Schema documentation for cvss-v2

Showing:

Annotations

Attributes

Diagrams

Facets

Source

Used by

Imported schema cvss-v2_0.9.xsd

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Element baseVectorsGroup / access-vector

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

accessVectorType

Type hierarchy

xsd:token
- accessVectorEnumType
  - accessVectorType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="access-vector" type="accessVectorType"/>

Element baseVectorsGroup / access-complexity

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

accessComplexityType

Type hierarchy

xsd:token
- accessComplexityEnumType
  - accessComplexityType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="access-complexity" type="accessComplexityType"/>

Element baseVectorsGroup / authentication

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

authenticationType

Type hierarchy

xsd:token
- authenticationEnumType
  - authenticationType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="authentication" type="authenticationType"/>

Element baseVectorsGroup / confidentiality-impact

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

ciaType

Type hierarchy

xsd:token
- ciaEnumType
  - ciaType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="confidentiality-impact" type="ciaType"/>

Element baseVectorsGroup / integrity-impact

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

ciaType

Type hierarchy

xsd:token
- ciaEnumType
  - ciaType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="integrity-impact" type="ciaType"/>

Element baseVectorsGroup / availability-impact

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

ciaType

Type hierarchy

xsd:token
- ciaEnumType
  - ciaType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="availability-impact" type="ciaType"/>

Element environmentalVectorsGroup / collateral-damage-potential

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

collateralDamagePotentialType

Type hierarchy

xsd:token
- collateralDamagePotentialEnumType
  - collateralDamagePotentialType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="collateral-damage-potential" type="collateralDamagePotentialType"/>

Element environmentalVectorsGroup / target-distribution

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

targetDistributionType

Type hierarchy

xsd:token
- targetDistributionEnumType
  - targetDistributionType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="target-distribution" type="targetDistributionType"/>

Element environmentalVectorsGroup / confidentiality-requirement

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

ciaRequirementType

Type hierarchy

xsd:token
- ciaRequirementEnumType
  - ciaRequirementType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="confidentiality-requirement" type="ciaRequirementType"/>

Element environmentalVectorsGroup / integrity-requirement

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

ciaRequirementType

Type hierarchy

xsd:token
- ciaRequirementEnumType
  - ciaRequirementType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="integrity-requirement" type="ciaRequirementType"/>

Element environmentalVectorsGroup / availability-requirement

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

ciaRequirementType

Type hierarchy

xsd:token
- ciaRequirementEnumType
  - ciaRequirementType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="availability-requirement" type="ciaRequirementType"/>

Element temporalVectorsGroup / exploitability

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

exploitabilityType

Type hierarchy

xsd:token
- exploitabilityEnumType
  - exploitabilityType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="exploitability" type="exploitabilityType"/>

Element temporalVectorsGroup / remediation-level

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

remediationLevelType

Type hierarchy

xsd:token
- remediationLevelEnumType
  - remediationLevelType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="remediation-level" type="remediationLevelType"/>

Element temporalVectorsGroup / report-confidence

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

confidenceType

Type hierarchy

xsd:token
- confidenceEnumType
  - confidenceType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:element minOccurs="0" name="report-confidence" type="confidenceType"/>

Element baseVectorsCriteriaGroup / access-vector

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

accessVectorEnumType

Facets

enumeration	LOCAL
enumeration	ADJACENT_NETWORK
enumeration	NETWORK

Source

<xsd:element minOccurs="0" name="access-vector" type="accessVectorEnumType"/>

Element baseVectorsCriteriaGroup / access-complexity

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

accessComplexityEnumType

Facets

enumeration	HIGH
enumeration	MEDIUM
enumeration	LOW

Source

<xsd:element minOccurs="0" name="access-complexity" type="accessComplexityEnumType"/>

Element baseVectorsCriteriaGroup / authentication

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

authenticationEnumType

Facets

enumeration	MULTIPLE_INSTANCES
enumeration	SINGLE_INSTANCE
enumeration	NONE

Source

<xsd:element minOccurs="0" name="authentication" type="authenticationEnumType"/>

Element baseVectorsCriteriaGroup / confidentiality-impact

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

ciaEnumType

Facets

enumeration	NONE
enumeration	PARTIAL
enumeration	COMPLETE

Source

<xsd:element minOccurs="0" name="confidentiality-impact" type="ciaEnumType"/>

Element baseVectorsCriteriaGroup / integrity-impact

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

ciaEnumType

Facets

enumeration	NONE
enumeration	PARTIAL
enumeration	COMPLETE

Source

<xsd:element minOccurs="0" name="integrity-impact" type="ciaEnumType"/>

Element baseVectorsCriteriaGroup / availability-impact

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

ciaEnumType

Facets

enumeration	NONE
enumeration	PARTIAL
enumeration	COMPLETE

Source

<xsd:element minOccurs="0" name="availability-impact" type="ciaEnumType"/>

Element environmentalVectorsCriteriaGroup / collateral-damage-potential

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

collateralDamagePotentialEnumType

Facets

enumeration	NONE
enumeration	LOW
enumeration	LOW_MEDIUM
enumeration	MEDIUM_HIGH
enumeration	HIGH
enumeration	NOT_DEFINED

Source

<xsd:element minOccurs="0" name="collateral-damage-potential" type="collateralDamagePotentialEnumType"/>

Element environmentalVectorsCriteriaGroup / target-distribution

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

targetDistributionEnumType

Facets

enumeration	NONE
enumeration	LOW
enumeration	MEDIUM
enumeration	HIGH
enumeration	NOT_DEFINED

Source

<xsd:element minOccurs="0" name="target-distribution" type="targetDistributionEnumType"/>

