Censys · Schema

CVSSv4_Components

CVSSv4_Components schema from Asset Graph API

SecurityInternet IntelligenceAttack Surface ManagementThreat HuntingCyber Threat IntelligenceOSINTInternet ScanningCertificatesAsset Discovery

Properties

Name Type Description
attack_complexity string Indicates conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. The Attack Complexity metric is scored as either Low or High. There are two possible values: L
attack_requirements string
attack_vector string Indicates the level of access required for an attacker to exploit the vulnerability. The Attack Vector metric is scored in one of four levels: Network (N) – Vulnerabilities with this rating are remote
automatable string
availability string If an attack renders information unavailable, such as when a system crashes or through a DDoS attack, availability is negatively impacted. Availability has three possible values: None (N) – There is n
confidentiality string Refers to the disclosure of sensitive information to authorized and unauthorized users, with the goal being that only authorized users are able to access the target data. Confidentiality has three pot
integrity string Refers to whether the protected information has been tampered with or changed in any way. If there is no way for an attacker to alter the accuracy or completeness of the information, integrity has bee
privileges_required string Describes the level of privileges or access an attacker must have before successful exploitation. There are three possible values: None (N) – There is no privilege or special access required to conduc
provider_urgency string
recovery string
safety string
user_interaction string Describes whether a user, other than the attacker, is required to do anything or participate in exploitation of the vulnerability. User interaction has two possible values: None (N) – No user interact
value_density string
vulnerability_response_effort string
View JSON Schema on GitHub

JSON Schema

asset-graph-cvssv4-components-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/censys/refs/heads/main/json-schema/asset-graph-cvssv4-components-schema.json",
  "title": "CVSSv4_Components",
  "description": "CVSSv4_Components schema from Asset Graph API",
  "type": "object",
  "properties": {
    "attack_complexity": {
      "description": "Indicates conditions beyond the attacker\u2019s control that must exist in order to exploit the vulnerability. The Attack Complexity metric is scored as either Low or High. There are two possible values: Low (L) \u2013 There are no specific pre-conditions required for exploitation, High (H) \u2013 The attacker must complete some number of preparatory steps in order to get access.",
      "enum": [
        "",
        "low",
        "high"
      ],
      "type": "string"
    },
    "attack_requirements": {
      "enum": [
        "",
        "none",
        "present"
      ],
      "type": "string"
    },
    "attack_vector": {
      "description": "Indicates the level of access required for an attacker to exploit the vulnerability. The Attack Vector metric is scored in one of four levels: Network (N) \u2013 Vulnerabilities with this rating are remotely exploitable, from one or more hops away, up to, and including, remote exploitation over the Internet, Adjacent (A) \u2013 A vulnerability with this rating requires network adjacency for exploitation. The attack must be launched from the same physical or logical network, Local (L) \u2013 Vulnerabilities with this rating are not exploitable over a network, Physical (P) \u2013 An attacker must physically interact with the target system.",
      "enum": [
        "",
        "network",
        "adjacent",
        "local",
        "physical"
      ],
      "type": "string"
    },
    "automatable": {
      "enum": [
        "",
        "no",
        "yes"
      ],
      "type": "string"
    },
    "availability": {
      "description": "If an attack renders information unavailable, such as when a system crashes or through a DDoS attack, availability is negatively impacted. Availability has three possible values: None (N) \u2013 There is no loss of availability, Low (L) \u2013 Availability might be intermittently limited, or performance might be negatively impacted, as a result of a successful attack, High (H) \u2013 There is a complete loss of availability of the impacted system or information.",
      "enum": [
        "",
        "none",
        "low",
        "high"
      ],
      "type": "string"
    },
    "confidentiality": {
      "description": "Refers to the disclosure of sensitive information to authorized and unauthorized users, with the goal being that only authorized users are able to access the target data. Confidentiality has three potential values: High (H) \u2013 The attacker has full access to all resources in the impacted system, including highly sensitive information such as encryption keys, Low (L) \u2013 The attacker has partial access to information, with no control over what, specifically, they are able to access, None (N) \u2013 No data is accessible to unauthorized users as a result of the exploit.",
      "enum": [
        "",
        "none",
        "low",
        "high"
      ],
      "type": "string"
    },
    "integrity": {
      "description": "Refers to whether the protected information has been tampered with or changed in any way. If there is no way for an attacker to alter the accuracy or completeness of the information, integrity has been maintained. Integrity has three values: None (N) \u2013 There is no loss of the integrity of any information, Low (L) \u2013 A limited amount of information might be tampered with or modified, but there is no serious impact on the protected system, High (H) \u2013 The attacker can modify any/all information on the target system, resulting in a complete loss of integrity.",
      "enum": [
        "",
        "none",
        "low",
        "high"
      ],
      "type": "string"
    },
    "privileges_required": {
      "description": "Describes the level of privileges or access an attacker must have before successful exploitation. There are three possible values: None (N) \u2013 There is no privilege or special access required to conduct the attack, Low (L) \u2013 The attacker requires basic, \u201cuser\u201d level privileges to leverage the exploit, High (H) \u2013 Administrative or similar access privileges are required for successful attack.",
      "enum": [
        "",
        "none",
        "low",
        "high"
      ],
      "type": "string"
    },
    "provider_urgency": {
      "enum": [
        "",
        "clear",
        "green",
        "amber",
        "red"
      ],
      "type": "string"
    },
    "recovery": {
      "enum": [
        "",
        "automatic",
        "user",
        "irrecoverable"
      ],
      "type": "string"
    },
    "safety": {
      "enum": [
        "",
        "negligible",
        "present"
      ],
      "type": "string"
    },
    "user_interaction": {
      "description": "Describes whether a user, other than the attacker, is required to do anything or participate in exploitation of the vulnerability. User interaction has two possible values: None (N) \u2013 No user interaction is required, Required (R) \u2013 A user must complete some steps for the exploit to succeed. For example, a user might be required to install some software.",
      "enum": [
        "",
        "none",
        "required"
      ],
      "type": "string"
    },
    "value_density": {
      "enum": [
        "",
        "diffuse",
        "concentrated"
      ],
      "type": "string"
    },
    "vulnerability_response_effort": {
      "enum": [
        "",
        "low",
        "moderate",
        "high"
      ],
      "type": "string"
    }
  },
  "additionalProperties": false
}