a mistake or condition that, if left unaddressed, could under the proper conditions contribute to a cyber-enabled capability being vulnerable to attack, allowing an adversary to make items function in unintended ways.
Property | Type | Description | Required? |
---|---|---|---|
description | Markdown String | should be short and limited to the key points that define this weakness | ✓ |
id | String | Globally unique URI identifying this object. | ✓ |
schema_version | String | CTIM schema version for this entity | ✓ |
type | WeaknessTypeIdentifier String | The fixed value weakness | ✓ |
abstraction_level | WeaknessAbstractionLevel String | defines the abstraction level for this weakness | |
affected_resources | SystemResource String List | identify system resources that can be affected by an exploit of this weakness | |
alternate_terms | AlternateTerm Object List | indicates one or more other names used to describe this weakness | |
architectures | Architecture Object List | Applicable architectures | |
background_details | Markdown String | information that is relevant but not related to the nature of the weakness itself | |
common_consequences | Consequence Object List | specify individual consequences associated with a weakness | |
detection_methods | DetectionMethod Object List | identify methods that may be employed to detect this weakness, including their strengths and limitations | |
external_ids | String List | ||
external_references | ExternalReference Object List | Specifies a list of external references which refers to non-CTIM information. This property is used to provide one or more URLs, descriptions, or IDs to records in other systems. | |
functional_areas | FunctionalArea String List | identifies the functional area of the software in which the weakness is most likely to occur | |
language | ShortString String | The human language this object is specified in. | |
languages | Language Object List | Applicable Languages | |
likelihood | HighMedLow String | Likelihood of exploit | |
modes_of_introduction | ModeOfIntroduction Object List | information about how and when a given weakness may be introduced | |
notes | Note Object List | provide any additional comments about the weakness | |
operating_systems | OperatingSystem Object List | Applicable operating systems | |
paradigms | Paradigm Object List | Applicable paradigms | |
potential_mitigations | Mitigation Object List | describe potential mitigations associated with a weakness | |
revision | Integer | A monotonically increasing revision, incremented each time the object is changed. | |
short_description | MedString String | A single line, short summary of the object. | |
source | MedString String | ||
source_uri | String | ||
structure | WeaknessStructure String | defines the structural nature of the weakness | |
technologies | Technology Object List | Applicable technologies | |
timestamp | Inst (Date) | The time this object was created at, or last modified. | |
title | ShortString String | A short title for this object, used as primary display and reference value | |
tlp | TLP String | Specification for how, and to whom, this object can be shared. |
defines the abstraction level for this weakness
This entry is optional
Class
is the most abstract type of weakness, typically described independent of any specific language or technology. A Base
is a more specific type of weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. A Variant
is a weakness that is described at a very low level of detail, typically limited to a specific language or technology. A Compound
weakness is a meaningful aggregation of several weaknesses, currently known as either a Chain or Composite.identify system resources that can be affected by an exploit of this weakness
This entry is optional
This entry's type is sequential (allows zero or more values)
indicates one or more other names used to describe this weakness
Applicable architectures
information that is relevant but not related to the nature of the weakness itself
This entry is optional
specify individual consequences associated with a weakness
should be short and limited to the key points that define this weakness
This entry is required
identify methods that may be employed to detect this weakness, including their strengths and limitations
Specifies a list of external references which refers to non-CTIM information. This property is used to provide one or more URLs, descriptions, or IDs to records in other systems.
identifies the functional area of the software in which the weakness is most likely to occur
This entry is optional
This entry's type is sequential (allows zero or more values)
Globally unique URI identifying this object.
This entry is required
https://www.domain.com/ctia/judgement/judgement-de305d54-75b4-431b-adb2-eb6b9e546014
for a Judgement. This ID type compares to the STIX id field. The optional STIX idref field is not used.The human language this object is specified in.
This entry is optional
Applicable Languages
Likelihood of exploit
This entry is optional
information about how and when a given weakness may be introduced
provide any additional comments about the weakness
Applicable operating systems
Applicable paradigms
describe potential mitigations associated with a weakness
A monotonically increasing revision, incremented each time the object is changed.
This entry is optional
CTIM schema version for this entity
This entry is required
A single line, short summary of the object.
This entry is optional
This entry is optional
This entry is optional
defines the structural nature of the weakness
This entry is optional
Applicable technologies
The time this object was created at, or last modified.
This entry is optional
A short title for this object, used as primary display and reference value
This entry is optional
Specification for how, and to whom, this object can be shared.
This entry is optional
The fixed value weakness
This entry is required
External references are used to describe pointers to information represented outside of CTIM. For example, a Malware object could use an external reference to indicate an ID for that malware in an external database or a report could use references to represent source material.
Property | Type | Description | Required? |
---|---|---|---|
source_name | MedString String | The source within which the external-reference is defined (system, registry, organization, etc.) | ✓ |
description | Markdown String | ||
external_id | String | An identifier for the external reference content. | |
hashes | String List | Specifies a dictionary of hashes for the contents of the url. | |
url | String | A URL reference to an external resource |
This entry is optional
An identifier for the external reference content.
Specifies a dictionary of hashes for the contents of the url.
The source within which the external-reference is defined (system, registry, organization, etc.)