Element environmentalVectorsCriteriaGroup / confidentiality-requirement

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

ciaRequirementEnumType

Facets

enumeration	LOW
enumeration	MEDIUM
enumeration	HIGH
enumeration	NOT_DEFINED

Source

<xsd:element minOccurs="0" name="confidentiality-requirement" type="ciaRequirementEnumType"/>

Element environmentalVectorsCriteriaGroup / integrity-requirement

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

ciaRequirementEnumType

Facets

enumeration	LOW
enumeration	MEDIUM
enumeration	HIGH
enumeration	NOT_DEFINED

Source

<xsd:element minOccurs="0" name="integrity-requirement" type="ciaRequirementEnumType"/>

Element environmentalVectorsCriteriaGroup / availability-requirement

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

ciaRequirementEnumType

Facets

enumeration	LOW
enumeration	MEDIUM
enumeration	HIGH
enumeration	NOT_DEFINED

Source

<xsd:element minOccurs="0" name="availability-requirement" type="ciaRequirementEnumType"/>

Element temporalVectorsCriteriaGroup / exploitability

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

exploitabilityEnumType

Facets

enumeration	UNPROVEN
enumeration	PROOF_OF_CONCEPT
enumeration	FUNCTIONAL
enumeration	HIGH
enumeration	NOT_DEFINED

Source

<xsd:element minOccurs="0" name="exploitability" type="exploitabilityEnumType"/>

Element temporalVectorsCriteriaGroup / remediation-level

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

remediationLevelEnumType

Facets

enumeration	OFFICIAL_FIX
enumeration	TEMPORARY_FIX
enumeration	WORKAROUND
enumeration	UNAVAILABLE
enumeration	NOT_DEFINED

Source

<xsd:element minOccurs="0" name="remediation-level" type="remediationLevelEnumType"/>

Element temporalVectorsCriteriaGroup / report-confidence

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

confidenceEnumType

Facets

enumeration	UNCONFIRMED
enumeration	UNCORROBORATED
enumeration	CONFIRMED
enumeration	NOT_DEFINED

Source

<xsd:element minOccurs="0" name="report-confidence" type="confidenceEnumType"/>

Element cvssType / base_metrics

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

baseMetricsType

Type hierarchy

metricsType
- baseMetricsType

Children

access-complexity, access-vector, authentication, availability-impact, confidentiality-impact, exploit-subscore, generated-on-datetime, impact-subscore, integrity-impact, score, source

Attributes

QName

Type

Use

Annotation

upgraded-from-version

xsd:decimal

optional

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Source

<xsd:element minOccurs="0" maxOccurs="unbounded" name="base_metrics" type="baseMetricsType"/>

Element baseMetricsType / score

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Annotations

Base severity score assigned to a vulnerability by a source

Diagram

Type

zeroToTenDecimalType

Facets

fractionDigits	1
maxInclusive	10
minInclusive	0

Source

<xsd:element minOccurs="0" name="score" type="zeroToTenDecimalType">
  <xsd:annotation>
    <xsd:documentation>Base severity score assigned to a vulnerability by a source</xsd:documentation>
  </xsd:annotation>
</xsd:element>

Element baseMetricsType / exploit-subscore

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Annotations

Base exploit sub-score assigned to a vulnerability by a source

Diagram

Type

zeroToTenDecimalType

Facets

fractionDigits	1
maxInclusive	10
minInclusive	0

Source

<xsd:element minOccurs="0" name="exploit-subscore" type="zeroToTenDecimalType">
  <xsd:annotation>
    <xsd:documentation>Base exploit sub-score assigned to a vulnerability by a source</xsd:documentation>
  </xsd:annotation>
</xsd:element>

Element baseMetricsType / impact-subscore

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Annotations

Base impact sub-score assigned to a vulnerability by a source

Diagram

Type

zeroToTenDecimalType

Facets

fractionDigits	1
maxInclusive	10
minInclusive	0

Source

<xsd:element minOccurs="0" name="impact-subscore" type="zeroToTenDecimalType">
  <xsd:annotation>
    <xsd:documentation>Base impact sub-score assigned to a vulnerability by a source</xsd:documentation>
  </xsd:annotation>
</xsd:element>

Element baseMetricsType / source

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Annotations

Data source the vector was obtained from.  Example:  http://nvd.nist.gov or com.symantec.deepsight

Diagram

Type

xsd:anyURI

Source

<xsd:element name="source" type="xsd:anyURI">
  <xsd:annotation>
    <xsd:documentation>Data source the vector was obtained from. Example: http://nvd.nist.gov or com.symantec.deepsight</xsd:documentation>
  </xsd:annotation>
</xsd:element>

Element baseMetricsType / generated-on-datetime

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

xsd:dateTime

Source

<xsd:element minOccurs="0" name="generated-on-datetime" type="xsd:dateTime"/>

Element cvssType / environmental_metrics

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

environmentalMetricsType

Type hierarchy

metricsType
- environmentalMetricsType

Children

availability-requirement, collateral-damage-potential, confidentiality-requirement, generated-on-datetime, integrity-requirement, score, source, target-distribution

Attributes

QName

Type

Use

Annotation

upgraded-from-version

xsd:decimal

optional

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Source

<xsd:element minOccurs="0" maxOccurs="unbounded" name="environmental_metrics" type="environmentalMetricsType"/>

Element environmentalMetricsType / score

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

zeroToTenDecimalType

Facets

fractionDigits	1
maxInclusive	10
minInclusive	0

Source

<xsd:element minOccurs="0" name="score" type="zeroToTenDecimalType"/>

Element environmentalMetricsType / source

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Annotations

Data source the vector was obtained from.  Example:  gov.nist.nvd or com.symantec.deepsight

