SecurityVulnerability

: Public <<TMF_BusinessEntity>> Business Entity

Created:	1/10/2022 12:01:58 PM
Modified:	4/15/2022 10:30:22 AM

Project:
Author:	Giu Platania
Version:	22.0
Phase:	prop
Status:	Implemented
Complexity:	Easy
Difficulty:
Priority:
Multiplicity:
Advanced:
UUID:	{C7B2B7DD-8553-4333-9E66-F9499C4AB95F}
Appears In:	Figure SE.08 - Security Threat Basic Entities, Figure SE.00 - Security Overview, Figure SE.16 - Security Vulnerability, Figure SE.17 - Security Vulnerability Association With Other Business Entities, Figure SE.17a - Security Vulnerability Category Types

An information security "vulnerability" is a mistake in software that can be directly used by a hacker to gain access to a system or network. CVE considers a mistake a vulnerability if it allows an attacker to use it to violate a reasonable security policy for that system (this excludes excluding entirely "open" security policies in which all users are trusted, or where there is no consideration of risk to the system). For CVE, a vulnerability is a state in a computing system (or set of systems) that either: · allows an attacker to execute commands as another user · allows an attacker to access data that is contrary to the specified access restrictions for that data · allows an attacker to pose as another entity · allows an attacker to conduct a denial of service source: http://cve.mitre.org

Attributes
Associations To
Associations From
Tagged Values
Advanced

Attribute

Public String
cceName

Details:

Alias:
Initial:
Stereotype:
Ordered:
Range:	Range:0 to *
Transient:	False
Derived:	False
IsID:	False

Notes:

Unique identifier to system configuration issues in order to facilitate fast and accurate correlation of configuration data across multiple information sources and tools. The cceName represents a configuration that makes a resource vulnerable.

Public String
cveName

Details:

Alias:
Initial:
Stereotype:
Ordered:
Range:
Transient:	False
Derived:	False
IsID:	False

Notes:

CVE Identifiers (also called "CVE names," "CVE numbers," "CVE-IDs," and "CVEs") are unique, common identifiers for publicly known information security vulnerabilities. CVE identifiers have "entry" or "candidate" status. Entry status indicates that the CVE Identifier has been accepted to the CVE List while candidate status (also called "candidates," "candidate numbers," or "CANs") indicates that the identifier is under review for inclusion in the list. source: http://cve.mitre.org

Public String
description

Details:

Alias:
Initial:
Stereotype:
Ordered:
Range:
Transient:	False
Derived:	False
IsID:	False

Notes:

A brief description of the vulnerability

Public DateTime
disclosureDateTime

Details:

Alias:
Initial:
Stereotype:
Ordered:
Range:
Transient:	False
Derived:	False
IsID:	False

Notes:

The date and time the vulnerability was publicly disclosed

Public DateTime
discoveredDateTime

Details:

Alias:
Initial:
Stereotype:
Ordered:
Range:
Transient:	False
Derived:	False
IsID:	False

Notes:

The date and time the vulnerability was discovered.

Public DateTime
exploitPublishedDateTime

Details:

Alias:
Initial:
Stereotype:
Ordered:
Range:
Transient:	False
Derived:	False
IsID:	False

Notes:

The date and time the exploit for the vulnerability was published.

Public DateTime
lastModifiedDateTime

Details:

Alias:
Initial:
Stereotype:
Ordered:
Range:
Transient:	False
Derived:	False
IsID:	False

Notes:

The last date and time the vulnerability was updated

Public DateTime
publishedDateTime

Details:

Alias:
Initial:
Stereotype:	<<required>>
Ordered:
Range:
Transient:	False
Derived:	False
IsID:	False

Notes:

The date and time the vulnerability was published to the public.

Public URI
reference

Details:

Alias:
Initial:
Stereotype:
Ordered:
Range:	Range:0 to *
Transient:	False
Derived:	False
IsID:	False

Notes:

URI to amplifying information about the vulnerability

Public String
technicalDescription

Details:

Alias:
Initial:
Stereotype:
Ordered:
Range:
Transient:	False
Derived:	False
IsID:	False

Notes:

Details on the technical characteristics of the vulnerability

Element	Source Role	Target Role
«TMF_BusinessEntity» SecurityEvent Business Entity	Name: _securityVulnerability	Name: _securityEvent
Details:
«TMF_BusinessEntity» SecurityVulnerabilityTool Business Entity	Name: _securityVulnerability	Name: _securityVulnerabilityToolConfiguration
Details:
«TMF_BusinessEntity» SecurityVulnerabilityCategoryAssignment Business Entity	Name: securityVulnerability	Name: securityVulnerabilityCategory
Details:
«TMF_ABE» Security Vulnerability ABE ABE «TMF_ABEIsComposedByEntity»	Name:	Name:
Details:
«TMF_BusinessEntity» CommonWeaknessEnumeration Business Entity	Name: _securityVulnerability	Name: _securityVulnerabilityCWEReference
Details:
«TMF_BusinessEntity» SecurityVulnerabilityFixAction Business Entity	Name: _securityVulnerability	Name: _securityVulnerabilityFixAction
Details:
«TMF_BusinessEntity» SecurityVulnerabilitySoftware Business Entity	Name: _securityVulnerability	Name: _securityVulnerabilitySoftware
Details:
«TMF_BusinessEntity» EntityIdentification Business Entity	Name: _securityVulnerability	Name: _entityIdentification
Details:

Element	Source Role	Target Role
«TMF_BusinessEntity» SecurityEntity Business Entity	Name: _securityEntity	Name: _securityVulnerability
Details:
«TMF_BusinessEntity» SecurityThreatExploit Business Entity	Name: _securityThreatExploit	Name: _securityVulnerability
Details:
«TMF_BusinessEntity» SecurityThreatTechnique Business Entity	Name: _securityThreatTechnique	Name: _securityVulnerability
Details:

Tag	Value
IsCoreEntity	False
Details: Values: true,false Default: False
rsa_guid	_44fUcGpyEd-YIudmhftTlg
Details:

Property	Value
isActive:	0
isFinalSpecialization:	0