OverviewTopPackageElement
Security Vulnerability ABE UML Documentation
Summary:AttributesPropertiesDetail:Attributes
Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE
Class SecurityVulnerability

An information security "vulnerability" is a mistake in software that can be directly used by a hacker to gain access to a system or network.

CVE considers a mistake a vulnerability if it allows an attacker to use it to violate a reasonable security policy for that system (this excludes excluding entirely "open" security policies in which all users are trusted, or where there is no consideration of risk to the system).

For CVE, a vulnerability is a state in a computing system (or set of systems) that either:

· allows an attacker to execute commands as another user
· allows an attacker to access data that is contrary to the specified access restrictions for that data
· allows an attacker to pose as another entity
· allows an attacker to conduct a denial of service

source: http://cve.mitre.org

Attributes
EntityIdentification _entityIdentification _entityIdentification
SecurityEntity _securityEntity _securityEntity
SecurityEvent _securityEvent _securityEvent
SecurityThreatExploit _securityThreatExploit _securityThreatExploit
SecurityThreatTechnique _securityThreatTechnique _securityThreatTechnique
CommonWeaknessEnumeration _securityVulnerabilityCWEReference _securityVulnerabilityCWEReference
SecurityVulnerabilityFixAction _securityVulnerabilityFixAction _securityVulnerabilityFixAction
SecurityVulnerabilitySoftware _securityVulnerabilitySoftware _securityVulnerabilitySoftware
SecurityVulnerabilityTool _securityVulnerabilityToolConfiguration _securityVulnerabilityToolConfiguration
String cceName cceName

Unique identifier to system configuration issues in order to facilitate fast and accurate correlation of configuration data across multiple information sources and tools. The cceName represents a configuration that makes a resource vulnerable.
String cveName cveName

CVE Identifiers (also called "CVE names," "CVE numbers," "CVE-IDs," and "CVEs") are unique, common identifiers for publicly known information security vulnerabilities. CVE identifiers have "entry" or "candidate" status. Entry status indicates that the CVE Identifier has been accepted to the CVE List while candidate status (also called "candidates," "candidate numbers," or "CANs") indicates that the identifier is under review for inclusion in the list.

source: http://cve.mitre.org

String description description

A brief description of the vulnerability
DateTime disclosureDateTime disclosureDateTime

The date and time the vulnerability was publicly disclosed
DateTime discoveredDateTime discoveredDateTime

The date and time the vulnerability was discovered.
DateTime exploitPublishedDateTime exploitPublishedDateTime

The date and time the exploit for the vulnerability was published.
DateTime lastModifiedDateTime lastModifiedDateTime

The last date and time the vulnerability was updated
DateTime publishedDateTime publishedDateTime

The date and time the vulnerability was published to the public.
«baseType» URI reference reference

URI to amplifying information about the vulnerability
SecurityVulnerabilityCategoryAssignment securityVulnerabilityCategory securityVulnerabilityCategory
String technicalDescription technicalDescription

Details on the technical characteristics of the vulnerability

Properties:
Alias
Classifier Behavior
Is Abstractfalse
Is Activefalse
Is Leaffalse
Keywords
NameSecurityVulnerability
Name Expression
NamespaceSecurity Vulnerability ABE
Owned Template Signature
OwnerSecurity Vulnerability ABE
Owning Template Parameter
PackageSecurity Vulnerability ABE
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability
Representation
Stereotype
Template Parameter
VisibilityPublic

Attribute Details

 _entityIdentification 
Public EntityIdentification _entityIdentification
Constraints:
Properties:

AggregationNone
Alias
AssociationSecurityVulnerabilityRecognizedUsing
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity*
Name_entityIdentification
Name Expression
NamespaceSecurityVulnerability
Opposite_securityVulnerability
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::_entityIdentification
Stereotype
Template Parameter
TypeEntityIdentification
Upper*
Upper Value(*)
VisibilityPublic

 _securityEntity 
Public SecurityEntity _securityEntity
Constraints:
Properties:

AggregationNone
Alias
AssociationSecurityEntityExhibits
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity*
Name_securityEntity
Name Expression
NamespaceSecurityVulnerability
Opposite_securityVulnerability
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::_securityEntity
Stereotype
Template Parameter
TypeSecurityEntity
Upper*
Upper Value(*)
VisibilityPublic

 _securityEvent 
Public SecurityEvent _securityEvent
Constraints:
Properties:

