Sign-up

VARIoT database entry ontology

Revision:
1.1
Authors:
https://www.en.nask.pl
Download serialization:
JSON-LD RDF/XML N-Triples TTL
License:
http://creativecommons.org/licenses/by-sa/4.0/
Visualization:
Visualize with WebVowl
Cite as:
https://www.en.nask.pl. VARIoT database entry ontology. Revision: 1.1.
Ontology Specification Draft

Abstract

description of a VARIoT database entry

VARIoT database entry ontology: Overview back to ToC

This ontology has the following classes and properties.

Classes

Object Properties

Data Properties

Annotation Properties

VARIoT database entry ontology: Description back to ToC

This is a placeholder text for the description of your ontology. The description should include an explanation and a diagram explaining how the classes are related, examples of usage, etc.

Cross-reference for VARIoT database entry ontology classes, object properties and data properties back to ToC

This section provides details for each class and property defined by VARIoT database entry ontology.

Classes

affected productsc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/affected_products

Products (hardware or software) affected by the vulnerability
is in domain of
has sources op, model dp, scope dp, trust dp, vendor dp
is in range of
has affected products op

configurationsc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/configurations

Configurations of vulnerable software and hardware
is in domain of
c v e data version dp, cpe22 uri dp, cpe23 uri dp, has sources op, operator dp, vulnerable dp
is in range of
has configurations op

creditsc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/credits

A Person, a group of people or an organisation who disclosed information
is in domain of
data dp, has sources op, trust dp
is in range of
has credits op

cvec back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/cve

List of CVE identifiers matching an information in the entry
is in domain of
cve id dp, trust dp

cvssc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/cvss

Attack vectors and severity assessment of the vulnerability
has sub-classes
cvss v2 c, cvss v3 c, severity c
is in range of
has cvss op

cvss v2c back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2

CVSS data in V2 format
has super-classes
cvss c
is in domain of
access complexity dp, access vector dp, authentication dp, author dp, availability impact dp, base score dp, confidentiality impact dp, exploitability dp, exploitability score dp, id dp, impact score dp, integrity impact dp, obtain all privilege dp, obtain other privilege dp, obtain user privilege dp, remediation level dp, report confidence dp, severity dp, user interaction required dp, vector string dp, version dp

cvss v3c back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3

CVSS data in V3 format
has super-classes
cvss c
is in domain of
attack complexity dp, attack vector dp, author dp, availability impact dp, base score dp, base severity dp, confidentiality impact dp, id dp, impact score dp, integrity impact dp, privileges required dp, scope dp, trust dp, user interaction dp, vector string dp, version dp

descriptionc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/description

Description of the entry
is in domain of
data dp, trust dp
is in range of
has description op

exploitc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/exploit

Code and/or instructions how to exploit the vulnerability
is in domain of
data dp, trust dp
is in range of
has exploit op

exploit availabilityc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/exploit_availability

Links to the external resources with code exploiting the vulnerability
is in domain of
has sources op, reference dp, trust dp, type dp
is in range of
has exploit availability op

exploit hashc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/exploit_hash

List of exploit's hashes (retrieved from the sources and computed locally)
has sub-classes
local c, source c
is in range of
has exploit hash op

exploit languagec back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/exploit_language

Information about the coding language used to develop the exploit
is in domain of
data dp, trust dp
is in range of
has exploit language op

external idsc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/external_ids

List of identifiers of entries from other databases related to the entry
is in domain of
db dp, has sources op, id dp, trust dp
is in range of
has external ids op

iotc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/iot

Indicates whether entry is IoT related or not
is in domain of
data dp, trust dp
is in range of
is iot op

iot taxonomyc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/iot_taxonomy

Describes category and subcategory of the vulnerable IoT device
is in domain of
category dp, subcategory dp, trust dp
is in range of
has iot taxonomy op

localc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/exploit_hash/local

List of exploit's hashes computed locally after downloading exploit's content
has super-classes
exploit hash c
is in domain of
md5 dp, sha 1 dp, sha 256 dp

patchc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/patch

Information about available patch or workaround
is in domain of
title dp, trust dp, url dp
is in range of
has patch op

pricec back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/price

Price of the exploit
is in domain of
data dp, trust dp
is in range of
has price op

problemtype datac back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/problemtype_data

Type of the vulnerability as CWE identifier
is in domain of
problemtype dp, trust dp
is in range of
has problemtype data op

referencesc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/references

Links to external sources for a further reading
is in domain of
has sources op, trust dp, url dp
is in range of
has references op

severityc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/cvss/severity

Severity of the vulnerability
has super-classes
cvss c
is in domain of
author dp, id dp, trust dp, value dp

sourcec back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/expolit_hash/source

