# Vulnerability
<a name="API_Vulnerability"></a>

A vulnerability associated with a finding.

## Contents
<a name="API_Vulnerability_Contents"></a>

 ** Id **   <a name="securityhub-Type-Vulnerability-Id"></a>
The identifier of the vulnerability.  
Type: String  
Pattern: `.*\S.*`   
Required: Yes

 ** CodeVulnerabilities **   <a name="securityhub-Type-Vulnerability-CodeVulnerabilities"></a>
The vulnerabilities found in your AWS Lambda function code. This field pertains to findings that AWS Security Hub CSPM receives from Amazon Inspector.   
Type: Array of [VulnerabilityCodeVulnerabilities](API_VulnerabilityCodeVulnerabilities.md) objects  
Required: No

 ** Cvss **   <a name="securityhub-Type-Vulnerability-Cvss"></a>
CVSS scores from the advisory related to the vulnerability.  
Type: Array of [Cvss](API_Cvss.md) objects  
Required: No

 ** EpssScore **   <a name="securityhub-Type-Vulnerability-EpssScore"></a>
The Exploit Prediction Scoring System (EPSS) score for a finding.   
Type: Double  
Required: No

 ** ExploitAvailable **   <a name="securityhub-Type-Vulnerability-ExploitAvailable"></a>
Whether an exploit is available for a finding.   
Type: String  
Valid Values: `YES | NO`   
Required: No

 ** FixAvailable **   <a name="securityhub-Type-Vulnerability-FixAvailable"></a>
Specifies if all vulnerable packages in a finding have a value for `FixedInVersion` and `Remediation`. This field is evaluated for each vulnerability `Id` based on the number of vulnerable packages that have a value for both `FixedInVersion` and `Remediation`. Valid values are as follows:  
+  `YES` if all vulnerable packages have a value for both `FixedInVersion` and `Remediation` 
+  `NO` if no vulnerable packages have a value for `FixedInVersion` and `Remediation` 
+  `PARTIAL` otherwise
Type: String  
Valid Values: `YES | NO | PARTIAL`   
Required: No

 ** LastKnownExploitAt **   <a name="securityhub-Type-Vulnerability-LastKnownExploitAt"></a>
 The date and time of the last exploit associated with a finding discovered in your environment.   
Type: String  
Pattern: `.*\S.*`   
Required: No

 ** ReferenceUrls **   <a name="securityhub-Type-Vulnerability-ReferenceUrls"></a>
A list of URLs that provide additional information about the vulnerability.  
Type: Array of strings  
Pattern: `.*\S.*`   
Required: No

 ** RelatedVulnerabilities **   <a name="securityhub-Type-Vulnerability-RelatedVulnerabilities"></a>
List of vulnerabilities that are related to this vulnerability.  
Type: Array of strings  
Pattern: `.*\S.*`   
Required: No

 ** Vendor **   <a name="securityhub-Type-Vulnerability-Vendor"></a>
Information about the vendor that generates the vulnerability report.  
Type: [VulnerabilityVendor](API_VulnerabilityVendor.md) object  
Required: No

 ** VulnerablePackages **   <a name="securityhub-Type-Vulnerability-VulnerablePackages"></a>
List of software packages that have the vulnerability.  
Type: Array of [SoftwarePackage](API_SoftwarePackage.md) objects  
Required: No

## See Also
<a name="API_Vulnerability_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/securityhub-2018-10-26/Vulnerability) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/securityhub-2018-10-26/Vulnerability) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/securityhub-2018-10-26/Vulnerability)