vrt 0.8.1 → 0.9.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/lib/data/1.8/deprecated-node-mapping.json +149 -0
  3. data/lib/data/1.8/mappings/cvss_v3/cvss_v3.json +935 -0
  4. data/lib/data/1.8/mappings/cvss_v3/cvss_v3.schema.json +59 -0
  5. data/lib/data/1.8/mappings/cwe/cwe.json +453 -0
  6. data/lib/data/1.8/mappings/cwe/cwe.schema.json +63 -0
  7. data/lib/data/1.8/mappings/remediation_advice/remediation_advice.json +1381 -0
  8. data/lib/data/1.8/mappings/remediation_advice/remediation_advice.schema.json +75 -0
  9. data/lib/data/1.8/vrt.schema.json +63 -0
  10. data/lib/data/1.8/vulnerability-rating-taxonomy.json +1948 -0
  11. data/lib/vrt/version.rb +1 -1
  12. metadata +11 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7a9b0945ce4cf1cd7b3f58a3eed048be78e6ee4307936c33f760c92bac538a49
4
- data.tar.gz: ca3734147ff39f21405ae17a8924e8c3ee7f72bae5dbe0a71b491b59ad513204
3
+ metadata.gz: 4ffc04ce3879cc8016773cbda67bc24a449355946828e6d53683abf242707dc0
4
+ data.tar.gz: aabbb73143fb0fedeebc97eb9298676b80dc21abe356b0af431fd635ab156854
5
5
  SHA512:
6
- metadata.gz: 7e952334889437519060f996afe806a74041221f1f57e4b0ea2a5a6c2ac6bdaf3289589ac24a5ac626c7b43699d00f6b68d67781d62ba34208a9a307a91b6ecb
7
- data.tar.gz: 18883c0032324d4a40271ccc181ee8eefb72a01c3a864b7834589029829b157f4de4623e44e7a6e8b46fd6e98b3342f64fd5f2d595fb5e533afe68565ab659c4
6
+ metadata.gz: d29c54dbd498cdb582b629858ee0898482d40917804c51655b03be68274c2295c180fa8c6f49af2b12cce6cad1726e6cdeaca36ba2e39b29ed64348aace44639
7
+ data.tar.gz: 3fc202cf753324d584aa3226640c4e09a7466dddfafd8af12bb6ec827d99d184660b0f36e91742567633bde4ad23070cbb2f00de69447a7f259c37ad51b3fa04
data/lib/data/1.8/deprecated-node-mapping.json ADDED
@@ -0,0 +1,149 @@
1
+ {
2
+ "poor_physical_security": {
3
+ "1.1": "other"
4
+ },
5
+ "social_engineering": {
6
+ "1.1": "other"
7
+ },
8
+ "unvalidated_redirects_and_forwards.open_redirect.get_based_all_users": {
9
+ "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
10
+ },
11
+ "unvalidated_redirects_and_forwards.open_redirect.get_based_authenticated": {
12
+ "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
13
+ },
14
+ "unvalidated_redirects_and_forwards.open_redirect.get_based_unauthenticated": {
15
+ "1.2": "unvalidated_redirects_and_forwards.open_redirect.get_based"
16
+ },
17
+ "broken_authentication_and_session_management.session_token_in_url.over_https": {
18
+ "1.2": "sensitive_data_exposure.sensitive_token_in_url"
19
+ },
20
+ "broken_authentication_and_session_management.session_token_in_url.over_http": {
21
+ "1.2": "sensitive_data_exposure.sensitive_token_in_url"
22
+ },
23
+ "broken_authentication_and_session_management.session_token_in_url": {
24
+ "1.2": "sensitive_data_exposure.sensitive_token_in_url"
25
+ },
26
+ "insecure_data_transport": {
27
+ "1.2": "mobile_security_misconfiguration"
28
+ },
29
+ "insecure_data_transport.ssl_certificate_pinning": {
30
+ "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning"
31
+ },
32
+ "insecure_data_transport.ssl_certificate_pinning.absent": {
33
+ "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.absent"
34
+ },
35
+ "insecure_data_transport.ssl_certificate_pinning.defeatable": {
36
+ "1.2": "mobile_security_misconfiguration.ssl_certificate_pinning.defeatable"
37
+ },
38
+ "insecure_data_storage.credentials_stored_unencrypted": {
39
+ "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted"
40
+ },
41
+ "insecure_data_storage.credentials_stored_unencrypted.on_external_storage": {
42
+ "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_external_storage"
43
+ },
44
+ "insecure_data_storage.credentials_stored_unencrypted.on_internal_storage": {
45
+ "1.2": "insecure_data_storage.sensitive_application_data_stored_unencrypted.on_internal_storage"
46
+ },
47
+ "insufficient_security_configurability.weak_password_policy.complexity_both_length_and_char_type_not_enforced": {
48
+ "1.2": "insufficient_security_configurability.no_password_policy"
49
+ },
50
+ "missing_function_level_access_control": {
51
+ "1.3": "broken_access_control"
52
+ },
53
+ "missing_function_level_access_control.server_side_request_forgery_ssrf": {
54
+ "1.3": "broken_access_control.server_side_request_forgery_ssrf"
55
+ },
56
+ "missing_function_level_access_control.server_side_request_forgery_ssrf.internal": {
57
+ "1.3": "broken_access_control.server_side_request_forgery_ssrf.internal"
58
+ },
59
+ "missing_function_level_access_control.server_side_request_forgery_ssrf.external": {
60
+ "1.3": "broken_access_control.server_side_request_forgery_ssrf.external"
61
+ },
62
+ "missing_function_level_access_control.username_enumeration": {
63
+ "1.3": "broken_access_control.username_enumeration"
64
+ },
65
+ "missing_function_level_access_control.username_enumeration.data_leak": {
66
+ "1.3": "broken_access_control.username_enumeration.data_leak"
67
+ },
68
+ "missing_function_level_access_control.exposed_sensitive_android_intent": {
69
+ "1.3": "broken_access_control.exposed_sensitive_android_intent"
70
+ },
71
+ "missing_function_level_access_control.exposed_sensitive_ios_url_scheme": {
72
+ "1.3": "broken_access_control.exposed_sensitive_ios_url_scheme"
73
+ },
74
+ "insecure_direct_object_references_idor": {
75
+ "1.3": "broken_access_control.idor"
76
+ },
77
+ "broken_authentication_and_session_management.weak_login_function.over_http": {
78
+ "1.4": "broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default"
79
+ },
80
+ "cross_site_scripting_xss.ie_only.older_version_ie_10_11": {
81
+ "1.4": "cross_site_scripting_xss.ie_only.ie11"
82
+ },
83
+ "cross_site_scripting_xss.ie_only.older_version_ie10": {
84
+ "1.4": "cross_site_scripting_xss.ie_only.older_version_ie11"
85
+ },
86
+ "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_reset": {
87
+ "1.4": "broken_authentication_and_session_management.failure_to_invalidate_session.on_password_change"
88
+ },
89
+ "network_security_misconfiguration.telnet_enabled.credentials_required": {
90
+ "1.4": "broken_authentication_and_session_management.weak_login_function.other_plaintext_protocol_no_secure_alternative"
91
+ },
92
+ "server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_email_domain": {
93
+ "1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain"
94
+ },
95
+ "server_security_misconfiguration.mail_server_misconfiguration.email_spoofable_via_third_party_api_misconfiguration": {
96
+ "1.5": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain"
97
+ },
98
+ "cross_site_scripting_xss.stored.admin_to_anyone": {
99
+ "1.5": "cross_site_scripting_xss.stored.privileged_user_to_privilege_elevation"
100
+ },
101
+ "server_security_misconfiguration.misconfigured_dns.subdomain_takeover": {
102
+ "1.5": "server_security_misconfiguration.misconfigured_dns.basic_subdomain_takeover"
103
+ },
104
+ "server_security_misconfiguration.captcha_bypass": {
105
+ "1.5": "server_security_misconfiguration.captcha"
106
+ },
107
+ "server_security_misconfiguration.captcha_bypass.implementation_vulnerability": {
108
+ "1.5": "server_security_misconfiguration.captcha.implementation_vulnerability"
109
+ },
110
+ "server_security_misconfiguration.captcha_bypass.brute_force": {
111
+ "1.5": "server_security_misconfiguration.captcha.brute_force"
112
+ },
113
+ "broken_access_control.server_side_request_forgery_ssrf.internal": {
114
+ "1.6": "broken_access_control.server_side_request_forgery_ssrf.internal_high_impact"
115
+ },
116
+ "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_on_email_domain": {
117
+ "1.6": "server_security_misconfiguration.mail_server_misconfiguration.no_spoofing_protection_on_email_domain"
118
+ },
119
+ "server_security_misconfiguration.mail_server_misconfiguration.missing_spf_on_non_email_domain": {
120
+ "1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
121
+ },
122
+ "server_security_misconfiguration.mail_server_misconfiguration.spf_uses_a_soft_fail": {
123
+ "1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
124
+ },
125
+ "server_security_misconfiguration.mail_server_misconfiguration.spf_includes_10_lookups": {
126
+ "1.6": "server_security_misconfiguration.mail_server_misconfiguration.missing_or_misconfigured_spf_and_or_dkim"
127
+ },
128
