github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-3/vex.json (about) 1 { 2 "bomFormat": "CycloneDX", 3 "specVersion": "1.4", 4 "version": 1, 5 "metadata" : { 6 "timestamp" : "2022-03-03T00:00:00Z", 7 "component" : { 8 "name" : "GHI", 9 "version": "17.4", 10 "type" : "application", 11 "bom-ref" : "product-GHI" 12 } 13 }, 14 "vulnerabilities": [ 15 { 16 "id": "CVE-2020-11896", 17 "source": { 18 "name": "NVD", 19 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11896" 20 }, 21 "ratings": [ 22 { 23 "source": { 24 "name": "NVD", 25 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&version=3.1" 26 }, 27 "score": 10.0, 28 "severity": "critical", 29 "method": "CVSSv31", 30 "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" 31 } 32 ], 33 "analysis": { 34 "state": "in_triage" 35 }, 36 "affects": [ 37 { 38 "ref": "product-GHI" 39 } 40 ] 41 }, 42 { 43 "id": "CVE-2020-11897", 44 "source": { 45 "name": "NVD", 46 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11897" 47 }, 48 "ratings": [ 49 { 50 "source": { 51 "name": "Example Company", 52 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 53 }, 54 "score": 0.0, 55 "severity": "none", 56 "method": "CVSSv31", 57 "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 58 } 59 ], 60 "analysis": { 61 "state": "not_affected", 62 "justification": "code_not_present", 63 "detail": "IPv6 is not supported and code is not present." 64 }, 65 "affects": [ 66 { 67 "ref": "product-GHI" 68 } 69 ] 70 }, 71 { 72 "id": "CVE-2020-11898", 73 "source": { 74 "name": "NVD", 75 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11898" 76 }, 77 "ratings": [ 78 { 79 "source": { 80 "name": "NVD", 81 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H&version=3.1" 82 }, 83 "score": 9.1, 84 "severity": "critical", 85 "method": "CVSSv31", 86 "vector": "AAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" 87 } 88 ], 89 "analysis": { 90 "state": "exploitable", 91 "detail": "We are working to integrate the upstream patches in our code." 92 }, 93 "affects": [ 94 { 95 "ref": "product-GHI" 96 } 97 ] 98 }, 99 { 100 "id": "CVE-2020-11899", 101 "source": { 102 "name": "NVD", 103 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11899" 104 }, 105 "ratings": [ 106 { 107 "source": { 108 "name": "Example Company", 109 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 110 }, 111 "score": 0.0, 112 "severity": "none", 113 "method": "CVSSv31", 114 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 115 } 116 ], 117 "analysis": { 118 "state": "not_affected", 119 "justification": "code_not_present", 120 "detail": "IPv6 is not supported and code is not present." 121 }, 122 "affects": [ 123 { 124 "ref": "product-GHI" 125 } 126 ] 127 }, 128 { 129 "id": "CVE-2020-11900", 130 "source": { 131 "name": "NVD", 132 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11900" 133 }, 134 "ratings": [ 135 { 136 "source": { 137 "name": "NVD", 138 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H&version=3.1" 139 }, 140 "score": 8.2, 141 "severity": "high", 142 "method": "CVSSv31", 143 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H" 144 } 145 ], 146 "analysis": { 147 "state": "in_triage" 148 }, 149 "affects": [ 150 { 151 "ref": "product-GHI" 152 } 153 ] 154 }, 155 { 156 "id": "CVE-2020-11901", 157 "source": { 158 "name": "NVD", 159 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11901" 160 }, 161 "ratings": [ 162 { 163 "source": { 164 "name": "Example Company", 165 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 166 }, 167 "score": 0.0, 168 "severity": "none", 169 "method": "CVSSv31", 170 "vector": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 171 } 172 ], 173 "analysis": { 174 "state": "resolved" 175 }, 176 "affects": [ 177 { 178 "ref": "product-GHI" 179 } 180 ] 181 }, 182 { 183 "id": "CVE-2020-11902", 184 "source": { 185 "name": "NVD", 186 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11902" 187 }, 188 "ratings": [ 189 { 190 "source": { 191 "name": "Example Company", 192 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 193 }, 194 "score": 0.0, 195 "severity": "none", 196 "method": "CVSSv31", 197 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 198 } 199 ], 200 "analysis": { 201 "state": "not_affected", 202 "justification": "code_not_present", 203 "detail": "IPv6 is not supported and code is not present." 204 }, 205 "affects": [ 206 { 207 "ref": "product-GHI" 208 } 209 ] 210 }, 211 { 212 "id": "CVE-2020-11903", 213 "source": { 214 "name": "NVD", 215 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11903" 216 }, 217 "ratings": [ 218 { 219 "source": { 220 "name": "NVD", 221 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&version=3.1" 222 }, 223 "score": 6.5, 224 "severity": "medium", 225 "method": "CVSSv31", 226 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" 227 } 228 ], 229 "analysis": { 230 "state": "in_triage" 231 }, 232 "affects": [ 233 { 234 "ref": "product-GHI" 235 } 236 ] 237 }, 238 { 239 "id": "CVE-2020-11904", 240 "source": { 241 "name": "NVD", 242 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11904" 243 }, 244 "ratings": [ 245 { 246 "source": { 247 "name": "NVD", 248 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L&version=3.1" 249 }, 250 "score": 7.3, 251 "severity": "high", 252 "method": "CVSSv31", 253 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" 254 } 255 ], 256 "analysis": { 257 "state": "in_triage" 258 }, 259 "affects": [ 260 { 261 "ref": "product-GHI" 262 } 263 ] 264 }, 265 { 266 "id": "CVE-2020-11905", 267 "source": { 268 "name": "NVD", 269 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11905" 270 }, 271 "ratings": [ 272 { 273 "source": { 274 "name": "Example Company", 275 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 276 }, 277 "score": 0.0, 278 "severity": "none", 279 "method": "CVSSv31", 280 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 281 } 282 ], 283 "analysis": { 284 "state": "not_affected", 285 "justification": "code_not_present", 286 "detail": "IPv6 is not supported and code is not present." 