the web management interface with the command
> service disable webmgmt
"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "lang": "en",
+ "value": "Web management interface should be enabled.\n> service status webmgmt\nwebmgmt running",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Web management interface should be enabled.
> service status webmgmt
webmgmt running
"
+ }
+ ]
+ }
+ ],
+ "exploits": [
+ {
+ "lang": "en",
+ "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available.",
+ "supportingMedia": [
+ {
+ "type": "text/html",
+ "base64": false,
+ "value": "Example.org is not aware of any malicious exploitation of the issue however exploits targeting this issue are publicly available."
+ }
+ ]
+ }
+ ],
+ "timeline": [
+ {
+ "time": "2001-09-01T07:31:00.000Z",
+ "lang": "en",
+ "value": "Issue discovered by Alice using Acme Autofuzz"
+ },
+ {
+ "time": "2021-09-02T16:36:00.000Z",
+ "lang": "en",
+ "value": "Confirmed by Bob"
+ },
+ {
+ "time": "2021-09-07T16:37:00.000Z",
+ "lang": "en",
+ "value": "Fixes released"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Alice",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "Bob",
+ "type": "analyst"
+ },
+ {
+ "lang": "en",
+ "value": "Acme Autofuzz",
+ "type": "tool"
+ }
+ ],
+ "references": [
+ {
+ "url": "https://example.org/ESA-22-11-CVE-1900-1234",
+ "name": "ESA-22-11",
+ "tags": [
+ "vendor-advisory"
+ ]
+ },
+ {
+ "url": "https://example.com/blog/alice/pwning_example_enterprise",
+ "name": "Pwning Example Enterprise",
+ "tags": [
+ "technical-description",
+ "third-party-advisory"
+ ]
+ },
+ {
+ "url": "https://example.org/bugs/EXAMPLE-1234",
+ "name": "EXAMPLE-1234",
+ "tags": [
+ "issue-tracking"
+ ]
+ },
+ {
+ "url": "https://example.org/ExampleEnterprise",
+ "tags": [
+ "product"
+ ]
+ }
+ ],
+ "source": {
+ "defects": [
+ "EXAMPLE-1234"
+ ],
+ "advisory": "ESA-22-11",
+ "discovery": "EXTERNAL"
+ },
+ "taxonomyMappings": [
+ {
+ "taxonomyName": "ATT&CK",
+ "taxonomyVersion": "v9",
+ "taxonomyRelations": [
+ {
+ "taxonomyId": "T1190",
+ "relationshipName": "mitigated by",
+ "relationshipValue": "M1048"
+ }
+ ]
+ }
+ ]
+ }
}
- }
}