AggregationNone
Alias
AssociationSecurityEventExposes
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity*
Name_securityEvent
Name Expression
NamespaceSecurityVulnerability
Opposite_securityVulnerability
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::_securityEvent
Stereotype
Template Parameter
TypeSecurityEvent
Upper*
Upper Value(*)
VisibilityPublic

 _securityThreatExploit 
Public SecurityThreatExploit _securityThreatExploit
Constraints:
Properties:

AggregationNone
Alias
AssociationSecurityThreatExploitTargets
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity*
Name_securityThreatExploit
Name Expression
NamespaceSecurityVulnerability
Opposite_securityVulnerability
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::_securityThreatExploit
Stereotype
Template Parameter
TypeSecurityThreatExploit
Upper*
Upper Value(*)
VisibilityPublic

 _securityThreatTechnique 
Public SecurityThreatTechnique _securityThreatTechnique
Constraints:
Properties:

AggregationNone
Alias
AssociationSecurityThreatTechniqueTakesAdvantageOf
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity*
Name_securityThreatTechnique
Name Expression
NamespaceSecurityVulnerability
Opposite_securityVulnerability
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::_securityThreatTechnique
Stereotype
Template Parameter
TypeSecurityThreatTechnique
Upper*
Upper Value(*)
VisibilityPublic

 _securityVulnerabilityCWEReference 
Public CommonWeaknessEnumeration _securityVulnerabilityCWEReference
Constraints:
Properties:

AggregationNone
Alias
AssociationCommonWeaknessEnumerationRelatedTo
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity*
Name_securityVulnerabilityCWEReference
Name Expression
NamespaceSecurityVulnerability
Opposite_securityVulnerability
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::_securityVulnerabilityCWEReference
Stereotype
Template Parameter
TypeCommonWeaknessEnumeration
Upper*
Upper Value(*)
VisibilityPublic

 _securityVulnerabilityFixAction 
Public SecurityVulnerabilityFixAction _securityVulnerabilityFixAction
Constraints:
Properties:

AggregationNone
Alias
AssociationSecurityVulnerabilityResolvedBy
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity*
Name_securityVulnerabilityFixAction
Name Expression
NamespaceSecurityVulnerability
Opposite_securityVulnerability
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::_securityVulnerabilityFixAction
Stereotype
Template Parameter
TypeSecurityVulnerabilityFixAction
Upper*
Upper Value(*)
VisibilityPublic

 _securityVulnerabilitySoftware 
Public SecurityVulnerabilitySoftware _securityVulnerabilitySoftware
Constraints:
Properties:

AggregationNone
Alias
AssociationSoftwareVulnerableToSecurityVulnerability
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity*
Name_securityVulnerabilitySoftware
Name Expression
NamespaceSecurityVulnerability
Opposite_securityVulnerability
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::_securityVulnerabilitySoftware
Stereotype
Template Parameter
TypeSecurityVulnerabilitySoftware
Upper*
Upper Value(*)
VisibilityPublic

 _securityVulnerabilityToolConfiguration 
Public SecurityVulnerabilityTool _securityVulnerabilityToolConfiguration
Constraints:
Properties:

AggregationNone
Alias
AssociationSecurityVulnerabilityScannedUsing
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity*
Name_securityVulnerabilityToolConfiguration
Name Expression
NamespaceSecurityVulnerability
Opposite_securityVulnerability
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::_securityVulnerabilityToolConfiguration
Stereotype
Template Parameter
TypeSecurityVulnerabilityTool
Upper*
Upper Value(*)
VisibilityPublic

 cceName 
Public String cceName

Unique identifier to system configuration issues in order to facilitate fast and accurate correlation of configuration data across multiple information sources and tools. The cceName represents a configuration that makes a resource vulnerable.

Constraints:
Properties:

AggregationNone
Alias
Association
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity*
NamecceName
Name Expression
NamespaceSecurityVulnerability
Opposite
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::cceName
Stereotype
Template Parameter
TypeString
Upper*
Upper Value(*)
VisibilityPublic

 cveName 
Public String cveName

CVE Identifiers (also called "CVE names," "CVE numbers," "CVE-IDs," and "CVEs") are unique, common identifiers for publicly known information security vulnerabilities. CVE identifiers have "entry" or "candidate" status. Entry status indicates that the CVE Identifier has been accepted to the CVE List while candidate status (also called "candidates," "candidate numbers," or "CANs") indicates that the identifier is under review for inclusion in the list.

source: http://cve.mitre.org

Constraints:
Properties:

AggregationNone
Alias
Association
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity0..1
NamecveName
Name Expression
NamespaceSecurityVulnerability
Opposite
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::cveName
Stereotype
Template Parameter
TypeString
Upper1
Upper Value(1)
VisibilityPublic

 description 
Public String description

A brief description of the vulnerability

Constraints:
Properties:

AggregationNone
Alias
Association
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity0..1
Namedescription
Name Expression
NamespaceSecurityVulnerability
Opposite
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::description
Stereotype
Template Parameter
TypeString
Upper1
Upper Value(1)
VisibilityPublic

 disclosureDateTime 
Public DateTime disclosureDateTime

The date and time the vulnerability was publicly disclosed

Constraints:
Properties:

AggregationNone
Alias
Association
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity0..1
NamedisclosureDateTime
Name Expression
NamespaceSecurityVulnerability
Opposite
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::disclosureDateTime
Stereotype
Template Parameter
TypeDateTime
Upper1
Upper Value(1)
VisibilityPublic

 discoveredDateTime 
Public DateTime discoveredDateTime

The date and time the vulnerability was discovered.

Constraints:
Properties:

AggregationNone
Alias
Association
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity0..1
NamediscoveredDateTime
Name Expression
NamespaceSecurityVulnerability
Opposite
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::discoveredDateTime
Stereotype
Template Parameter
TypeDateTime
Upper1
Upper Value(1)
VisibilityPublic

 exploitPublishedDateTime 
Public DateTime exploitPublishedDateTime

The date and time the exploit for the vulnerability was published.

Constraints:
Properties:

AggregationNone
Alias
Association
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity0..1
NameexploitPublishedDateTime
Name Expression
NamespaceSecurityVulnerability
Opposite
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::exploitPublishedDateTime
Stereotype
Template Parameter
TypeDateTime
Upper1
Upper Value(1)
VisibilityPublic

 lastModifiedDateTime 
Public DateTime lastModifiedDateTime

The last date and time the vulnerability was updated

Constraints:
Properties:

AggregationNone
Alias
Association
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity0..1
NamelastModifiedDateTime
Name Expression
NamespaceSecurityVulnerability
Opposite
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::lastModifiedDateTime
Stereotype
Template Parameter
TypeDateTime
Upper1
Upper Value(1)
VisibilityPublic

 publishedDateTime 
Public DateTime publishedDateTime

The date and time the vulnerability was published to the public.

Constraints:
Properties:

AggregationNone
Alias
Association
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity0..1
NamepublishedDateTime
Name Expression
NamespaceSecurityVulnerability
Opposite
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::publishedDateTime
Stereotyperequired
Template Parameter
TypeDateTime
Upper1
Upper Value(1)
VisibilityPublic

 reference 
Public «baseType» URI reference

URI to amplifying information about the vulnerability

Constraints:
Properties:

AggregationNone
Alias
Association
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity*
Namereference
Name Expression
NamespaceSecurityVulnerability
Opposite
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::reference
Stereotype
Template Parameter
Type«baseType» URI
Upper*
Upper Value(*)
VisibilityPublic

 securityVulnerabilityCategory 
Public SecurityVulnerabilityCategoryAssignment securityVulnerabilityCategory
Constraints:
Properties:

AggregationNone
Alias
AssociationSecurityVulnerabilityAssigned
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity*
NamesecurityVulnerabilityCategory
Name Expression
NamespaceSecurityVulnerability
OppositesecurityVulnerability
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::securityVulnerabilityCategory
Stereotype
Template Parameter
TypeSecurityVulnerabilityCategoryAssignment
Upper*
Upper Value(*)
VisibilityPublic

 technicalDescription 
Public String technicalDescription

Details on the technical characteristics of the vulnerability

Constraints:
Properties:

AggregationNone
Alias
Association
Association End
ClassSecurityVulnerability
Datatype
Default
Default Value
Is Compositefalse
Is Derivedfalse
Is Derived Unionfalse
Is Leaffalse
Is Orderedfalse
Is Read Onlyfalse
Is Staticfalse
Is Uniquetrue
Keywords
Lower0
Lower Value(0)
Multiplicity0..1
NametechnicalDescription
Name Expression
NamespaceSecurityVulnerability
Opposite
OwnerSecurityVulnerability
Owning Association
Owning Template Parameter
Qualified NameSID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Vulnerability ABE::SecurityVulnerability::technicalDescription
Stereotype
Template Parameter
TypeString
Upper1
Upper Value(1)
VisibilityPublic

OverviewTopPackageElement
Security Vulnerability ABE UML Documentation
Summary:AttributesPropertiesDetail:Attributes