github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-4/vex.json (about) 1 { 2 "bomFormat": "CycloneDX", 3 "specVersion": "1.4", 4 "version": 1, 5 "metadata" : { 6 "timestamp" : "2022-03-03T00:00:00Z", 7 "component" : { 8 "name" : "ABC", 9 "type" : "application", 10 "bom-ref" : "product-ABC" 11 } 12 }, 13 "vulnerabilities": [ 14 { 15 "id": "CVE-2021-44228", 16 "source": { 17 "name": "NVD", 18 "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228" 19 }, 20 "ratings": [ 21 { 22 "source": { 23 "name": "NVD", 24 "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&version=3.1" 25 }, 26 "score": 10.0, 27 "severity": "critical", 28 "method": "CVSSv31", 29 "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" 30 } 31 ], 32 "analysis": { 33 "state": "exploitable", 34 "response": ["will_not_fix", "update"], 35 "detail": "Versions of Product ABC are affected by the vulnerability. Customers are advised to upgrade to the latest release." 36 }, 37 "affects": [ 38 { 39 "ref": "product-ABC", 40 "versions": [ 41 { 42 "version": "2.4", 43 "status": "affected" 44 }, 45 { 46 "version": "2.6", 47 "status": "affected" 48 }, 49 { 50 "range": "vers:generic/>=2.9|<=4.1", 51 "status": "affected" 52 } 53 ] 54 } 55 ] 56 } 57 ] 58 }