List of the exploit's hashes obtained from the source of information
has super-classes
exploit hash c
is in domain of
md5 dp, sha 1 dp, sha 256 dp

sourcesc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/sources

Sources of the information (entries from external databases)
is in domain of
db dp, id dp
is in range of
has sources op

sources release datec back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/sources_release_date

When information showed first time in the source database
is in domain of
date dp, db dp, id dp
is in range of
has sources release date op

sources update datec back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/sources_update_date

When given information has been updated in the source
is in domain of
date dp, db dp, id dp
is in range of
has source update date op

tagsc back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/tags

List of tags describing information in the entry
is in domain of
tag dp, trust dp
is in range of
has tags op

threat typec back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/threat_type

Type of the threat
is in domain of
data dp, has sources op, trust dp
is in range of
has threat type op

titlec back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/title

Short desciption of the vulnerability
is in domain of
data dp, has sources op, trust dp
is in range of
has title op

typec back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/type

Type of the vulnerability
is in domain of
data dp, has sources op, trust dp
is in range of
has type op

vulnerability typec back to ToC or Class ToC

IRI: https://www.variotdbs.pl/ref/vulnerability_type

Type of the vulnerability
is in domain of
data dp, has sources op, trust dp
is in range of
has vulnerability type op

Object Properties

has affected productsop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_affected_products

has characteristics: functional

has domain
v a r io tentry c
has range
affected products c

has configurationsop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_configurations

has domain
v a r io tentry c
has range
configurations c

has creditsop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_credits

has domain
v a r io tentry c
has range
credits c

has cvssop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_cvss

has domain
v a r io tentry c
has range
cvss c

has descriptionop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_description

has domain
v a r io tentry c
has range
description c

has exploitop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/has_exploit

has domain
v a r io tentry c
has range
exploit c

has exploit availabilityop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_exploit_availability

has domain
v a r io tentry c
has range
exploit availability c

has exploit hashop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/has_exploit_hash

has domain
v a r io tentry c
has range
exploit hash c

has exploit languageop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/has_exploit_language

has domain
v a r io tentry c
has range
exploit language c

has external idsop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_external_ids

has domain
v a r io tentry c
has range
external ids c

has iot taxonomyop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_iot_taxonomy

has domain
v a r io tentry c
has range
iot taxonomy c

has patchop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_patch

has domain
v a r io tentry c
has range
patch c

has priceop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/has_price

has domain
v a r io tentry c
has range
price c

has problemtype dataop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_problemtype_data

has domain
v a r io tentry c
has range
problemtype data c

has referencesop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_references

has domain
v a r io tentry c
has range
references c

has source update dateop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_source_update_date

has domain
v a r io tentry c
has range
sources update date c

has sourcesop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_sources

has domain
affected products c
configurations c
credits c
exploit availability c
external ids c
references c
threat type c
title c
type c
vulnerability type c
has range
sources c

has sources release dateop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_sources_release_date

has domain
v a r io tentry c
has range
sources release date c

has tagsop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/has_tags

has domain
v a r io tentry c
has range
tags c

has threat typeop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_threat_type

has domain
v a r io tentry c
has range
threat type c

has titleop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_title

has domain
v a r io tentry c
has range
title c

has typeop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_type

has domain
v a r io tentry c
has range
type c

has vulnerability typeop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#has_vulnerability_type

has domain
v a r io tentry c
has range
vulnerability type c

is iotop back to ToC or Object Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#is_iot

has domain
v a r io tentry c
has range
iot c

Data Properties

access complexitydp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#accessComplexity

This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system. For example, consider a buffer overflow in an Internet service: once the target system is located, the attacker can launch an exploit at will. Other vulnerabilities, however, may require additional steps in order to be exploited. For example, a vulnerability in an email client is only exploited after the user downloads and opens a tainted attachment. The possible values for this metric are: HIGH, MEDIUM, LOW. The lower the required complexity, the higher the vulnerability score. https://www.first.org/cvss/v2/guide#2-1-2-Access-Complexity-AC
has domain
cvss v2 c
has range
string

access vectordp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#accessVector

This metric reflects how the vulnerability is exploited. The possible values for this metric are: LOCAL, ADJACENT NETWORK, NETWORK. The more remote an attacker can be to attack a host, the greater the vulnerability score. https://www.first.org/cvss/v2/guide#2-1-1-Access-Vector-AV
has domain
cvss v2 c
has range
string

attack complexitydp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#attackComplexity

