Vulnerability

A vulnerability associated with a finding.

Id

The identifier of the vulnerability.

Type: String

Pattern: .*\S.*

Required: Yes

CodeVulnerabilities

The vulnerabilities found in your AWS Lambda function code. This field pertains to findings that AWS Security Hub receives from Amazon Inspector.

Type: Array of VulnerabilityCodeVulnerabilities objects

Required: No

Cvss

CVSS scores from the advisory related to the vulnerability.

Type: Array of Cvss objects

Required: No

EpssScore

The Exploit Prediction Scoring System (EPSS) score for a finding.

Type: Double

Required: No

ExploitAvailable

Whether an exploit is available for a finding.

Type: String

Valid Values: YES | NO

Required: No

FixAvailable

Specifies if all vulnerable packages in a finding have a value for FixedInVersion and Remediation. This field is evaluated for each vulnerability Id based on the number of vulnerable packages that have a value for both FixedInVersion and Remediation. Valid values are as follows:

YES if all vulnerable packages have a value for both FixedInVersion and Remediation
NO if no vulnerable packages have a value for FixedInVersion and Remediation
PARTIAL otherwise

Type: String

Valid Values: YES | NO | PARTIAL

Required: No

LastKnownExploitAt

The date and time of the last exploit associated with a finding discovered in your environment.

Type: String

Pattern: .*\S.*

Required: No

ReferenceUrls

A list of URLs that provide additional information about the vulnerability.

Type: Array of strings

Pattern: .*\S.*

Required: No

RelatedVulnerabilities

List of vulnerabilities that are related to this vulnerability.

Type: Array of strings

Pattern: .*\S.*

Required: No

Vendor

Information about the vendor that generates the vulnerability report.

Type: VulnerabilityVendor object

Required: No

VulnerablePackages

List of software packages that have the vulnerability.

Type: Array of SoftwarePackage objects

Required: No

Vulnerability

Contents

See Also