+ "server_security_misconfiguration.mail_server_misconfiguration.missing_dmarc": {
129
+ "1.6": "server_security_misconfiguration.mail_server_misconfiguration.email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain"
130
+ },
131
+ "broken_access_control.username_enumeration.data_leak": {
132
+ "1.7": "broken_access_control.username_enumeration.non_brute_force"
133
+ },
134
+ "insufficient_security_configurability.weak_2fa_implementation": {
135
+ "1.7": "insufficient_security_configurability.weak_two_fa_implementation"
136
+ },
137
+ "sensitive_data_exposure.token_leakage_via_referer.trusted_3rd_party": {
138
+ "1.7": "sensitive_data_exposure.token_leakage_via_referer.trusted_third_party"
139
+ },
140
+ "sensitive_data_exposure.token_leakage_via_referer.untrusted_3rd_party": {
141
+ "1.7": "sensitive_data_exposure.token_leakage_via_referer.untrusted_third_party"
142
+ },
143
+ "cross_site_scripting_xss.ie_only.ie11": {
144
+ "1.7": "cross_site_scripting_xss.ie_only.ie_eleven"
145
+ },
146
+ "cross_site_scripting_xss.ie_only.older_version_ie11": {
147
+ "1.7": "cross_site_scripting_xss.ie_only.older_version_ie_eleven"
148
+ }
149
+ }
data/lib/data/1.8/mappings/cvss_v3/cvss_v3.json ADDED
@@ -0,0 +1,935 @@
1
+ {
2
+ "metadata": {
3
+ "default": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
4
+ },
5
+ "content": [
6
+ {
7
+ "id": "server_security_misconfiguration",
8
+ "children": [
9
+ {
10
+ "id": "unsafe_cross_origin_resource_sharing",
11
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
12
+ },
13
+ {
14
+ "id": "path_traversal",
15
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
16
+ },
17
+ {
18
+ "id": "directory_listing_enabled",
19
+ "children": [
20
+ {
21
+ "id": "sensitive_data_exposure",
22
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
23
+ },
24
+ {
25
+ "id": "non_sensitive_data_exposure",
26
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
27
+ }
28
+ ]
29
+ },
30
+ {
31
+ "id": "same_site_scripting",
32
+ "cvss_v3": "AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"
33
+ },
34
+ {
35
+ "id": "ssl_attack_breach_poodle_etc",
36
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
37
+ },
38
+ {
39
+ "id": "using_default_credentials",
40
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
41
+ },
42
+ {
43
+ "id": "misconfigured_dns",
44
+ "children": [
45
+ {
46
+ "id": "basic_subdomain_takeover",
47
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
48
+ },
49
+ {
50
+ "id": "high_impact_subdomain_takeover",
51
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
52
+ },
53
+ {
54
+ "id": "zone_transfer",
55
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
56
+ },
57
+ {
58
+ "id": "missing_caa_record",
59
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
60
+ }
61
+ ]
62
+ },
63
+ {
64
+ "id": "mail_server_misconfiguration",
65
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
66
+ "children": [
67
+ {
68
+ "id": "no_spoofing_protection_on_email_domain",
69
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
70
+ },
71
+ {
72
+ "id": "email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain",
73
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
74
+ }
75
+ ]
76
+ },
77
+ {
78
+ "id": "dbms_misconfiguration",
79
+ "children": [
80
+ {
81
+ "id": "excessively_privileged_user_dba",
82
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N"
83
+ }
84
+ ]
85
+ },
86
+ {
87
+ "id": "lack_of_password_confirmation",
88
+ "cvss_v3": "AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
89
+ "children": [
90
+ {
91
+ "id": "manage_two_fa",
92
+ "cvss_v3": "AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"
93
+ }
94
+ ]
95
+ },
96
+ {
97
+ "id": "no_rate_limiting_on_form",
98
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
99
+ "children": [
100
+ {
101
+ "id": "login",
102
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
103
+ }
104
+ ]
105
+ },
106
+ {
107
+ "id": "unsafe_file_upload",
108
+ "children": [
109
+ {
110
+ "id": "no_antivirus",
111
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N"
112
+ },
113
+ {
114
+ "id": "no_size_limit",
115