Diagram

Type

xsd:anyURI

Source

<xsd:element name="source" type="xsd:anyURI">
  <xsd:annotation>
    <xsd:documentation>Data source the vector was obtained from. Example: gov.nist.nvd or com.symantec.deepsight</xsd:documentation>
  </xsd:annotation>
</xsd:element>

Element environmentalMetricsType / generated-on-datetime

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

xsd:dateTime

Source

<xsd:element minOccurs="0" name="generated-on-datetime" type="xsd:dateTime"/>

Element cvssType / temporal_metrics

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

temporalMetricsType

Type hierarchy

metricsType
- temporalMetricsType

Children

exploitability, generated-on-datetime, remediation-level, report-confidence, score, source, temporal-multiplier

Attributes

QName

Type

Use

Annotation

upgraded-from-version

xsd:decimal

optional

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Source

<xsd:element minOccurs="0" maxOccurs="unbounded" name="temporal_metrics" type="temporalMetricsType"/>

Element temporalMetricsType / score

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Annotations

The temporal score is the temporal multiplier times the base score.

Diagram

Type

zeroToTenDecimalType

Facets

fractionDigits	1
maxInclusive	10
minInclusive	0

Source

<xsd:element minOccurs="0" name="score" type="zeroToTenDecimalType">
  <xsd:annotation>
    <xsd:documentation>The temporal score is the temporal multiplier times the base score.</xsd:documentation>
  </xsd:annotation>
</xsd:element>

Element temporalMetricsType / temporal-multiplier

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Annotations

The temporal multiplier is a number between zero and one.  Reference the CVSS standard for computation.

Diagram

Type

xsd:decimal

Source

<xsd:element minOccurs="0" name="temporal-multiplier" type="xsd:decimal">
  <xsd:annotation>
    <xsd:documentation>The temporal multiplier is a number between zero and one. Reference the CVSS standard for computation.</xsd:documentation>
  </xsd:annotation>
</xsd:element>

Element temporalMetricsType / source

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

xsd:anyURI

Source

<xsd:element name="source" type="xsd:anyURI"/>

Element temporalMetricsType / generated-on-datetime

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

xsd:dateTime

Source

<xsd:element name="generated-on-datetime" type="xsd:dateTime"/>

Element cvssImpactType / base_metrics

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

baseMetricsType

Type hierarchy

metricsType
- baseMetricsType

Children

Attributes

QName

Type

Use

Annotation

upgraded-from-version

xsd:decimal

optional

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Source

<xsd:element minOccurs="1" maxOccurs="1" name="base_metrics" type="baseMetricsType"/>

Element cvssImpactType / environmental_metrics

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

environmentalMetricsType

Type hierarchy

metricsType
- environmentalMetricsType

Children

availability-requirement, collateral-damage-potential, confidentiality-requirement, generated-on-datetime, integrity-requirement, score, source, target-distribution

Attributes

QName

Type

Use

Annotation

upgraded-from-version

xsd:decimal

optional

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Source

<xsd:element minOccurs="0" maxOccurs="1" name="environmental_metrics" type="environmentalMetricsType"/>

Element cvssImpactType / temporal_metrics

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

temporalMetricsType

Type hierarchy

metricsType
- temporalMetricsType

Children

exploitability, generated-on-datetime, remediation-level, report-confidence, score, source, temporal-multiplier

Attributes

QName

Type

Use

Annotation

upgraded-from-version

xsd:decimal

optional

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Source

<xsd:element minOccurs="0" maxOccurs="1" name="temporal_metrics" type="temporalMetricsType"/>

Element cvssImpactBaseType / base_metrics

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

baseMetricsType

Type hierarchy

metricsType
- baseMetricsType

Children

Attributes

QName

Type

Use

Annotation

upgraded-from-version

xsd:decimal

optional

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Source

<xsd:element name="base_metrics" type="baseMetricsType"/>

Element cvssImpactTemporalType / temporal_metrics

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

temporalMetricsType

Type hierarchy

metricsType
- temporalMetricsType

Children

exploitability, generated-on-datetime, remediation-level, report-confidence, score, source, temporal-multiplier

Attributes

QName

Type

Use

Annotation

upgraded-from-version

xsd:decimal

optional

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Source

<xsd:element name="temporal_metrics" type="temporalMetricsType" minOccurs="0"/>

Element cvssImpactEnvironmentalType / environmental_metrics

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

environmentalMetricsType

Type hierarchy

metricsType
- environmentalMetricsType

Children

availability-requirement, collateral-damage-potential, confidentiality-requirement, generated-on-datetime, integrity-requirement, score, source, target-distribution

Attributes

QName

Type

Use

Annotation

upgraded-from-version

xsd:decimal

optional

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Source

<xsd:element name="environmental_metrics" type="environmentalMetricsType" minOccurs="0"/>

Simple Type zeroToTenDecimalType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Annotations

Value restriction to single decimal values from 0.0 to 10.0, as used in CVSS scores

Diagram

Type

restriction of xsd:decimal

Facets

fractionDigits	1
maxInclusive	10
minInclusive	0

Used by

Elements

baseMetricsType/exploit-subscore, baseMetricsType/impact-subscore, baseMetricsType/score, environmentalMetricsType/score, temporalMetricsType/score, vuln:Vulnerability/vuln:CVSSScoreSets/vuln:ScoreSet/vuln:BaseScore, vuln:Vulnerability/vuln:CVSSScoreSets/vuln:ScoreSet/vuln:EnvironmentalScore, vuln:Vulnerability/vuln:CVSSScoreSets/vuln:ScoreSet/vuln:TemporalScore

