github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-6/vex.json

github.com/CycloneDX/sbom-utility@v0.16.0/examples/cyclonedx/VEX/CISA-Use-Cases/Case-6/vex.json (about)

     1  {
     2    "bomFormat": "CycloneDX",
     3    "specVersion": "1.4",
     4    "version": 1,
     5    "metadata" : {
     6      "timestamp" : "2022-03-03T00:00:00Z",
     7      "component" : {
     8        "name" : "ABC",
     9        "type" : "application",
    10        "bom-ref" : "product-ABC"
    11      }
    12    },
    13    "vulnerabilities": [
    14      {
    15        "id": "CVE-2021-44228",
    16        "source": {
    17          "name": "NVD",
    18          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
    19        },
    20        "ratings": [
    21          {
    22            "source": {
    23              "name": "NVD",
    24              "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&version=3.1"
    25            },
    26            "score": 10.0,
    27            "severity": "critical",
    28            "method": "CVSSv31",
    29            "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
    30          }
    31        ],
    32        "analysis": {
    33          "state": "exploitable",
    34          "response": ["will_not_fix", "update"],
    35          "detail": "Versions of Product ABC are affected by the vulnerability. Customers are advised to upgrade to the latest release."
    36        },
    37        "affects": [
    38          {
    39            "ref": "product-ABC",
    40            "versions": [
    41              {
    42                "version": "2.4",
    43                "status": "affected"
    44              },
    45              {
    46                "version": "2.6",
    47                "status": "affected"
    48              },
    49              {
    50                "range": "vers:generic/>=2.9|<=4.1",
    51                "status": "affected"
    52              }
    53            ]
    54          }
    55        ]
    56      },
    57      {
    58        "id": "CVE-2021-44228",
    59        "source": {
    60          "name": "NVD",
    61          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44228"
    62        },
    63        "ratings": [
    64          {
    65            "source": {
    66              "name": "NVD",
    67              "url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N&version=3.1"
    68            },
    69            "score": 0.0,
    70            "severity": "none",
    71            "method": "CVSSv31",
    72            "vector": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/CR:X/IR:X/AR:X/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:N/MI:N/MA:N"
    73          }
    74        ],
    75        "analysis": {
    76          "state": "not_affected",
    77          "justification": "code_not_present",
    78          "response": ["will_not_fix"],
    79          "detail": "These versions of Product ABC are not affected by the vulnerability. Class with vulnerable code was removed before shipping."
    80        },
    81        "affects": [
    82          {
    83            "ref": "product-ABC",
    84            "versions": [
    85              {
    86                "range": "vers:generic/>=1.0|<=2.3",
    87                "status": "unaffected"
    88              },
    89              {
    90                "version": "2.5",
    91                "status": "unaffected"
    92              },
    93              {
    94                "range": "vers:generic/>=2.7|<=2.8",
    95                "status": "unaffected"
    96              },
    97              {
    98                "version": "4.2",
    99                "status": "unaffected"
   100              }
   101            ]
   102          }
   103        ]
   104      }
   105    ]
   106  }