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
116
+ },
117
+ {
118
+ "id": "file_extension_filter_bypass",
119
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
120
+ }
121
+ ]
122
+ },
123
+ {
124
+ "id": "cookie_scoped_to_parent_domain",
125
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
126
+ },
127
+ {
128
+ "id": "missing_secure_or_httponly_cookie_flag",
129
+ "children": [
130
+ {
131
+ "id": "session_token",
132
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
133
+ },
134
+ {
135
+ "id": "non_session_cookie",
136
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
137
+ }
138
+ ]
139
+ },
140
+ {
141
+ "id": "clickjacking",
142
+ "children": [
143
+ {
144
+ "id": "sensitive_action",
145
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
146
+ },
147
+ {
148
+ "id": "form_input",
149
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
150
+ },
151
+ {
152
+ "id": "non_sensitive_action",
153
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
154
+ }
155
+ ]
156
+ },
157
+ {
158
+ "id": "oauth_misconfiguration",
159
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
160
+ "children": [
161
+ {
162
+ "id": "account_takeover",
163
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
164
+ }
165
+ ]
166
+ },
167
+ {
168
+ "id": "captcha",
169
+ "children": [
170
+ {
171
+ "id": "implementation_vulnerability",
172
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
173
+ },
174
+ {
175
+ "id": "brute_force",
176
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
177
+ },
178
+ {
179
+ "id": "missing",
180
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
181
+ }
182
+ ]
183
+ },
184
+ {
185
+ "id": "exposed_admin_portal",
186
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
187
+ },
188
+ {
189
+ "id": "missing_dnssec",
190
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
191
+ },
192
+ {
193
+ "id": "fingerprinting_banner_disclosure",
194
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
195
+ },
196
+ {
197
+ "id": "username_enumeration",
198
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
199
+ },
200
+ {
201
+ "id": "potentially_unsafe_http_method_enabled",
202
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
203
+ },
204
+ {
205
+ "id": "insecure_ssl",
206
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
207
+ },
208
+ {
209
+ "id": "rfd",
210
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N"
211
+ },
212
+ {
213
+ "id": "lack_of_security_headers",
214
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
215
+ "children": [
216
+ {
217
+ "id": "cache_control_for_a_sensitive_page",
218
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
219
+ }
220
+ ]
221
+ },
222
+ {
223
+ "id": "waf_bypass",
224
+ "children": [
225
+ {
226
+ "id": "direct_server_access",
227
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
228
+ }
229
+ ]
230
+ },
231
+ {
232
+ "id": "race_condition",
233
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
234
+ },
235
+ {
236
+ "id": "cache_poisoning",
237
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
238
+ },
239
+ {
240
+ "id": "bitsquatting",
241
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
242
+ }
243
+ ]
244
+ },
245
+ {
246
+ "id": "server_side_injection",
247
+ "children": [
248
+ {
249
+ "id": "file_inclusion",
250
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
251
+ },
252
+ {
253
+ "id": "parameter_pollution",
254
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
255
+ },
256
+ {
257
+ "id": "remote_code_execution_rce",
258
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
259
+ },
260
+ {
261
+ "id": "sql_injection",
262
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
263
+ },
264
+ {
265
+ "id": "xml_external_entity_injection_xxe",
266
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
267
+ },
268
+ {
269
+ "id": "http_response_manipulation",
270
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
271
+ },
272
+ {
273
+ "id": "content_spoofing",
274
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N",
275
+ "children": [
276
+ {
277
+ "id": "iframe_injection",
278
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
279
+ },
280
+ {
281
+ "id": "external_authentication_injection",
282
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
283
+ },
284
+ {
285
+ "id": "flash_based_external_authentication_injection",
286
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
287
+ },
288
+ {
289
+ "id": "email_html_injection",
290
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
291
+ }
292
+ ]
293
+ }
294
+ ]
295
+ },
296
+ {
297
+ "id": "broken_authentication_and_session_management",
298
+ "children": [
299
+ {
300
+ "id": "authentication_bypass",
301
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
302
+ },
303
+ {
304
+ "id": "two_fa_bypass",
305
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
306
+ },
307
+ {
308
+ "id": "privilege_escalation",
309
+ "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
310
+ },
311
+ {
312
+ "id": "cleartext_transmission_of_session_token",
313
+ "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
314
+ },
315
+ {
316
+ "id": "weak_login_function",
317
+ "children": [
318
+ {
319
+ "id": "not_operational",
320
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
321
+ },
322
+ {
323
+ "id": "other_plaintext_protocol_no_secure_alternative",
324
+ "cvss_v3": "AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
325
+ },
326
+ {
327
+ "id": "lan_only",
328
+ "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
329
+ },
330
+ {
331
+ "id": "http_and_https_available",
332
+ "cvss_v3": "AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
333
+ },
334
+ {
335
+ "id": "https_not_available_or_http_by_default",
336
+ "cvss_v3": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
337
+ }
338
+ ]
339
+ },
340
+ {
341
+ "id": "session_fixation",
342
+ "children": [
343
+ {
344
+ "id": "remote_attack_vector",
345
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
346
+ },
347
+ {
348
+ "id": "local_attack_vector",
349
+ "cvss_v3": "AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"
350
+ }
351
+ ]
352
+ },
353
+ {
354
+ "id": "failure_to_invalidate_session",
355
+ "children": [
356
+ {
357
+ "id": "on_logout",
358
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
359
+ },
360
+ {
361
+ "id": "on_logout_server_side_only",
362
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
363
+ },
364
+ {
365
+ "id": "on_password_change",
366
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
367
+ },
368
+ {
369
+ "id": "all_sessions",
370
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
371
+ },
372
+ {
373
+ "id": "on_email_change",
374
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
375
+ },
376
+ {
377
+ "id": "on_two_fa_activation_change",
378
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
379
+ },
380
+ {
381
+ "id": "long_timeout",
382
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
383
+ }
384
+ ]
385
+ },
386
+ {
387
+ "id": "concurrent_logins",
388
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
389
+ },
390
+ {
391
+ "id": "weak_registration_implementation",
392
+ "cvss_v3": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
393
+ }
394
+ ]
395
+ },
396
+ {
397
+ "id": "sensitive_data_exposure",
398
+ "children": [
399
+ {
400
+ "id": "critically_sensitive_data",
401
+ "children": [
402
+ {
403
+ "id": "password_disclosure",
404
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
405
+ },
406
+ {
407
+ "id": "private_api_keys",
408
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
409
+ }
410
+ ]
411
+ },
412
+ {
413
+ "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
414
+ "children": [
415
+ {
416
+ "id": "automatic_user_enumeration",
417
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
418
+ },
419
+ {
420
+ "id": "manual_user_enumeration",
421
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
422
+ }
423
+ ]
424
+ },
425
+ {
426
+ "id": "visible_detailed_error_page",
427
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
428
+ "children": [
429
+ {
430
+ "id": "detailed_server_configuration",
431
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
432
+ }
433
+ ]
434
+ },