Source

<xsd:simpleType name="zeroToTenDecimalType">
  <xsd:annotation>
    <xsd:documentation>Value restriction to single decimal values from 0.0 to 10.0, as used in CVSS scores</xsd:documentation>
  </xsd:annotation>
  <xsd:restriction base="xsd:decimal">
    <xsd:minInclusive value="0"/>
    <xsd:maxInclusive value="10"/>
    <xsd:fractionDigits value="1"/>
  </xsd:restriction>
</xsd:simpleType>

Simple Type accessComplexityEnumType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

restriction of xsd:token

Facets

enumeration	HIGH
enumeration	MEDIUM
enumeration	LOW

Used by

Complex Type	accessComplexityType
Element	baseVectorsCriteriaGroup/access-complexity

Source

<xsd:simpleType name="accessComplexityEnumType">
  <xsd:restriction base="xsd:token">
    <xsd:enumeration value="HIGH"/>
    <xsd:enumeration value="MEDIUM"/>
    <xsd:enumeration value="LOW"/>
  </xsd:restriction>
</xsd:simpleType>

Simple Type accessVectorEnumType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

restriction of xsd:token

Facets

enumeration	LOCAL
enumeration	ADJACENT_NETWORK
enumeration	NETWORK

Used by

Complex Type	accessVectorType
Element	baseVectorsCriteriaGroup/access-vector

Source

<xsd:simpleType name="accessVectorEnumType">
  <xsd:restriction base="xsd:token">
    <xsd:enumeration value="LOCAL"/>
    <xsd:enumeration value="ADJACENT_NETWORK"/>
    <xsd:enumeration value="NETWORK"/>
  </xsd:restriction>
</xsd:simpleType>

Simple Type ciaRequirementEnumType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

restriction of xsd:token

Facets

enumeration	LOW
enumeration	MEDIUM
enumeration	HIGH
enumeration	NOT_DEFINED

Used by

Complex Type	ciaRequirementType
Elements	environmentalVectorsCriteriaGroup/availability-requirement, environmentalVectorsCriteriaGroup/confidentiality-requirement, environmentalVectorsCriteriaGroup/integrity-requirement

Source

<xsd:simpleType name="ciaRequirementEnumType">
  <xsd:restriction base="xsd:token">
    <xsd:enumeration value="LOW"/>
    <xsd:enumeration value="MEDIUM"/>
    <xsd:enumeration value="HIGH"/>
    <xsd:enumeration value="NOT_DEFINED"/>
  </xsd:restriction>
</xsd:simpleType>

Simple Type collateralDamagePotentialEnumType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

restriction of xsd:token

Facets

enumeration	NONE
enumeration	LOW
enumeration	LOW_MEDIUM
enumeration	MEDIUM_HIGH
enumeration	HIGH
enumeration	NOT_DEFINED

Used by

Complex Type	collateralDamagePotentialType
Element	environmentalVectorsCriteriaGroup/collateral-damage-potential

Source

<xsd:simpleType name="collateralDamagePotentialEnumType">
  <xsd:restriction base="xsd:token">
    <xsd:enumeration value="NONE"/>
    <xsd:enumeration value="LOW"/>
    <xsd:enumeration value="LOW_MEDIUM"/>
    <xsd:enumeration value="MEDIUM_HIGH"/>
    <xsd:enumeration value="HIGH"/>
    <xsd:enumeration value="NOT_DEFINED"/>
  </xsd:restriction>
</xsd:simpleType>

Simple Type targetDistributionEnumType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

restriction of xsd:token

Facets

enumeration	NONE
enumeration	LOW
enumeration	MEDIUM
enumeration	HIGH
enumeration	NOT_DEFINED

Used by

Complex Type	targetDistributionType
Element	environmentalVectorsCriteriaGroup/target-distribution

Source

<xsd:simpleType name="targetDistributionEnumType">
  <xsd:restriction base="xsd:token">
    <xsd:enumeration value="NONE"/>
    <xsd:enumeration value="LOW"/>
    <xsd:enumeration value="MEDIUM"/>
    <xsd:enumeration value="HIGH"/>
    <xsd:enumeration value="NOT_DEFINED"/>
  </xsd:restriction>
</xsd:simpleType>

Simple Type ciaEnumType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

restriction of xsd:token

Facets

enumeration	NONE
enumeration	PARTIAL
enumeration	COMPLETE

Used by

Complex Type	ciaType
Elements	baseVectorsCriteriaGroup/availability-impact, baseVectorsCriteriaGroup/confidentiality-impact, baseVectorsCriteriaGroup/integrity-impact

Source

<xsd:simpleType name="ciaEnumType">
  <xsd:restriction base="xsd:token">
    <xsd:enumeration value="NONE"/>
    <xsd:enumeration value="PARTIAL"/>
    <xsd:enumeration value="COMPLETE"/>
  </xsd:restriction>
</xsd:simpleType>

Simple Type authenticationEnumType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

restriction of xsd:token

Facets

enumeration	MULTIPLE_INSTANCES
enumeration	SINGLE_INSTANCE
enumeration	NONE

Used by

Complex Type	authenticationType
Element	baseVectorsCriteriaGroup/authentication

Source

<xsd:simpleType name="authenticationEnumType">
  <xsd:restriction base="xsd:token">
    <xsd:enumeration value="MULTIPLE_INSTANCES"/>
    <xsd:enumeration value="SINGLE_INSTANCE"/>
    <xsd:enumeration value="NONE"/>
  </xsd:restriction>
</xsd:simpleType>

Simple Type remediationLevelEnumType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

restriction of xsd:token

Facets

enumeration	OFFICIAL_FIX
enumeration	TEMPORARY_FIX
enumeration	WORKAROUND
enumeration	UNAVAILABLE
enumeration	NOT_DEFINED

Used by

Complex Type	remediationLevelType
Element	temporalVectorsCriteriaGroup/remediation-level

