[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: How to model the object in this situation
Hi TC members, We are confused about how to describe "affected releases" in STIX 2.1. There are two use cases: 1. CVE-2020-16013 exists in Google Chrome affected chrome versions prior to 86.0.4240.197. →Are affected releases modeled using STIX Software SCO? ( chrome versions prior to 86.0.4240.197 here) 2. Microsoft Exchange Server Vulnerabilities(CVE-2021-26855、CVE-2021-26857、CVE-2021-26858及CVE-2021-27065) affected Microsoft Exchange Server 2013、2016、2019. →Are affected releases modeled using STIX Identity SDO? ( Microsoft Exchange Server 2013、2016、2019 here) We are wondering if there exists "an Object" (without building our own SDO/SCO) that could describe the affected object (no matter it is system or software)? Regards, Jessie Chuang Taiwan National Computer Emergency Response Team No.116, Fuyang St., Da’an Dist., Taipei City 106, Taiwan (R.O.C.) Tel: 886-2-6631-6483 This email may contain confidential information. Please disregard and delete this email if you are not the intended recipient.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]