287 }, 288 "affects": [ 289 { 290 "ref": "product-GHI" 291 } 292 ] 293 }, 294 { 295 "id": "CVE-2020-11906", 296 "source": { 297 "name": "NVD", 298 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11906" 299 }, 300 "ratings": [ 301 { 302 "source": { 303 "name": "Example Company", 304 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 305 }, 306 "score": 0.0, 307 "severity": "none", 308 "method": "CVSSv31", 309 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 310 } 311 ], 312 "analysis": { 313 "state": "not_affected", 314 "justification": "code_not_present", 315 "detail": "This code was re-written. The vulnerable code is not present." 316 }, 317 "affects": [ 318 { 319 "ref": "product-GHI" 320 } 321 ] 322 }, 323 { 324 "id": "CVE-2020-11907", 325 "source": { 326 "name": "NVD", 327 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11907" 328 }, 329 "ratings": [ 330 { 331 "source": { 332 "name": "NVD", 333 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L&version=3.1" 334 }, 335 "score": 6.3, 336 "severity": "medium", 337 "method": "CVSSv31", 338 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" 339 } 340 ], 341 "analysis": { 342 "state": "exploitable", 343 "detail": "We are working to integrate the upstream patches in our code." 344 }, 345 "affects": [ 346 { 347 "ref": "product-GHI" 348 } 349 ] 350 }, 351 { 352 "id": "CVE-2020-11908", 353 "source": { 354 "name": "NVD", 355 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11908" 356 }, 357 "ratings": [ 358 { 359 "source": { 360 "name": "NVD", 361 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L&version=3.1" 362 }, 363 "score": 4.3, 364 "severity": "medium", 365 "method": "CVSSv31", 366 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" 367 } 368 ], 369 "analysis": { 370 "state": "in_triage" 371 }, 372 "affects": [ 373 { 374 "ref": "product-GHI" 375 } 376 ] 377 }, 378 { 379 "id": "CVE-2020-11909", 380 "source": { 381 "name": "NVD", 382 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11909" 383 }, 384 "ratings": [ 385 { 386 "source": { 387 "name": "NVD", 388 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N&version=3.1" 389 }, 390 "score": 5.3, 391 "severity": "medium", 392 "method": "CVSSv31", 393 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" 394 } 395 ], 396 "analysis": { 397 "state": "exploitable", 398 "detail": "We are working to integrate the upstream patches in our code." 399 }, 400 "affects": [ 401 { 402 "ref": "product-GHI" 403 } 404 ] 405 }, 406 { 407 "id": "CVE-2020-11910", 408 "source": { 409 "name": "NVD", 410 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11910" 411 }, 412 "ratings": [ 413 { 414 "source": { 415 "name": "NVD", 416 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N&version=3.1" 417 }, 418 "score": 5.3, 419 "severity": "medium", 420 "method": "CVSSv31", 421 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" 422 } 423 ], 424 "analysis": { 425 "state": "exploitable", 426 "detail": "We are working to integrate the upstream patches in our code." 427 }, 428 "affects": [ 429 { 430 "ref": "product-GHI" 431 } 432 ] 433 }, 434 { 435 "id": "CVE-2020-11911", 436 "source": { 437 "name": "NVD", 438 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11911" 439 }, 440 "ratings": [ 441 { 442 "source": { 443 "name": "NVD", 444 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N&version=3.1" 445 }, 446 "score": 5.3, 447 "severity": "medium", 448 "method": "CVSSv31", 449 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" 450 } 451 ], 452 "analysis": { 453 "state": "exploitable", 454 "detail": "We are working to integrate the upstream patches in our code." 455 }, 456 "affects": [ 457 { 458 "ref": "product-GHI" 459 } 460 ] 461 }, 462 { 463 "id": "CVE-2020-11912", 464 "source": { 465 "name": "NVD", 466 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11912" 467 }, 468 "ratings": [ 469 { 470 "source": { 471 "name": "Example Company", 472 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 473 }, 474 "score": 0.0, 475 "severity": "none", 476 "method": "CVSSv31", 477 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 478 } 479 ], 480 "analysis": { 481 "state": "resolved" 482 }, 483 "affects": [ 484 { 485 "ref": "product-GHI" 486 } 487 ] 488 }, 489 { 490 "id": "CVE-2020-11913", 491 "source": { 492 "name": "NVD", 493 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11913" 494 }, 495 "ratings": [ 496 { 497 "source": { 498 "name": "Example Company", 499 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 500 }, 501 "score": 0.0, 502 "severity": "none", 503 "method": "CVSSv31", 504 "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 505 } 506 ], 507 "analysis": { 508 "state": "not_affected", 509 "justification": "code_not_present", 510 "detail": "IPv6 is not supported and code is not present." 511 }, 512 "affects": [ 513 { 514 "ref": "product-GHI" 515 } 516 ] 517 }, 518 { 519 "id": "CVE-2020-11914", 520 "source": { 521 "name": "NVD", 522 "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11914" 523 }, 524 "ratings": [ 525 { 526 "source": { 527 "name": "Example Company", 528 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1" 529 }, 530 "score": 0.0, 531 "severity": "none", 532 "method": "CVSSv31", 533 "vector": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N" 534 } 535 ], 536 "analysis": { 537 "state": "resolved" 538 }, 539 "affects": [ 540 { 541 "ref": "product-GHI" 542 } 543 ] 544 } 545 ] 546 }