Source

<xsd:simpleType name="remediationLevelEnumType">
  <xsd:restriction base="xsd:token">
    <xsd:enumeration value="OFFICIAL_FIX"/>
    <xsd:enumeration value="TEMPORARY_FIX"/>
    <xsd:enumeration value="WORKAROUND"/>
    <xsd:enumeration value="UNAVAILABLE"/>
    <xsd:enumeration value="NOT_DEFINED"/>
  </xsd:restriction>
</xsd:simpleType>

Simple Type confidenceEnumType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

restriction of xsd:token

Facets

enumeration	UNCONFIRMED
enumeration	UNCORROBORATED
enumeration	CONFIRMED
enumeration	NOT_DEFINED

Used by

Complex Type	confidenceType
Element	temporalVectorsCriteriaGroup/report-confidence

Source

<xsd:simpleType name="confidenceEnumType">
  <xsd:restriction base="xsd:token">
    <xsd:enumeration value="UNCONFIRMED"/>
    <xsd:enumeration value="UNCORROBORATED"/>
    <xsd:enumeration value="CONFIRMED"/>
    <xsd:enumeration value="NOT_DEFINED"/>
  </xsd:restriction>
</xsd:simpleType>

Simple Type exploitabilityEnumType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

restriction of xsd:token

Facets

enumeration	UNPROVEN
enumeration	PROOF_OF_CONCEPT
enumeration	FUNCTIONAL
enumeration	HIGH
enumeration	NOT_DEFINED

Used by

Complex Type	exploitabilityType
Element	temporalVectorsCriteriaGroup/exploitability

Source

<xsd:simpleType name="exploitabilityEnumType">
  <xsd:restriction base="xsd:token">
    <xsd:enumeration value="UNPROVEN"/>
    <xsd:enumeration value="PROOF_OF_CONCEPT"/>
    <xsd:enumeration value="FUNCTIONAL"/>
    <xsd:enumeration value="HIGH"/>
    <xsd:enumeration value="NOT_DEFINED"/>
  </xsd:restriction>
</xsd:simpleType>

Complex Type accessVectorType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of accessVectorEnumType

Type hierarchy

xsd:token
- accessVectorEnumType
  - accessVectorType

Used by

Element

baseVectorsGroup/access-vector

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:complexType name="accessVectorType">
  <xsd:simpleContent>
    <xsd:extension base="accessVectorEnumType">
      <xsd:attributeGroup ref="vectorAttributeGroup"/>
    </xsd:extension>
  </xsd:simpleContent>
</xsd:complexType>

Complex Type accessComplexityType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of accessComplexityEnumType

Type hierarchy

xsd:token
- accessComplexityEnumType
  - accessComplexityType

Used by

Element

baseVectorsGroup/access-complexity

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:complexType name="accessComplexityType">
  <xsd:simpleContent>
    <xsd:extension base="accessComplexityEnumType">
      <xsd:attributeGroup ref="vectorAttributeGroup"/>
    </xsd:extension>
  </xsd:simpleContent>
</xsd:complexType>

Complex Type authenticationType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of authenticationEnumType

Type hierarchy

xsd:token
- authenticationEnumType
  - authenticationType

Used by

Element

baseVectorsGroup/authentication

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:complexType name="authenticationType">
  <xsd:simpleContent>
    <xsd:extension base="authenticationEnumType">
      <xsd:attributeGroup ref="vectorAttributeGroup"/>
    </xsd:extension>
  </xsd:simpleContent>
</xsd:complexType>

Complex Type ciaType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of ciaEnumType

Type hierarchy

xsd:token
- ciaEnumType
  - ciaType

Used by

Elements

baseVectorsGroup/availability-impact, baseVectorsGroup/confidentiality-impact, baseVectorsGroup/integrity-impact

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:complexType name="ciaType">
  <xsd:simpleContent>
    <xsd:extension base="ciaEnumType">
      <xsd:attributeGroup ref="vectorAttributeGroup"/>
    </xsd:extension>
  </xsd:simpleContent>
</xsd:complexType>

Complex Type collateralDamagePotentialType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of collateralDamagePotentialEnumType

Type hierarchy

xsd:token
- collateralDamagePotentialEnumType
  - collateralDamagePotentialType

Used by

Element

environmentalVectorsGroup/collateral-damage-potential

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:complexType name="collateralDamagePotentialType">
  <xsd:simpleContent>
    <xsd:extension base="collateralDamagePotentialEnumType">
      <xsd:attributeGroup ref="vectorAttributeGroup"/>
    </xsd:extension>
  </xsd:simpleContent>
</xsd:complexType>

Complex Type targetDistributionType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of targetDistributionEnumType

Type hierarchy

xsd:token
- targetDistributionEnumType
  - targetDistributionType

Used by

Element

environmentalVectorsGroup/target-distribution

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:complexType name="targetDistributionType">
  <xsd:simpleContent>
    <xsd:extension base="targetDistributionEnumType">
      <xsd:attributeGroup ref="vectorAttributeGroup"/>
    </xsd:extension>
  </xsd:simpleContent>
</xsd:complexType>

Complex Type ciaRequirementType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of ciaRequirementEnumType

Type hierarchy

xsd:token
- ciaRequirementEnumType
  - ciaRequirementType

Used by

Elements

environmentalVectorsGroup/availability-requirement, environmentalVectorsGroup/confidentiality-requirement, environmentalVectorsGroup/integrity-requirement

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:complexType name="ciaRequirementType">
  <xsd:simpleContent>
    <xsd:extension base="ciaRequirementEnumType">
      <xsd:attributeGroup ref="vectorAttributeGroup"/>
    </xsd:extension>
  </xsd:simpleContent>
</xsd:complexType>

Complex Type exploitabilityType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of exploitabilityEnumType

