diff --git a/objects/vulnerability/definition.json b/objects/vulnerability/definition.json
index 338b78a..5630f2c 100644
--- a/objects/vulnerability/definition.json
+++ b/objects/vulnerability/definition.json
@@ -10,45 +10,68 @@
   ],
   "attributes": {
     "id": {
-      "description": "Vulnerability ID (generally CVE, but not necessarely)",
-      "ui-priority": 1,
-      "misp-attribute": "vulnerability"
+      "description": "Vulnerability ID (generally CVE, but not necessarely). The id is not required as the object itself has an UUID and the CVE id can updated later.",
+      "ui-priority": 0,
+      "misp-attribute": "vulnerability",
+      "multiple": true
     },
     "text": {
       "description": "Description of the vulnerability",
-      "ui-priority": 1,
+      "ui-priority": 0,
       "misp-attribute": "text"
     },
     "summary": {
       "description": "Summary of the vulnerability",
-      "ui-priority": 1,
+      "ui-priority": 0,
       "misp-attribute": "text"
     },
     "vulnerable_configuration": {
       "description": "The vulnerable configuration is described in CPE format",
       "multiple": true,
-      "ui-priority": 1,
+      "ui-priority": 0,
       "misp-attribute": "text"
     },
     "modified": {
       "description": "Last modification date",
       "ui-priority": 0,
-      "misp-attribute": "datetime"
+      "misp-attribute": "datetime",
+      "disable_correlation": true
     },
     "published": {
       "description": "Initial publication date",
       "ui-priority": 0,
-      "misp-attribute": "datetime"
+      "misp-attribute": "datetime",
+      "disable_correlation": true
+    },
+    "created": {
+      "description": "First time when the vulnerability was discovered",
+      "ui-priority": 0,
+      "misp-attribute": "datetime",
+      "disable_correlation": true
     },
     "references": {
       "description": "External references",
       "multiple": true,
-      "ui-priority": 1,
+      "ui-priority": 0,
       "misp-attribute": "link"
+    },
+    "state": {
+      "description": "State of the vulnerability. A vulnerability can have multiple states depending of the current actions performed.",
+      "multiple": true,
+      "ui-priority": 0,
+      "sane_default": [
+        "Published",
+        "Embargo",
+        "Reviewed",
+        "Vulnerability ID Assigned",
+        "Reported",
+        "Fixed"
+      ],
+      "disable_correlation": true
     }
   },
-  "version": 2,
-  "description": "Vulnerability object describing common vulnerability enumeration",
+  "version": 3,
+  "description": "Vulnerability object describing a common vulnerability enumeration which can describe unpublished, under review or embargo vulnerability for software, equipments or hardware.",
   "meta-category": "network",
   "uuid": "81650945-f186-437b-8945-9f31715d32da",
   "name": "vulnerability"