OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: How to model the object in this situation

Hi TC members,

We are confused about how to describe "affected releases" in STIX 2.1.

There are two use cases:
1. CVE-2020-16013 exists in Google Chrome affected chrome versions prior to 86.0.4240.197. 
  →Are affected releases modeled using STIX Software SCO? ( chrome versions prior to 86.0.4240.197 here)

2. Microsoft Exchange Server Vulnerabilities(CVE-2021-26855、CVE-2021-26857、CVE-2021-26858及CVE-2021-27065) affected Microsoft Exchange Server 2013、2016、2019.  
  →Are affected releases modeled using STIX Identity SDO? ( Microsoft Exchange Server 2013、2016、2019 here)

We are wondering if there exists "an Object" (without building our own SDO/SCO) that could describe the affected object (no matter it is system or software)?

Jessie Chuang

Taiwan National Computer Emergency Response Team
No.116, Fuyang St., Da’an Dist., Taipei City 106, Taiwan (R.O.C.)
Tel: 886-2-6631-6483

This email may contain confidential information. Please disregard and delete this email if you are not the intended recipient.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]