Type hierarchy

xsd:token
- exploitabilityEnumType
  - exploitabilityType

Used by

Element

temporalVectorsGroup/exploitability

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:complexType name="exploitabilityType">
  <xsd:simpleContent>
    <xsd:extension base="exploitabilityEnumType">
      <xsd:attributeGroup ref="vectorAttributeGroup"/>
    </xsd:extension>
  </xsd:simpleContent>
</xsd:complexType>

Complex Type remediationLevelType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of remediationLevelEnumType

Type hierarchy

xsd:token
- remediationLevelEnumType
  - remediationLevelType

Used by

Element

temporalVectorsGroup/remediation-level

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:complexType name="remediationLevelType">
  <xsd:simpleContent>
    <xsd:extension base="remediationLevelEnumType">
      <xsd:attributeGroup ref="vectorAttributeGroup"/>
    </xsd:extension>
  </xsd:simpleContent>
</xsd:complexType>

Complex Type confidenceType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of confidenceEnumType

Type hierarchy

xsd:token
- confidenceEnumType
  - confidenceType

Used by

Element

temporalVectorsGroup/report-confidence

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:complexType name="confidenceType">
  <xsd:simpleContent>
    <xsd:extension base="confidenceEnumType">
      <xsd:attributeGroup ref="vectorAttributeGroup"/>
    </xsd:extension>
  </xsd:simpleContent>
</xsd:complexType>

Complex Type cvssType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Annotations

"This schema was intentionally designed to avoid mixing classes and attributes between CVSS version 1, CVSS version 2, and future versions. Scores in the CVSS system are interdependent.  The temporal score is a multiplier of the base score.  The environmental score, in turn, is a multiplier of the temporal score.  The ability to transfer these scores independently is provided on the assumption that the user understands the business logic. For any given metric, it is preferred that the score, as a minimum is provided, however the score can be re-created from the metrics or the multiplier and any scores they are dependent on."

Diagram

Used by

Complex Type

cvssImpactType

Children

base_metrics, environmental_metrics, temporal_metrics

Source

<xsd:complexType name="cvssType">
  <xsd:annotation>
    <xsd:documentation>"This schema was intentionally designed to avoid mixing classes and attributes between CVSS version 1, CVSS version 2, and future versions. Scores in the CVSS system are interdependent. The temporal score is a multiplier of the base score. The environmental score, in turn, is a multiplier of the temporal score. The ability to transfer these scores independently is provided on the assumption that the user understands the business logic. For any given metric, it is preferred that the score, as a minimum is provided, however the score can be re-created from the metrics or the multiplier and any scores they are dependent on."</xsd:documentation>
  </xsd:annotation>
  <xsd:sequence>
    <xsd:element minOccurs="0" maxOccurs="unbounded" name="base_metrics" type="baseMetricsType"/>
    <xsd:element minOccurs="0" maxOccurs="unbounded" name="environmental_metrics" type="environmentalMetricsType"/>
    <xsd:element minOccurs="0" maxOccurs="unbounded" name="temporal_metrics" type="temporalMetricsType"/>
  </xsd:sequence>
</xsd:complexType>

Complex Type baseMetricsType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of metricsType

Type hierarchy

metricsType
- baseMetricsType

Used by

Elements

cvssImpactBaseType/base_metrics, cvssImpactType/base_metrics, cvssType/base_metrics

Children

Attributes

QName

Type

Use

Annotation

upgraded-from-version

xsd:decimal

optional

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Source

<xsd:complexType name="baseMetricsType">
  <xsd:complexContent>
    <xsd:extension base="metricsType">
      <xsd:sequence>
        <xsd:element minOccurs="0" name="score" type="zeroToTenDecimalType">
          <xsd:annotation>
            <xsd:documentation>Base severity score assigned to a vulnerability by a source</xsd:documentation>
          </xsd:annotation>
        </xsd:element>
        <xsd:element minOccurs="0" name="exploit-subscore" type="zeroToTenDecimalType">
          <xsd:annotation>
            <xsd:documentation>Base exploit sub-score assigned to a vulnerability by a source</xsd:documentation>
          </xsd:annotation>
        </xsd:element>
        <xsd:element minOccurs="0" name="impact-subscore" type="zeroToTenDecimalType">
          <xsd:annotation>
            <xsd:documentation>Base impact sub-score assigned to a vulnerability by a source</xsd:documentation>
          </xsd:annotation>
        </xsd:element>
        <xsd:group ref="baseVectorsGroup"/>
        <xsd:element name="source" type="xsd:anyURI">
          <xsd:annotation>
            <xsd:documentation>Data source the vector was obtained from. Example: http://nvd.nist.gov or com.symantec.deepsight</xsd:documentation>
          </xsd:annotation>
        </xsd:element>
        <xsd:element minOccurs="0" name="generated-on-datetime" type="xsd:dateTime"/>
      </xsd:sequence>
    </xsd:extension>
  </xsd:complexContent>
</xsd:complexType>

Complex Type metricsType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Annotations

Base type for metrics that defines common attributes of all metrics.