This entry is required
A URL reference to an external resource
This entry is optional
Property | Type | Description | Required? |
---|---|---|---|
prevalence | Prevalence String | defines the different regularities that guide the applicability of platforms | ✓ |
class | LanguageClass String | class of language | |
name | ShortString String | Language name (Clojure, Java, ...) |
class of language
This entry is optional
Language name (Clojure, Java, ...)
This entry is optional
defines the different regularities that guide the applicability of platforms
This entry is required
Property | Type | Description | Required? |
---|---|---|---|
prevalence | Prevalence String | defines the different regularities that guide the applicability of platforms | ✓ |
class | OperatingSystemClass String | ||
cpe_id | ShortString String | ||
name | ShortString String | ||
version | ShortString String |
This entry is optional
This entry is optional
This entry is optional
defines the different regularities that guide the applicability of platforms
This entry is required
This entry is optional
Property | Type | Description | Required? |
---|---|---|---|
prevalence | Prevalence String | defines the different regularities that guide the applicability of platforms | ✓ |
class | ArchitectureClass String | class of architecture | |
name | ShortString String | architecture name (ARM, x86, ...) |
class of architecture
This entry is optional
architecture name (ARM, x86, ...)
This entry is optional
defines the different regularities that guide the applicability of platforms
This entry is required
Property | Type | Description | Required? |
---|---|---|---|
prevalence | Prevalence String | defines the different regularities that guide the applicability of platforms | ✓ |
name | ShortString String | paradigm name (Client Server, Mainframe) |
paradigm name (Client Server, Mainframe)
This entry is optional
defines the different regularities that guide the applicability of platforms
This entry is required
Property | Type | Description | Required? |
---|---|---|---|
prevalence | Prevalence String | defines the different regularities that guide the applicability of platforms | ✓ |
name | ShortString String | technology name (Web Server, Web Client) |
technology name (Web Server, Web Client)
This entry is optional
defines the different regularities that guide the applicability of platforms
This entry is required
Property | Type | Description | Required? |
---|---|---|---|
term | ShortString String | the actual alternate term | ✓ |
description | Markdown String | provides context for the alternate term by which this weakness may be known. |
provides context for the alternate term by which this weakness may be known.
This entry is optional
the actual alternate term
This entry is required
Property | Type | Description | Required? |
---|---|---|---|
phase | SoftwarePhase String | identifies the point in the software life cycle at which the weakness may be introduced | ✓ |
note | Markdown String | provides a typical scenario related to introduction during the given phase |
provides a typical scenario related to introduction during the given phase
This entry is optional
identifies the point in the software life cycle at which the weakness may be introduced
This entry is required
Property | Type | Description | Required? |
---|---|---|---|
scopes | ConsequenceScope String List | identifies the security property that is violated | ✓ |
impacts | TechnicalImpact String List | describes the technical impact that arises if an adversary succeeds in exploiting this weakness | |
likelihood | HighMedLow String | how likely the specific consequence is expected to be seen relative to the other consequences | |
note | Markdown String | additional commentary about a consequence |
describes the technical impact that arises if an adversary succeeds in exploiting this weakness
This entry is optional
This entry's type is sequential (allows zero or more values)
how likely the specific consequence is expected to be seen relative to the other consequences
This entry is optional
additional commentary about a consequence
This entry is optional
identifies the security property that is violated
This entry is required
This entry's type is sequential (allows zero or more values)
Property | Type | Description | Required? |
---|---|---|---|
description | Markdown String | provide some context of how this method can be applied to a specific weakness | ✓ |
method | DetectionMethod String | identifies the particular detection method being described | ✓ |
effectiveness | DetectionEffectiveness String | how effective the detection method may be in detecting the associated weakness | |
effectiveness_notes | Markdown String | provides additional discussion of the strengths and shortcomings of this detection method |
provide some context of how this method can be applied to a specific weakness
This entry is required
how effective the detection method may be in detecting the associated weakness
This entry is optional
provides additional discussion of the strengths and shortcomings of this detection method
This entry is optional
identifies the particular detection method being described
This entry is required
Property | Type | Description | Required? |
---|---|---|---|
description | Markdown String | a description of this individual mitigation including any strengths and shortcomings of this mitigation for the weakness | ✓ |
effectiveness | Effectiveness String | summarizes how effective the mitigation may be in preventing the weakness | |
effectiveness_notes | Markdown String | ||
phases | SoftwarePhase String List | indicates the development life cycle phase during which this particular mitigation may be applied | |
strategy | MitigationStrategy String | a general strategy for protecting a system to which this mitigation contributes |
a description of this individual mitigation including any strengths and shortcomings of this mitigation for the weakness
This entry is required
summarizes how effective the mitigation may be in preventing the weakness
This entry is optional
This entry is optional
indicates the development life cycle phase during which this particular mitigation may be applied
This entry is optional
This entry's type is sequential (allows zero or more values)
a general strategy for protecting a system to which this mitigation contributes
This entry is optional
Property | Type | Description | Required? |
---|---|---|---|
note | Markdown String | ✓ | |
type | NoteType String | ✓ |
This entry is required
This entry is required
Can you improve this documentation? These fine people already did:
Guillaume Buisson & Matthieu SprunckEdit on GitHub
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close