This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. As described below, such conditions may require the collection of more information about the target, or computational exceptions. Importantly, the assessment of this metric excludes any requirements for user interaction in order to exploit the vulnerability (such conditions are captured in the User Interaction metric). If a specific configuration is required for an attack to succeed, the Base metrics should be scored assuming the vulnerable component is in that configuration. The Base Score is greatest for the least complex attacks. The list of possible values is: Low, High https://www.first.org/cvss/v3.1/specification-document#2-1-2-Attack-Complexity-AC
has domain
cvss v3 c
has range
string

attack vectordp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#attackVector

This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the Base Score) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater Base Score. The list of possible values is: Netwok, Adjacent, Local, Physical https://www.first.org/cvss/v3.1/specification-document#2-1-1-Attack-Vector-AV
has domain
cvss v3 c
has range
string

authenticationdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#authentication

This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are: Multiple, Single, None. The fewer authentication instances that are required, the higher the vulnerability score. https://www.first.org/cvss/v2/guide#2-1-3-Authentication-Au
has domain
cvss v2 c
has range
string

authordp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#author

A person, a group of people or an organization who authored the CVSS
has domain
cvss v2 c
has range
string

authordp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#author

A person, a group of people or an organization who authored the CVSS
has domain
cvss v3 c
has range
string

authordp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/severity#author

A person, a group of people or an organization who authored the severity assessment
has domain
severity c
has range
string

availability impactdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#availabilityImpact

This metric measures the impact to availability of a successfully exploited vulnerability. Availability refers to the accessibility of information resources. Attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system. The possible values for this metric are: NONE, PARTIAL, COMPLETE. Increased availability impact increases the vulnerability score. https://www.first.org/cvss/v2/guide#2-1-6-Availability-Impact-A
has domain
cvss v2 c
has range
string

availability impactdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#availabilityImpact

This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the impacted component, this metric refers to the loss of availability of the impacted component itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of an impacted component. The Base Score is greatest when the consequence to the impacted component is highest. The list of possible values is: High, Low, None https://www.first.org/cvss/v3.1/specification-document#2-3-3-Availability-A
has domain
cvss v3 c
has range
string

base scoredp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#baseScore

baseScore = round_to_1_decimal • (((0.6 • Impact) + (0.4 • Exploitability) - 1.5) • f(Impact)) https://www.first.org/cvss/v2/guide#3-2-1-Base-Equation
has domain
cvss v2 c
has range

base scoredp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#baseScore

BaseScore = If Impact \<= 0 0, else If Scope is Unchanged Roundup (Minimum [(Impact + Exploitability), 10]) If Scope is Changed Roundup (Minimum [1.08 • (Impact + Exploitability), 10]) https://www.first.org/cvss/v3.1/specification-document#7-1-Base-Metrics-Equations
has domain
cvss v3 c
has range

base severitydp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#baseSeverity

All scores can be mapped to the qualitative ratings. None: 0.0, Low: 0.1 - 3.9, Medium: 4.0 - 6.9, High: 7.0 - 8.9, Critical: 9.0 - 10.0 https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale
has domain
cvss v3 c
has range
string

c v e data versiondp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/configurations#CVE_data_version

Configuration's version
has domain
configurations c
has range
string

categorydp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/iot_taxonomy#category

Category of the affected IoT device
has domain
iot taxonomy c
has range
string

confidentiality impactdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#confidentialityImpact

This metric measures the impact on confidentiality of a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The possible values for this metric are: NONE, PARTIAL, COMPLETE. Increased confidentiality impact increases the vulnerability score. https://www.first.org/cvss/v2/guide#2-1-4-Confidentiality-Impact-C
has domain
cvss v2 c
has range
string

confidentiality impactdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#confidentialityImpact

This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The Base Score is greatest when the loss to the impacted component is highest. The list of possible values is: High, Low, None https://www.first.org/cvss/v3.1/specification-document#2-3-1-Confidentiality-C
has domain
cvss v3 c
has range
string

cpe22 uridp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/configurations#cpe22Uri

CPE identifier version 2.2
has domain
configurations c
has range
any u r i

cpe23 uridp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/configurations#cpe23Uri