Diagram

Used by

Complex Types

baseMetricsType, environmentalMetricsType, temporalMetricsType

Attributes

QName

Type

Use

Annotation

upgraded-from-version

xsd:decimal

optional

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Source

<xsd:complexType name="metricsType" abstract="true">
  <xsd:annotation>
    <xsd:documentation>Base type for metrics that defines common attributes of all metrics.</xsd:documentation>
  </xsd:annotation>
  <xsd:attribute name="upgraded-from-version" type="xsd:decimal">
    <xsd:annotation>
      <xsd:documentation>Indicates if the metrics have been upgraded from a previous version of CVSS. If fields that were approximated will have an approximated attribute set to 'true'.</xsd:documentation>
    </xsd:annotation>
  </xsd:attribute>
</xsd:complexType>

Complex Type environmentalMetricsType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of metricsType

Type hierarchy

metricsType
- environmentalMetricsType

Used by

Elements

cvssImpactEnvironmentalType/environmental_metrics, cvssImpactType/environmental_metrics, cvssType/environmental_metrics

Children

availability-requirement, collateral-damage-potential, confidentiality-requirement, generated-on-datetime, integrity-requirement, score, source, target-distribution

Attributes

QName

Type

Use

Annotation

upgraded-from-version

xsd:decimal

optional

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Source

<xsd:complexType name="environmentalMetricsType">
  <xsd:complexContent>
    <xsd:extension base="metricsType">
      <xsd:sequence>
        <xsd:element minOccurs="0" name="score" type="zeroToTenDecimalType"/>
        <xsd:group ref="environmentalVectorsGroup"/>
        <xsd:element name="source" type="xsd:anyURI">
          <xsd:annotation>
            <xsd:documentation>Data source the vector was obtained from. Example: gov.nist.nvd or com.symantec.deepsight</xsd:documentation>
          </xsd:annotation>
        </xsd:element>
        <xsd:element minOccurs="0" name="generated-on-datetime" type="xsd:dateTime"/>
      </xsd:sequence>
    </xsd:extension>
  </xsd:complexContent>
</xsd:complexType>

Complex Type temporalMetricsType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of metricsType

Type hierarchy

metricsType
- temporalMetricsType

Used by

Elements

cvssImpactTemporalType/temporal_metrics, cvssImpactType/temporal_metrics, cvssType/temporal_metrics

Children

exploitability, generated-on-datetime, remediation-level, report-confidence, score, source, temporal-multiplier

Attributes

QName

Type

Use

Annotation

upgraded-from-version

xsd:decimal

optional

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Source

<xsd:complexType name="temporalMetricsType">
  <xsd:complexContent>
    <xsd:extension base="metricsType">
      <xsd:sequence>
        <xsd:element minOccurs="0" name="score" type="zeroToTenDecimalType">
          <xsd:annotation>
            <xsd:documentation>The temporal score is the temporal multiplier times the base score.</xsd:documentation>
          </xsd:annotation>
        </xsd:element>
        <xsd:element minOccurs="0" name="temporal-multiplier" type="xsd:decimal">
          <xsd:annotation>
            <xsd:documentation>The temporal multiplier is a number between zero and one. Reference the CVSS standard for computation.</xsd:documentation>
          </xsd:annotation>
        </xsd:element>
        <xsd:group ref="temporalVectorsGroup"/>
        <xsd:element name="source" type="xsd:anyURI"/>
        <xsd:element name="generated-on-datetime" type="xsd:dateTime"/>
      </xsd:sequence>
    </xsd:extension>
  </xsd:complexContent>
</xsd:complexType>

Complex Type cvssImpactType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

restriction of cvssType

Type hierarchy

cvssType
- cvssImpactType

Children

base_metrics, environmental_metrics, temporal_metrics

Source

<xsd:complexType name="cvssImpactType">
  <xsd:complexContent>
    <xsd:restriction base="cvssType">
      <xsd:sequence>
        <xsd:element minOccurs="1" maxOccurs="1" name="base_metrics" type="baseMetricsType"/>
        <xsd:element minOccurs="0" maxOccurs="1" name="environmental_metrics" type="environmentalMetricsType"/>
        <xsd:element minOccurs="0" maxOccurs="1" name="temporal_metrics" type="temporalMetricsType"/>
      </xsd:sequence>
    </xsd:restriction>
  </xsd:complexContent>
</xsd:complexType>

Complex Type cvssImpactBaseType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Used by

Complex Type

cvssImpactTemporalType

Children

base_metrics

Source

<xsd:complexType name="cvssImpactBaseType">
  <xsd:sequence>
    <xsd:element name="base_metrics" type="baseMetricsType"/>
  </xsd:sequence>
</xsd:complexType>

Complex Type cvssImpactTemporalType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of cvssImpactBaseType

Type hierarchy

cvssImpactBaseType
- cvssImpactTemporalType

Used by

Complex Type

cvssImpactEnvironmentalType

Children

base_metrics, temporal_metrics

Source

<xsd:complexType name="cvssImpactTemporalType">
  <xsd:complexContent>
    <xsd:extension base="cvssImpactBaseType">
      <xsd:sequence>
        <xsd:element name="temporal_metrics" type="temporalMetricsType" minOccurs="0"/>
      </xsd:sequence>
    </xsd:extension>
  </xsd:complexContent>
</xsd:complexType>

Complex Type cvssImpactEnvironmentalType

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Type

extension of cvssImpactTemporalType

Type hierarchy

cvssImpactBaseType
- cvssImpactTemporalType
  - cvssImpactEnvironmentalType

Children

base_metrics, environmental_metrics, temporal_metrics

Source

<xsd:complexType name="cvssImpactEnvironmentalType">
  <xsd:complexContent>
    <xsd:extension base="cvssImpactTemporalType">
      <xsd:sequence>
        <xsd:element name="environmental_metrics" type="environmentalMetricsType" minOccurs="0"/>
      </xsd:sequence>
    </xsd:extension>
  </xsd:complexContent>
</xsd:complexType>

Attribute vectorAttributeGroup / @approximated

Namespace

No namespace

Annotations

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Type

xsd:boolean

Used by

Attribute Group

vectorAttributeGroup

Source

<xsd:attribute name="approximated" type="xsd:boolean" default="false">
  <xsd:annotation>
    <xsd:documentation>Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version</xsd:documentation>
  </xsd:annotation>
</xsd:attribute>

Attribute metricsType / @upgraded-from-version

Namespace

No namespace

Annotations

Indicates if the metrics have been upgraded from a previous version of CVSS.  If fields that were approximated will have an approximated attribute set to 'true'.

