Vulnerability - Amazon Security Hub
ContentsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Vulnerability

A vulnerability associated with a finding.

Contents

Id

The identifier of the vulnerability.

Type: String

Pattern: .*\S.*

Required: Yes

Cvss

CVSS scores from the advisory related to the vulnerability.

Type: Array of Cvss objects

Required: No

FixAvailable

Specifies if all vulnerable packages in a finding have a value for FixedInVersion and Remediation. This field is evaluated for each vulnerability Id based on the number of vulnerable packages that have a value for both FixedInVersion and Remediation. Valid values are as follows:

  • YES if all vulnerable packages have a value for both FixedInVersion and Remediation

  • NO if no vulnerable packages have a value for FixedInVersion and Remediation

  • PARTIAL otherwise

Type: String

Valid Values: YES | NO | PARTIAL

Required: No

ReferenceUrls

A list of URLs that provide additional information about the vulnerability.

Type: Array of strings

Pattern: .*\S.*

Required: No

RelatedVulnerabilities

List of vulnerabilities that are related to this vulnerability.

Type: Array of strings

Pattern: .*\S.*

Required: No

Vendor

Information about the vendor that generates the vulnerability report.

Type: VulnerabilityVendor object

Required: No

VulnerablePackages

List of software packages that have the vulnerability.

Type: Array of SoftwarePackage objects

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: