[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] How to model the object in this situation
With STIX 2.1 SCO objects are now treated as top-level objects. So yes, you would use the SCO Software object to describe the version of Chrome and the SDO Vulnerability to describe the CVE. Then you would use a relationship to tie them together. We did not call out this relationship type specifically in the specification. However, if you look at Infrastructure you can see that there is one called âhasâ vulnerability. So I would do the same here. SCO Software âhasâ SDO Vulnerability. Bret > On Mar 26, 2021, at 4:07 AM, èåæ <jessie@nccst.nat.gov.tw> wrote: > > Hi TC members, > > We are confused about how to describe "affected releases" in STIX 2.1. > > There are two use cases: > 1. CVE-2020-16013 exists in Google Chrome affected chrome versions prior to 86.0.4240.197. > âAre affected releases modeled using STIX Software SCO? ( chrome versions prior to 86.0.4240.197 here) > > 2. Microsoft Exchange Server Vulnerabilities(CVE-2021-26855ãCVE-2021-26857ãCVE-2021-26858åCVE-2021-27065) affected Microsoft Exchange Server 2013ã2016ã2019. > âAre affected releases modeled using STIX Identity SDO? ( Microsoft Exchange Server 2013ã2016ã2019 here) > > We are wondering if there exists "an Object" (without building our own SDO/SCO) that could describe the affected object (no matter it is system or software)? > > Regards, > Jessie Chuang > > Taiwan National Computer Emergency Response Team > No.116, Fuyang St., Daâan Dist., Taipei City 106, Taiwan (R.O.C.) > Tel: 886-2-6631-6483 > > This email may contain confidential information. Please disregard and delete this email if you are not the intended recipient. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]