CPE identifier version 2.3
has domain
configurations c
has range
any u r i

cvedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#cve

A CVE identifiers related to the vulnerability
has domain
v a r io tentry c
has range
string

cve iddp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cve#cve_id

CVE identifier matching information in the entry
has domain
cve c
has range
string

datadp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/credits#data

A person, a group of people or an organization who disclosed information
has domain
credits c
has range
string

datadp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/description#data

Description of the entry
has domain
description c
has range
string

datadp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/exploit#data

Code and/or instructions how to exploit the vulnerability
has domain
exploit c
has range
string

datadp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/exploit_language#data

Name of the coding language
has domain
exploit language c
has range
string

datadp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/iot#data

Indicates whether entry is IoT related or not
has domain
iot c
has range
boolean

datadp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/price#data

Price of the exploit
has domain
price c
has range
string

datadp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/threat_type#data

Type of the threat
has domain
threat type c
has range
string

datadp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/title#data

A short description
has domain
title c
has range
string

datadp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/type#data

Type of the vulnerability
has domain
type c
has range
string

datadp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/vulnerability_type#data

Type of the vulnerability
has domain
vulnerability type c
has range
string

datedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/sources_release_date#date

Timestamp when the information has been published first time in the source database
has domain
sources release date c
has range
string

datedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/sources_update_date#date

Timestamp when the information has been updated in the source database
has domain
sources update date c
has range
string

dbdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/external_ids#db

Name of the source database
has domain
external ids c
has range
string

dbdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/sources#db

Name of the source database
has domain
sources c
has range
string

dbdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/sources_release_date#db

Name of the source database
has domain
sources release date c
has range
string

dbdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/sources_update_date#db

Name of the source database
has domain
sources update date c
has range
string

edb iddp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/edb_id

Exploit's identifier in the exploit-db database
has domain
v a r io tentry c
has range
long

exploitabilitydp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#exploitability

This metric measures the current state of exploit techniques or code availability. Public availability of easy-to-use exploit code increases the number of potential attackers by including those who are unskilled, thereby increasing the severity of the vulnerability. Initially, real-world exploitation may only be theoretical. Publication of proof of concept code, functional exploit code, or sufficient technical details necessary to exploit the vulnerability may follow. Furthermore, the exploit code available may progress from a proof-of-concept demonstration to exploit code that is successful in exploiting the vulnerability consistently. In severe cases, it may be delivered as the payload of a network-based worm or virus. The possible values for this metric are: Unprove, Proof-of-concept (POC), Functional, High, Not Definied. The more easily a vulnerability can be exploited, the higher the vulnerability score. https://www.first.org/cvss/v2/guide#2-2-1-Exploitability-E
has domain
cvss v2 c
has range
string

exploitability scoredp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#exploitabilityScore

Exploitability = 20 •AccessVector • AccessComplexity • Authentication https://www.first.org/cvss/v2/guide#3-2-1-Base-Equation
has domain
cvss v2 c
has range

iddp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#id

Identifier of the entry in the VARIoT database. Exploits entries have an additional "-E-" part in the identifier
has domain
v a r io tentry c
has range

iddp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#id

Identifier of the related vulnerability with given CVSS V2 in the external database
has domain
cvss v2 c
has range
string

iddp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#id

Identifier of the related vulnerability with given CVSS V3 in the external database
has domain
cvss v3 c
has range
string

iddp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/severity#id

Identifier of the related vulnerability with a given severity in the external database
has domain
severity c
has range
string

iddp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/external_ids#id

Identifier in the source database
has domain
external ids c
has range
string

iddp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/sources#id

Identifier in the source database
has domain
sources c
has range
string

iddp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/sources_release_date#id

Identifier in the source database
has domain
sources release date c
has range
string

iddp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/sources_update_date#id

Identifier in the source database
has domain
sources update date c
has range
string

impact scoredp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#impactScore

Impact = 10.41 • (1-(1-ConfImpact) • (1-IntegImpact) • (1-AvailImpact)) https://www.first.org/cvss/v2/guide#3-2-1-Base-Equation
has domain
cvss v2 c
has range

impact scoredp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#impactScore

ISS = 1 - [ (1 - Confidentiality) • (1 - Integrity) • (1 - Availability) ] Impact = If Scope is Unchanged 6.42 • ISS If Scope is Changed 7.52 • (ISS - 0.029) - 3.25 • (ISS - 0.02)^15 https://www.first.org/cvss/v3.1/specification-document#7-1-Base-Metrics-Equations
has domain
cvss v3 c
has range

integrity impactdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#integrityImpact

