{
  "requiredOneOf": [
    "published",
    "modified",
    "references",
    "vulnerable_configuration",
    "summary",
    "description",
    "id"
  ],
  "attributes": {
    "id": {
      "description": "Vulnerability ID (generally CVE, but not necessarely). The id is not required as the object itself has an UUID and the CVE id can be update or assigned later.",
      "ui-priority": 0,
      "misp-attribute": "text",
      "multiple": true
    },
    "description": {
      "description": "Description of the vulnerability",
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "summary": {
      "description": "Summary of the vulnerability",
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "vulnerable_configuration": {
      "description": "The vulnerable configuration is described in CPE format",
      "multiple": true,
      "ui-priority": 0,
      "misp-attribute": "text"
    },
    "modified": {
      "description": "Last modification date",
      "ui-priority": 0,
      "misp-attribute": "datetime",
      "disable_correlation": true
    },
    "published": {
      "description": "Initial publication date",
      "ui-priority": 0,
      "misp-attribute": "datetime",
      "disable_correlation": true
    },
    "created": {
      "description": "First time when the vulnerability was discovered",
      "ui-priority": 0,
      "misp-attribute": "datetime",
      "disable_correlation": true
    },
    "references": {
      "description": "External references",
      "multiple": true,
      "ui-priority": 0,
      "misp-attribute": "link"
    },
    "state": {
      "description": "State of the vulnerability. A vulnerability can have multiple states depending of the current actions performed.",
      "multiple": true,
      "ui-priority": 0,
      "sane_default": [
        "Published",
        "Embargo",
        "Reviewed",
        "Vulnerability ID Assigned",
        "Reported",
        "Fixed"
      ],
      "disable_correlation": true,
      "misp-attribute": "text"
    },
    "cvss-score": {
      "description": "Score of the Common Vulnerability Scoring System (version 3).",
      "ui-priority": 1,
      "disable_correlation": true,
      "misp-attribute": "float"
    },
    "cvss-string": {
      "description": "String of the Common Vulnerability Scoring System (version 3).",
      "ui-priority": 1,
      "disable_correlation": true,
      "misp-attribute": "text"
    },
    "credit": {
      "description": "Who reported/found the vulnerability such as an organisation, person or nickname.",
      "ui-priority": 0,
      "disable_correlation": true,
      "misp-attribute": "text",
      "multiple": true
    }
  },
  "version": 5,
  "description": "Vulnerability object describing a common vulnerability enumeration which can describe published, unpublished, under review or embargo vulnerability for software, equipments or hardware.",
  "meta-category": "vulnerability",
  "uuid": "81650945-f186-437b-8945-9f31715d32da",
  "name": "vulnerability"
}