github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-2/vex.json (about) 1 { 2 "bomFormat": "CycloneDX", 3 "specVersion": "1.4", 4 "version": 1, 5 "metadata" : { 6 "timestamp" : "2022-03-03T00:00:00Z", 7 "component" : { 8 "name" : "ABC", 9 "version": "4.2", 10 "type" : "application", 11 "bom-ref" : "product-ABC" 12 } 13 }, 14 "vulnerabilities": [ 15 { 16 "id": "CVE-2020-11896", 17 "source": { 18 "name": "NVD", 19 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11896" 20 }, 21 "ratings": [ 22 { 23 "source": { 24 "name": "Example Company", 25 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 26 }, 27 "score": 0.0, 28 "severity": "none", 29 "method": "CVSSv31", 30 "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 31 } 32 ], 33 "analysis": { 34 "state": "not_affected", 35 "justification": "code_not_reachable", 36 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 37 }, 38 "affects": [ 39 { 40 "ref": "product-ABC" 41 } 42 ] 43 }, 44 { 45 "id": "CVE-2020-11897", 46 "source": { 47 "name": "NVD", 48 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11897" 49 }, 50 "ratings": [ 51 { 52 "source": { 53 "name": "Example Company", 54 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 55 }, 56 "score": 0.0, 57 "severity": "none", 58 "method": "CVSSv31", 59 "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 60 } 61 ], 62 "analysis": { 63 "state": "not_affected", 64 "justification": "code_not_reachable", 65 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 66 }, 67 "affects": [ 68 { 69 "ref": "product-ABC" 70 } 71 ] 72 }, 73 { 74 "id": "CVE-2020-11898", 75 "source": { 76 "name": "NVD", 77 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11898" 78 }, 79 "ratings": [ 80 { 81 "source": { 82 "name": "Example Company", 83 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 84 }, 85 "score": 0.0, 86 "severity": "none", 87 "method": "CVSSv31", 88 "vector": "AAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 89 } 90 ], 91 "analysis": { 92 "state": "not_affected", 93 "justification": "code_not_reachable", 94 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 95 }, 96 "affects": [ 97 { 98 "ref": "product-ABC" 99 } 100 ] 101 }, 102 { 103 "id": "CVE-2020-11899", 104 "source": { 105 "name": "NVD", 106 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11899" 107 }, 108 "ratings": [ 109 { 110 "source": { 111 "name": "Example Company", 112 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 113 }, 114 "score": 0.0, 115 "severity": "none", 116 "method": "CVSSv31", 117 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 118 } 119 ], 120 "analysis": { 121 "state": "not_affected", 122 "justification": "code_not_reachable", 123 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 124 }, 125 "affects": [ 126 { 127 "ref": "product-ABC" 128 } 129 ] 130 }, 131 { 132 "id": "CVE-2020-11900", 133 "source": { 134 "name": "NVD", 135 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11900" 136 }, 137 "ratings": [ 138 { 139 "source": { 140 "name": "Example Company", 141 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 142 }, 143 "score": 0.0, 144 "severity": "none", 145 "method": "CVSSv31", 146 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 147 } 148 ], 149 "analysis": { 150 "state": "not_affected", 151 "justification": "code_not_reachable", 152 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 153 }, 154 "affects": [ 155 { 156 "ref": "product-ABC" 157 } 158 ] 159 }, 160 { 161 "id": "CVE-2020-11901", 162 "source": { 163 "name": "NVD", 164 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11901" 165 }, 166 "ratings": [ 167 { 168 "source": { 169 "name": "Example Company", 170 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 171 }, 172 "score": 0.0, 173 "severity": "none", 174 "method": "CVSSv31", 175 "vector": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 176 } 177 ], 178 "analysis": { 179 "state": "not_affected", 180 "justification": "code_not_reachable", 181 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 182 }, 183 "affects": [ 184 { 185 "ref": "product-ABC" 186 } 187 ] 188 }, 189 { 190 "id": "CVE-2020-11902", 191 "source": { 192 "name": "NVD", 193 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11902" 194 }, 195 "ratings": [ 196 { 197 "source": { 198 "name": "Example Company", 199 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 200 }, 201 "score": 0.0, 202 "severity": "none", 203 "method": "CVSSv31", 204 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 205 } 206 ], 207 "analysis": { 208 "state": "not_affected", 209 "justification": "code_not_reachable", 210 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 211 }, 212 "affects": [ 213 { 214 "ref": "product-ABC" 215 } 216 ] 217 }, 218 { 219 "id": "CVE-2020-11903", 220 "source": { 221 "name": "NVD", 222 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11903" 223 }, 224 "ratings": [ 225 { 226 "source": { 227 "name": "Example Company", 228 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 229 }, 230 "score": 0.0, 231 "severity": "none", 232 "method": "CVSSv31", 233 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 234 } 235 ], 236 "analysis": { 237 "state": "not_affected", 238 "justification": "code_not_reachable", 239 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 240 }, 241 "affects": [ 242 { 243 "ref": "product-ABC" 244 } 245 ] 246 }, 247 { 248 "id": "CVE-2020-11904", 249 "source": { 250 "name": "NVD", 251 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11904" 252 }, 253 "ratings": [ 254 { 255 "source": { 256 "name": "Example Company", 257 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 258 }, 259 "score": 0.0, 260 "severity": "none", 261 "method": "CVSSv31", 262 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 263 } 264 ], 265 "analysis": { 266 "state": "not_affected", 267 "justification": "code_not_reachable", 268 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 269 }, 270 "affects": [ 271 { 272 "ref": "product-ABC" 273 } 274 ] 275 }, 276 { 277 "id": "CVE-2020-11905", 278 "source": { 279 "name": "NVD", 280 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11905" 281 }, 282 "ratings": [ 283 { 284 "source": { 285 "name": "Example Company", 286 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 287 }, 288 "score": 0.0, 289 "severity": "none", 290 "method": "CVSSv31", 291 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 292 } 293 ], 294 "analysis": { 295 "state": "not_affected", 296 "justification": "code_not_reachable", 297 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 298 }, 299 "affects": [ 300 { 301 "ref": "product-ABC" 302 } 303 ] 304 }, 305 { 306 "id": "CVE-2020-11906", 307 "source": { 308 "name": "NVD", 309 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11906" 310 }, 311 "ratings": [ 312 { 313 "source": { 314 "name": "Example Company", 315 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 316 }, 317 "score": 0.0, 318 "severity": "none", 319 "method": "CVSSv31", 320 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 321 } 322 ], 323 "analysis": { 324 "state": "not_affected", 325 "justification": "code_not_reachable", 326 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 327 }, 328 "affects": [ 329 { 330 "ref": "product-ABC" 331 } 332 ] 333 }, 334 { 335 "id": "CVE-2020-11907", 336 "source": { 337 "name": "NVD", 338 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11907" 339 }, 340 "ratings": [ 341 { 342 "source": { 343 "name": "Example Company", 344 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 345 }, 346 "score": 0.0, 347 "severity": "none", 348 "method": "CVSSv31", 349 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 350 } 351 ], 352 "analysis": { 353 "state": "not_affected", 354 "justification": "code_not_reachable", 355 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 356 }, 357 "affects": [ 358 { 359 "ref": "product-ABC" 360 } 361 ] 362 }, 363 { 364 "id": "CVE-2020-11908", 365 "source": { 366 "name": "NVD", 367 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11908" 368 }, 369 "ratings": [ 370 { 371 "source": { 372 "name": "Example Company", 373 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 374 }, 375 "score": 0.0, 376 "severity": "none", 377 "method": "CVSSv31", 378 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 379 } 380 ], 381 "analysis": { 382 "state": "not_affected", 383 "justification": "code_not_reachable", 384 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 385 }, 386 "affects": [ 387 { 388 "ref": "product-ABC" 389 } 390 ] 391 }, 392 { 393 "id": "CVE-2020-11909", 394 "source": { 395 "name": "NVD", 396 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11909" 397 }, 398 "ratings": [ 399 { 400 "source": { 401 "name": "Example Company", 402 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 403 }, 404 "score": 0.0, 405 "severity": "none", 406 "method": "CVSSv31", 407 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 408 } 409 ], 410 "analysis": { 411 "state": "not_affected", 412 "justification": "code_not_reachable", 413 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 414 }, 415 "affects": [ 416 { 417 "ref": "product-ABC" 418 } 419 ] 420 }, 421 { 422 "id": "CVE-2020-11910", 423 "source": { 424 "name": "NVD", 425 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11910" 426 }, 427 "ratings": [ 428 { 429 "source": { 430 "name": "Example Company", 431 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 432 }, 433 "score": 0.0, 434 "severity": "none", 435 "method": "CVSSv31", 436 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 437 } 438 ], 439 "analysis": { 440 "state": "not_affected", 441 "justification": "code_not_reachable", 442 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 443 }, 444 "affects": [ 445 { 446 "ref": "product-ABC" 447 } 448 ] 449 }, 450 { 451 "id": "CVE-2020-11911", 452 "source": { 453 "name": "NVD", 454 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11911" 455 }, 456 "ratings": [ 457 { 458 "source": { 459 "name": "Example Company", 460 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 461 }, 462 "score": 0.0, 463 "severity": "none", 464 "method": "CVSSv31", 465 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 466 } 467 ], 468 "analysis": { 469 "state": "not_affected", 470 "justification": "code_not_reachable", 471 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 472 }, 473 "affects": [ 474 { 475 "ref": "product-ABC" 476 } 477 ] 478 }, 479 { 480 "id": "CVE-2020-11912", 481 "source": { 482 "name": "NVD", 483 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11912" 484 }, 485 "ratings": [ 486 { 487 "source": { 488 "name": "Example Company", 489 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 490 }, 491 "score": 0.0, 492 "severity": "none", 493 "method": "CVSSv31", 494 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 495 } 496 ], 497 "analysis": { 498 "state": "not_affected", 499 "justification": "code_not_reachable", 500 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 501 }, 502 "affects": [ 503 { 504 "ref": "product-ABC" 505 } 506 ] 507 }, 508 { 509 "id": "CVE-2020-11913", 510 "source": { 511 "name": "NVD", 512 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11913" 513 }, 514 "ratings": [ 515 { 516 "source": { 517 "name": "Example Company", 518 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 519 }, 520 "score": 0.0, 521 "severity": "none", 522 "method": "CVSSv31", 523 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 524 } 525 ], 526 "analysis": { 527 "state": "not_affected", 528 "justification": "code_not_reachable", 529 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 530 }, 531 "affects": [ 532 { 533 "ref": "product-ABC" 534 } 535 ] 536 }, 537 { 538 "id": "CVE-2020-11914", 539 "source": { 540 "name": "NVD", 541 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11914" 542 }, 543 "ratings": [ 544 { 545 "source": { 546 "name": "Example Company", 547 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 548 }, 549 "score": 0.0, 550 "severity": "none", 551 "method": "CVSSv31", 552 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 553 } 554 ], 555 "analysis": { 556 "state": "not_affected", 557 "justification": "code_not_reachable", 558 "detail": "This version of Product ABC is not affected by the vulnerability. Linux TCP/IP used and therefore not vulnerable." 559 }, 560 "affects": [ 561 { 562 "ref": "product-ABC" 563 } 564 ] 565 } 566 ] 567 }