This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and guaranteed veracity of information. The possible values for this metric are: NONE, PARTIAL, COMPLETE. Increased integrity impact increases the vulnerability score. https://www.first.org/cvss/v2/guide#2-1-5-Integrity-Impact-I
has domain
cvss v2 c
has range
string

integrity impactdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#integrityImpact

This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. The Base Score is greatest when the consequence to the impacted component is highest. The list of possible values is: High, Low, None https://www.first.org/cvss/v3.1/specification-document#2-3-2-Integrity-I
has domain
cvss v3 c
has range
string

last update datedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#last_update_date

Last time when any information in the entry has been updated
has domain
v a r io tentry c
has range
date time stamp

md5dp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/exploit_hash#md5

Hash of the exploit's content computed with MD5 algorithm
has domain
local c
source c
has range
string

modeldp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/affected_products#model

Model of the affected product
has domain
affected products c
has range
string

moved todp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/VARIoTentry#moved_to

Identifier of the VARIoT database entry where given entry has been moved or status "deleted"
has domain
v a r io tentry c
has range

obtain all privilegedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#obtainAllPrivilege

Whether or not the vulnerability allows one to obtain all privileges
has domain
cvss v2 c
has range
boolean

obtain other privilegedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#obtainOtherPrivilege

Whether or not the vulnerability allows one to obtain other privileges
has domain
cvss v2 c
has range
boolean

obtain user privilegedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#obtainUserPrivilege

Whether or not the vulnerability allows one to obtain user privileges
has domain
cvss v2 c
has range
boolean

operatordp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/configurations#operator

Logical operator to link vulnerable configurations. Can be AND or OR
has domain
configurations c
has range
string

privileges requireddp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#privilegesRequired

This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability. The Base Score is greatest if no privileges are required. The list of possible values is: None, Low, High https://www.first.org/cvss/v3.1/specification-document#2-1-3-Privileges-Required-PR
has domain
cvss v3 c
has range
string

problemtypedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/problemtype_data#problemtype

CWE identifier describing type of the vulnerability
has domain
problemtype data c
has range
string

referencedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/exploit_availability#reference

An URL to the external resource with a code of the exploit
has domain
exploit availability c
has range
any u r i

remediation leveldp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#remediationLevel

The remediation level of a vulnerability is an important factor for prioritization. The typical vulnerability is unpatched when initially published. Workarounds or hotfixes may offer interim remediation until an official patch or upgrade is issued. Each of these respective stages adjusts the temporal score downwards, reflecting the decreasing urgency as remediation becomes final. The possible values for this metric are: OFFICIAL FIX, TEMPORARY FIX, WORKAROUND, UNAVAILABLE, NOT DEFINED. The less official and permanent a fix, the higher the vulnerability score is. https://www.first.org/cvss/v2/guide#2-2-2-Remediation-Level-RL
has domain
cvss v2 c
has range
string

report confidencedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#reportConfidence

This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details. Sometimes, only the existence of vulnerabilities are publicized, but without specific details. The vulnerability may later be corroborated and then confirmed through acknowledgement by the author or vendor of the affected technology. The urgency of a vulnerability is higher when a vulnerability is known to exist with certainty. This metric also suggests the level of technical knowledge available to would-be attackers. The possible values for this metric are: Unconfirmed, Uncorroborated, Confirmed, Not Definied. The more a vulnerability is validated by the vendor or other reputable sources, the higher the score. https://www.first.org/cvss/v2/guide#2-2-3-Report-Confidence-RC
has domain
cvss v2 c
has range
string

scopedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/affected_products#scope

Scope of the affected products's versions. Can be: eq, lt, lte, gt or gte
has domain
affected products c
has range
string

scopedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#scope

The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope. The Base Score is greatest when a scope change occurs. The list of possible values is: Unchanged, Changed https://www.first.org/cvss/v3.1/specification-document#2-2-Scope-S
has domain
cvss v3 c
has range
string

severitydp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#severity

Qualitative rating of all the scores. Can be: low, medium or high https://nvd.nist.gov/vuln-metrics/cvss
has domain
cvss v2 c

sha 1dp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/expolit_hash#sha-1

Hash of the exploit's content computed with SHA-1 algorithm
has domain
local c
source c
has range
string

sha 256dp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/expolit_hash#sha-256

Hash of the exploit's content computed with SHA-256 algorithm
has domain
local c
source c
has range
string

subcategorydp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/iot_taxonomy#subcategory

More detailed category of the affected IoT device
has domain
iot taxonomy c
has range
string

tagdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/tags#tag

Tag describing information in the entry
has domain
tags c
has range
string

titledp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/patch#title

Short description of the patch
has domain
patch c
has range
string

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/affected_products#trust

How much affected product's information can be trusted
has domain
affected products c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/credits#trust

