Used to take advantage of weaknesses the victim has to gain access or information that is either inherently valuable, or that can be used to gain further access.

Attributes
SecurityThreat	_securityThreat
SecurityThreatActor	_securityThreatActor
SecurityThreatIndicator	_securityThreatIndicator
SecurityThreatTechnique	_securityThreatTechnique
SecurityThreatTool	_securityThreatTool
SecurityVulnerability	_securityVulnerability
EntityIdentification	entityIdentification
String	exploitType	An enumerated list of threa exploit types, such as: Software Flaw Weak Security Control Cross-scripting Exploit User-interaction Dependent Tool
String	name	A human readable name given to the exploit
«baseType» URI	reference	A reference to additional information about a threat exploit.
String	unauthorizedResults	Description the unauthorized results obtained through the use of this exploit

 _securityThreat

Public SecurityThreat _securityThreat

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityThreatResultsIn
Association End
Class	SecurityThreatExploit
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	_securityThreat
Name Expression
Namespace	SecurityThreatExploit
Opposite	_securityThreatExploit
Owner	SecurityThreatExploit
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Threat ABE::SecurityThreatExploit::_securityThreat
Stereotype
Template Parameter
Type	SecurityThreat
Upper	1
Upper Value	(1)
Visibility	Public

 _securityThreatActor

Public SecurityThreatActor _securityThreatActor

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurtyThreatActorInitiates
Association End
Class	SecurityThreatExploit
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	1
Lower Value	(1)
Multiplicity	1
Name	_securityThreatActor
Name Expression
Namespace	SecurityThreatExploit
Opposite	_securityThreatExploit
Owner	SecurityThreatExploit
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Threat ABE::SecurityThreatExploit::_securityThreatActor
Stereotype
Template Parameter
Type	SecurityThreatActor
Upper	1
Upper Value	(1)
Visibility	Public

 _securityThreatIndicator

Public SecurityThreatIndicator _securityThreatIndicator

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityThreatIndicatorFurtherDescribedBy
Association End
Class	SecurityThreatExploit
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	_securityThreatIndicator
Name Expression
Namespace	SecurityThreatExploit
Opposite	_securityThreatExploit
Owner	SecurityThreatExploit
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Threat ABE::SecurityThreatExploit::_securityThreatIndicator
Stereotype
Template Parameter
Type	SecurityThreatIndicator
Upper	1
Upper Value	(1)
Visibility	Public

 _securityThreatTechnique

Public SecurityThreatTechnique _securityThreatTechnique

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityThreatTechniqueUsedBy
Association End
Class	SecurityThreatExploit
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	_securityThreatTechnique
Name Expression
Namespace	SecurityThreatExploit
Opposite	_securityThreatExploit
Owner	SecurityThreatExploit
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Threat ABE::SecurityThreatExploit::_securityThreatTechnique
Stereotype
Template Parameter
Type	SecurityThreatTechnique
Upper	1
Upper Value	(1)
Visibility	Public

 _securityThreatTool

Public SecurityThreatTool _securityThreatTool

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityThreatToolUsedBy
Association End
Class	SecurityThreatExploit
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	_securityThreatTool
Name Expression
Namespace	SecurityThreatExploit
Opposite	_securityThreatExploit
Owner	SecurityThreatExploit
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Threat ABE::SecurityThreatExploit::_securityThreatTool
Stereotype
Template Parameter
Type	SecurityThreatTool
Upper	1
Upper Value	(1)
Visibility	Public

 _securityVulnerability

Public SecurityVulnerability _securityVulnerability

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityThreatExploitTargets
Association End
Class	SecurityThreatExploit
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	_securityVulnerability
Name Expression
Namespace	SecurityThreatExploit
Opposite	_securityThreatExploit
Owner	SecurityThreatExploit
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Threat ABE::SecurityThreatExploit::_securityVulnerability
Stereotype
Template Parameter
Type	SecurityVulnerability
Upper	*
Upper Value	(*)
Visibility	Public

 entityIdentification

Public EntityIdentification entityIdentification

Constraints:

Properties:

Aggregation	None
Alias
Association	SecurityThreatExploitReferences
Association End
Class	SecurityThreatExploit
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	entityIdentification
Name Expression
Namespace	SecurityThreatExploit
Opposite	securityVulnerability2
Owner	SecurityThreatExploit
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Threat ABE::SecurityThreatExploit::entityIdentification
Stereotype
Template Parameter
Type	EntityIdentification
Upper	*
Upper Value	(*)
Visibility	Public

 exploitType

Public String exploitType

An enumerated list of threa exploit types, such as:

Software Flaw
Weak Security Control
Cross-scripting Exploit
User-interaction Dependent Tool

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityThreatExploit
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	exploitType
Name Expression
Namespace	SecurityThreatExploit
Opposite
Owner	SecurityThreatExploit
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Threat ABE::SecurityThreatExploit::exploitType
Stereotype
Template Parameter
Type	String
Upper	*
Upper Value	(*)
Visibility	Public

 name

Public String name

A human readable name given to the exploit

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityThreatExploit
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	0..1
Name	name
Name Expression
Namespace	SecurityThreatExploit
Opposite
Owner	SecurityThreatExploit
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Threat ABE::SecurityThreatExploit::name
Stereotype
Template Parameter
Type	String
Upper	1
Upper Value	(1)
Visibility	Public

 reference

Public «baseType» URI reference

A reference to additional information about a threat exploit.

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityThreatExploit
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	0
Lower Value	(0)
Multiplicity	*
Name	reference
Name Expression
Namespace	SecurityThreatExploit
Opposite
Owner	SecurityThreatExploit
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Threat ABE::SecurityThreatExploit::reference
Stereotype
Template Parameter
Type	«baseType» URI
Upper	*
Upper Value	(*)
Visibility	Public

 unauthorizedResults

Public String unauthorizedResults

Description the unauthorized results obtained through the use of this exploit

Constraints:

Properties:

Aggregation	None
Alias
Association
Association End
Class	SecurityThreatExploit
Datatype
Default
Default Value
Is Composite	false
Is Derived	false
Is Derived Union	false
Is Leaf	false
Is Ordered	false
Is Read Only	false
Is Static	false
Is Unique	true
Keywords
Lower	1
Lower Value
Multiplicity	None (1)
Name	unauthorizedResults
Name Expression
Namespace	SecurityThreatExploit
Opposite
Owner	SecurityThreatExploit
Owning Association
Owning Template Parameter
Qualified Name	SID Models::Enterprise Domain::Enterprise Risk ABE::Enterprise Security ABE::Security Threat ABE::SecurityThreatExploit::unauthorizedResults
Stereotype
Template Parameter
Type	String
Upper	1
Upper Value
Visibility	Public