435
+ {
436
+ "id": "disclosure_of_known_public_information",
437
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
438
+ },
439
+ {
440
+ "id": "token_leakage_via_referer",
441
+ "children": [
442
+ {
443
+ "id": "trusted_third_party",
444
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
445
+ },
446
+ {
447
+ "id": "untrusted_third_party",
448
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"
449
+ },
450
+ {
451
+ "id": "over_http",
452
+ "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"
453
+ }
454
+ ]
455
+ },
456
+ {
457
+ "id": "sensitive_token_in_url",
458
+ "cvss_v3": "AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
459
+ },
460
+ {
461
+ "id": "non_sensitive_token_in_url",
462
+ "cvss_v3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
463
+ },
464
+ {
465
+ "id": "weak_password_reset_implementation",
466
+ "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
467
+ "children": [
468
+ {
469
+ "id": "token_leakage_via_host_header_poisoning",
470
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"
471
+ }
472
+ ]
473
+ },
474
+ {
475
+ "id": "mixed_content",
476
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N"
477
+ },
478
+ {
479
+ "id": "sensitive_data_hardcoded",
480
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
481
+ },
482
+ {
483
+ "id": "internal_ip_disclosure",
484
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
485
+ },
486
+ {
487
+ "id": "xssi",
488
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
489
+ },
490
+ {
491
+ "id": "json_hijacking",
492
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
493
+ }
494
+ ]
495
+ },
496
+ {
497
+ "id": "cross_site_scripting_xss",
498
+ "children": [
499
+ {
500
+ "id": "stored",
501
+ "children": [
502
+ {
503
+ "id": "non_admin_to_anyone",
504
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"
505
+ },
506
+ {
507
+ "id": "privileged_user_to_privilege_elevation",
508
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"
509
+ },
510
+ {
511
+ "id": "privileged_user_to_no_privilege_elevation",
512
+ "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"
513
+ },
514
+ {
515
+ "id": "url_based",
516
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
517
+ },
518
+ {
519
+ "id": "self",
520
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
521
+ }
522
+ ]
523
+ },
524
+ {
525
+ "id": "reflected",
526
+ "children": [
527
+ {
528
+ "id": "non_self",
529
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
530
+ },
531
+ {
532
+ "id": "self",
533
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
534
+ }
535
+ ]
536
+ },
537
+ {
538
+ "id": "flash_based",
539
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
540
+ },
541
+ {
542
+ "id": "cookie_based",
543
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N"
544
+ },
545
+ {
546
+ "id": "ie_only",
547
+ "children": [
548
+ {
549
+ "id": "ie_eleven",
550
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
551
+ },
552
+ {
553
+ "id": "xss_filter_disabled",
554
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
555
+ },
556
+ {
557
+ "id": "older_version_ie_eleven",
558
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N"
559
+ }
560
+ ]
561
+ },
562
+ {
563
+ "id": "referer",
564
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
565
+ },
566
+ {
567
+ "id": "trace_method",
568
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
569
+ },
570
+ {
571
+ "id": "universal_uxss",
572
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
573
+ },
574
+ {
575
+ "id": "off_domain",
576
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
577
+ }
578
+ ]
579
+ },
580
+ {
581
+ "id": "broken_access_control",
582
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
583
+ "children": [
584
+ {
585
+ "id": "server_side_request_forgery_ssrf",
586
+ "children": [
587
+ {
588
+ "id": "internal_high_impact",
589
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
590
+ },
591
+ {
592
+ "id": "internal_scan_and_or_medium_impact",
593
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
594
+ },
595
+ {
596
+ "id": "external",
597
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"
598
+ }
599
+ ]
600
+ },
601
+ {
602
+ "id": "username_enumeration",
603
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
604
+ }
605
+ ]
606
+ },
607
+ {
608
+ "id": "cross_site_request_forgery_csrf",
609
+ "children": [
610
+ {
611
+ "id": "application_wide",
612
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"
613
+ },
614
+ {
615
+ "id": "action_specific",
616
+ "children": [
617
+ {
618
+ "id": "authenticated_action",
619
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N"
620
+ },
621
+ {
622
+ "id": "unauthenticated_action",
623
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
624
+ },
625
+ {
626
+ "id": "logout",
627
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
628
+ }
629
+ ]
630
+ },
631
+ {
632
+ "id": "csrf_token_not_unique_per_request",
633
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
634
+ }
635
+ ]
636
+ },
637
+ {
638
+ "id": "application_level_denial_of_service_dos",
639
+ "children": [
640
+ {
641
+ "id": "critical_impact_and_or_easy_difficulty",
642
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
643
+ },
644
+ {
645
+ "id": "high_impact_and_or_medium_difficulty",
646
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
647
+ },
648
+ {
649
+ "id": "app_crash",
650
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
651
+ }
652
+ ]
653
+ },
654
+ {
655
+ "id": "unvalidated_redirects_and_forwards",
656
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
657
+ "children": [
658
+ {
659
+ "id": "open_redirect",
660
+ "children": [
661
+ {
662
+ "id": "get_based",
663
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
664
+ }
665
+ ]
666
+ }
667
+ ]
668
+ },
669
+ {
670
+ "id": "external_behavior",
671
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
672
+ },
673
+ {
674
+ "id": "insufficient_security_configurability",
675
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
676
+ "children": [
677
+ {
678
+ "id": "no_password_policy",
679
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
680
+ },
681
+ {
682
+ "id": "weak_password_reset_implementation",
683
+ "children": [
684
+ {
685
+ "id": "token_is_not_invalidated_after_use",
686
+ "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
687
+ }
688
+ ]
689
+ },
690
+ {
691
+ "id": "weak_two_fa_implementation",
692
+ "children": [
693
+ {
694
+ "id": "two_fa_secret_cannot_be_rotated",
695
+ "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
696
+ },
697
+ {
698
+ "id": "two_fa_secret_remains_obtainable_after_two_fa_is_enabled",
699
+ "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
700
+ }
701
+ ]
702
+ }
703
+ ]
704
+ },
705
+ {
706
+ "id": "using_components_with_known_vulnerabilities",
707
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
708
+ "children": [
709
+ {
710
+ "id": "rosetta_flash",
711
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
712
+ }
713
+ ]
714
+ },
715
+ {
716
+ "id": "insecure_data_storage",
717
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
718
+ "children": [
719
+ {
720
+ "id": "sensitive_application_data_stored_unencrypted",
721
+ "children": [
722
+ {
723
+ "id": "on_external_storage",
724
+ "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
725
+ }
726
+ ]
727
+ },
728
+ {
729
+ "id": "server_side_credentials_storage",
730
+ "children": [
731
+ {
732
+ "id": "plaintext",
733
+ "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N"
734
+ }
735
+ ]
736
+ }
737
+ ]
738
+ },
739
+ {
740
+ "id": "lack_of_binary_hardening",
741
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
742
+ },
743
+ {
744
+ "id": "insecure_data_transport",
745
+ "children": [
746
+ {
747
+ "id": "cleartext_transmission_of_sensitive_data",
748
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
749
+ },
750
+ {
751
+ "id": "executable_download",
752
+ "children": [
753
+ {
754
+ "id": "no_secure_integrity_check",
755
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"
756
+ },
757
+ {
758
+ "id": "secure_integrity_check",
759
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N"
760
+ }
761
+ ]
762
+ }
763
+ ]
764
+ },
765
+ {