How much information about credits can be trusted
has domain
credits c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cve#trust

How much the relation of the CVE identifier to the information in the entry can be trusted
has domain
cve c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#trust

How much CVSS V3 information can be trusted
has domain
cvss v3 c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/severity#trust

How much severity assessment can be trusted
has domain
severity c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/description#trust

How much the description can be trusted
has domain
description c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/exploit#trust

How much the code and/or instructions how to exploit the vulnerability can be trusted
has domain
exploit c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/exploit_availability#trust

How much the information about the exploit reference can be trusted
has domain
exploit availability c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/exploit_language#trust

How much information about used coding language can be trusted
has domain
exploit language c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/external_ids#trust

How much the information about the related entry in the external database can be trusted
has domain
external ids c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/iot#trust

How much the information about entry being IoT related or not can be trusted
has domain
iot c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/iot_taxonomy#trust

How much the information about category and subcategory of the vulnerable IoT device can be trusted
has domain
iot taxonomy c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/patch#trust

How much the information about patch can be trusted
has domain
patch c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/price#trust

How much information about the price of the exploit can be trusted
has domain
price c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/problemtype_data#trust

How much the information about problemtype can be trusted
has domain
problemtype data c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/references#trust

How much informatio about a given URL can be trusted
has domain
references c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/tags#trust

How much provided tag can be trusted
has domain
tags c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/threat_type#trust

How much information about threat type can be trusted
has domain
threat type c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/title#trust

How much the title can be trusted
has domain
title c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/type#trust

How much information about the type of the vulnerability can be trusted
has domain
type c
has range

trustdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/vulnerability_type#trust

How much information about vulnerability type can be trusted
has domain
vulnerability type c
has range

typedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/exploit_availability#type

Type of the exploit e.g. Proof-of-Concept or working exploit
has domain
exploit availability c
has range
string

urldp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/patch#url

A URL to the patch
has domain
patch c
has range
any u r i

urldp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/references#url

A URL pointing to the external source with related information
has domain
references c
has range
any u r i

user interactiondp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#userInteraction

This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable component. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The Base Score is greatest when no user interaction is required. The list of possible values is: None, Required https://www.first.org/cvss/v3.1/specification-document#2-1-4-User-Interaction-UI
has domain
cvss v3 c
has range
string

user interaction requireddp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#userInteractionRequired

Whether or not user interaction is required
has domain
cvss v2 c
has range
boolean

valuedp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/severity#value

Level of the vulanerability's severity. On the scale provided by the source
has domain
severity c
has range
string

vector stringdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#vectorString

Vector string is a text representation of a set of CVSS metrics. It is commonly used to record or transfer CVSS metric information in a concise form.
has domain
cvss v2 c
has range

vector stringdp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#vectorString

Vector string is a text representation of a set of CVSS metrics. It is commonly used to record or transfer CVSS metric information in a concise form.
has domain
cvss v3 c
has range

vendordp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/affected_products#vendor

Affected produtc's vendor name
has domain
affected products c
has range
string

versiondp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV2#version

CVSS version
has domain
cvss v2 c
has range
string

versiondp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/cvss/cvssV3#version

CVSS version
has domain
cvss v3 c
has range
string

vulnerabledp back to ToC or Data Property ToC

IRI: https://www.variotdbs.pl/ref/configurations#vulnerable

Indicates whether given software or hardware is vulnerable or not
has domain
configurations c
has range
boolean

Annotation Properties

creatorap back to ToC or Annotation Property ToC

IRI: http://purl.org/dc/elements/1.1/creator

descriptionap back to ToC or Annotation Property ToC

IRI: http://purl.org/dc/elements/1.1/description

rightsap back to ToC or Annotation Property ToC

IRI: http://purl.org/dc/elements/1.1/rights

sourceap back to ToC or Annotation Property ToC

IRI: http://purl.org/dc/elements/1.1/source

titleap back to ToC or Annotation Property ToC

IRI: http://purl.org/dc/elements/1.1/title

Legend back to ToC

c: Classes
op: Object Properties
dp: Data Properties

References back to ToC

Add your references here. It is recommended to have them as a list.

Acknowledgments back to ToC

The authors would like to thank Silvio Peroni for developing LODE, a Live OWL Documentation Environment, which is used for representing the Cross Referencing Section of this document and Daniel Garijo for developing Widoco, the program used to create the template used in this documentation.