Type

xsd:decimal

Used by

Complex Type

metricsType

Source

<xsd:attribute name="upgraded-from-version" type="xsd:decimal">
  <xsd:annotation>
    <xsd:documentation>Indicates if the metrics have been upgraded from a previous version of CVSS. If fields that were approximated will have an approximated attribute set to 'true'.</xsd:documentation>
  </xsd:annotation>
</xsd:attribute>

Element Group baseVectorsGroup

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Used by

Complex Type

baseMetricsType

Children

access-complexity, access-vector, authentication, availability-impact, confidentiality-impact, integrity-impact

Source

<xsd:group name="baseVectorsGroup">
  <xsd:sequence>
    <xsd:element minOccurs="0" name="access-vector" type="accessVectorType"/>
    <xsd:element minOccurs="0" name="access-complexity" type="accessComplexityType"/>
    <xsd:element minOccurs="0" name="authentication" type="authenticationType"/>
    <xsd:element minOccurs="0" name="confidentiality-impact" type="ciaType"/>
    <xsd:element minOccurs="0" name="integrity-impact" type="ciaType"/>
    <xsd:element minOccurs="0" name="availability-impact" type="ciaType"/>
  </xsd:sequence>
</xsd:group>

Element Group environmentalVectorsGroup

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Used by

Complex Type

environmentalMetricsType

Children

availability-requirement, collateral-damage-potential, confidentiality-requirement, integrity-requirement, target-distribution

Source

<xsd:group name="environmentalVectorsGroup">
  <xsd:sequence>
    <xsd:element minOccurs="0" name="collateral-damage-potential" type="collateralDamagePotentialType"/>
    <xsd:element minOccurs="0" name="target-distribution" type="targetDistributionType"/>
    <xsd:element minOccurs="0" name="confidentiality-requirement" type="ciaRequirementType"/>
    <xsd:element minOccurs="0" name="integrity-requirement" type="ciaRequirementType"/>
    <xsd:element minOccurs="0" name="availability-requirement" type="ciaRequirementType"/>
  </xsd:sequence>
</xsd:group>

Element Group temporalVectorsGroup

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Used by

Complex Type

temporalMetricsType

Children

exploitability, remediation-level, report-confidence

Source

<xsd:group name="temporalVectorsGroup">
  <xsd:sequence>
    <xsd:element minOccurs="0" name="exploitability" type="exploitabilityType"/>
    <xsd:element minOccurs="0" name="remediation-level" type="remediationLevelType"/>
    <xsd:element minOccurs="0" name="report-confidence" type="confidenceType"/>
  </xsd:sequence>
</xsd:group>

Element Group baseVectorsCriteriaGroup

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Children

access-complexity, access-vector, authentication, availability-impact, confidentiality-impact, integrity-impact

Source

<xsd:group name="baseVectorsCriteriaGroup">
  <xsd:sequence>
    <xsd:element minOccurs="0" name="access-vector" type="accessVectorEnumType"/>
    <xsd:element minOccurs="0" name="access-complexity" type="accessComplexityEnumType"/>
    <xsd:element minOccurs="0" name="authentication" type="authenticationEnumType"/>
    <xsd:element minOccurs="0" name="confidentiality-impact" type="ciaEnumType"/>
    <xsd:element minOccurs="0" name="integrity-impact" type="ciaEnumType"/>
    <xsd:element minOccurs="0" name="availability-impact" type="ciaEnumType"/>
  </xsd:sequence>
</xsd:group>

Element Group environmentalVectorsCriteriaGroup

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Children

availability-requirement, collateral-damage-potential, confidentiality-requirement, integrity-requirement, target-distribution

Source

<xsd:group name="environmentalVectorsCriteriaGroup">
  <xsd:sequence>
    <xsd:element minOccurs="0" name="collateral-damage-potential" type="collateralDamagePotentialEnumType"/>
    <xsd:element minOccurs="0" name="target-distribution" type="targetDistributionEnumType"/>
    <xsd:element minOccurs="0" name="confidentiality-requirement" type="ciaRequirementEnumType"/>
    <xsd:element minOccurs="0" name="integrity-requirement" type="ciaRequirementEnumType"/>
    <xsd:element minOccurs="0" name="availability-requirement" type="ciaRequirementEnumType"/>
  </xsd:sequence>
</xsd:group>

Element Group temporalVectorsCriteriaGroup

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Children

exploitability, remediation-level, report-confidence

Source

<xsd:group name="temporalVectorsCriteriaGroup">
  <xsd:sequence>
    <xsd:element minOccurs="0" name="exploitability" type="exploitabilityEnumType"/>
    <xsd:element minOccurs="0" name="remediation-level" type="remediationLevelEnumType"/>
    <xsd:element minOccurs="0" name="report-confidence" type="confidenceEnumType"/>
  </xsd:sequence>
</xsd:group>

Attribute Group vectorAttributeGroup

Namespace

http://scap.nist.gov/schema/cvss-v2/1.0

Diagram

Used by

Complex Types

accessComplexityType, accessVectorType, authenticationType, ciaRequirementType, ciaType, collateralDamagePotentialType, confidenceType, exploitabilityType, remediationLevelType, targetDistributionType

Attributes

QName

Type

Default

Use

Annotation

approximated

xsd:boolean

false

optional

Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version

Source

<xsd:attributeGroup name="vectorAttributeGroup">
  <xsd:attribute name="approximated" type="xsd:boolean" default="false">
    <xsd:annotation>
      <xsd:documentation>Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version</xsd:documentation>
    </xsd:annotation>
  </xsd:attribute>
</xsd:attributeGroup>