766
+ "id": "insecure_os_firmware",
767
+ "children": [
768
+ {
769
+ "id": "command_injection",
770
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
771
+ },
772
+ {
773
+ "id": "hardcoded_password",
774
+ "children": [
775
+ {
776
+ "id": "privileged_user",
777
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
778
+ },
779
+ {
780
+ "id": "non_privileged_user",
781
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
782
+ }
783
+ ]
784
+ }
785
+ ]
786
+ },
787
+ {
788
+ "id": "broken_cryptography",
789
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
790
+ },
791
+ {
792
+ "id": "privacy_concerns",
793
+ "children": [
794
+ {
795
+ "id": "unnecessary_data_collection",
796
+ "children": [
797
+ {
798
+ "id": "wifi_ssid_password",
799
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
800
+ }
801
+ ]
802
+ }
803
+ ]
804
+ },
805
+ {
806
+ "id": "network_security_misconfiguration",
807
+ "children": [
808
+ {
809
+ "id": "telnet_enabled",
810
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
811
+ }
812
+ ]
813
+ },
814
+ {
815
+ "id": "mobile_security_misconfiguration",
816
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
817
+ "children": [
818
+ {
819
+ "id": "clipboard_enabled",
820
+ "cvss_v3": "AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"
821
+ }
822
+ ]
823
+ },
824
+ {
825
+ "id": "client_side_injection",
826
+ "children": [
827
+ {
828
+ "id": "binary_planting",
829
+ "children": [
830
+ {
831
+ "id": "privilege_escalation",
832
+ "cvss_v3": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
833
+ },
834
+ {
835
+ "id": "non_default_folder_privilege_escalation",
836
+ "cvss_v3": "AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"
837
+ },
838
+ {
839
+ "id": "no_privilege_escalation",
840
+ "cvss_v3": "AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
841
+ }
842
+ ]
843
+ }
844
+ ]
845
+ },
846
+ {
847
+ "id": "automotive_security_misconfiguration",
848
+ "children": [
849
+ {
850
+ "id": "infotainment",
851
+ "children": [
852
+ {
853
+ "id": "pii_leakage",
854
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
855
+ },
856
+ {
857
+ "id": "code_execution_can_bus_pivot",
858
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
859
+ },
860
+ {
861
+ "id": "code_execution_no_can_bus_pivot",
862
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"
863
+ },
864
+ {
865
+ "id": "unauthorized_access_to_services",
866
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"
867
+ },
868
+ {
869
+ "id": "source_code_dump",
870
+ "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
871
+ },
872
+ {
873
+ "id": "dos_brick",
874
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
875
+ },
876
+ {
877
+ "id": "default_credentials",
878
+ "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
879
+ }
880
+ ]
881
+ },
882
+ {
883
+ "id": "rf_hub",
884
+ "children": [
885
+ {
886
+ "id": "key_fob_cloning",
887
+ "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
888
+ },
889
+ {
890
+ "id": "can_injection_interaction",
891
+ "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
892
+ },
893
+ {
894
+ "id": "data_leakage_pull_encryption_mechanism",
895
+ "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
896
+ },
897
+ {
898
+ "id": "unauthorized_access_turn_on",
899
+ "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
900
+ },
901
+ {
902
+ "id": "roll_jam",
903
+ "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
904
+ },
905
+ {
906
+ "id": "replay",
907
+ "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
908
+ },
909
+ {
910
+ "id": "relay",
911
+ "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
912
+ }
913
+ ]
914
+ },
915
+ {
916
+ "id": "can",
917
+ "children": [
918
+ {
919
+ "id": "injection_disallowed_messages",
920
+ "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
921
+ },
922
+ {
923
+ "id": "injection_dos",
924
+ "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
925
+ }
926
+ ]
927
+ }
928
+ ]
929
+ },
930
+ {
931
+ "id": "indicators_of_compromise",
932
+ "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
933
+ }
934
+ ]
935
+ }