{
"metadata": { "default": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, "content": [ { "id": "server_security_misconfiguration", "children": [ { "id": "unsafe_cross_origin_resource_sharing", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N" }, { "id": "path_traversal", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "id": "directory_listing_enabled", "children": [ { "id": "sensitive_data_exposure", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "id": "non_sensitive_data_exposure", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" } ] }, { "id": "same_site_scripting", "cvss_v3": "AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "id": "ssl_attack_breach_poodle_etc", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "id": "using_default_credentials", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "id": "misconfigured_dns", "children": [ { "id": "basic_subdomain_takeover", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "id": "high_impact_subdomain_takeover", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "id": "zone_transfer", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "id": "missing_caa_record", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N" } ] }, { "id": "mail_server_misconfiguration", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "children": [ { "id": "no_spoofing_protection_on_email_domain", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "id": "email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ] }, { "id": "dbms_misconfiguration", "children": [ { "id": "excessively_privileged_user_dba", "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N" } ] }, { "id": "lack_of_password_confirmation", "cvss_v3": "AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "children": [ { "id": "manage_two_fa", "cvss_v3": "AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" } ] }, { "id": "no_rate_limiting_on_form", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "children": [ { "id": "login", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "id": "change_password", "cvss_v3": "AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L" } ] }, { "id": "unsafe_file_upload", "children": [ { "id": "no_antivirus", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "id": "no_size_limit", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "id": "file_extension_filter_bypass", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" } ] }, { "id": "cookie_scoped_to_parent_domain", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "missing_secure_or_httponly_cookie_flag", "children": [ { "id": "session_token", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "id": "non_session_cookie", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" } ] }, { "id": "clickjacking", "children": [ { "id": "sensitive_action", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "id": "form_input", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "id": "non_sensitive_action", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" } ] }, { "id": "oauth_misconfiguration", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "children": [ { "id": "account_takeover", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "id": "account_squatting", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ] }, { "id": "captcha", "children": [ { "id": "implementation_vulnerability", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "id": "brute_force", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "missing", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" } ] }, { "id": "exposed_admin_portal", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "missing_dnssec", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "fingerprinting_banner_disclosure", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "username_enumeration", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "potentially_unsafe_http_method_enabled", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "insecure_ssl", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "rfd", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "id": "lack_of_security_headers", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "children": [ { "id": "cache_control_for_a_sensitive_page", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] }, { "id": "waf_bypass", "children": [ { "id": "direct_server_access", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ] }, { "id": "race_condition", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "cache_poisoning", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "bitsquatting", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] }, { "id": "server_side_injection", "children": [ { "id": "file_inclusion", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "id": "parameter_pollution", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "remote_code_execution_rce", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "id": "sql_injection", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "id": "xml_external_entity_injection_xxe", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "id": "http_response_manipulation", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "id": "content_spoofing", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N", "children": [ { "id": "iframe_injection", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "id": "impersonation_via_broken_link_hijacking", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "id": "external_authentication_injection", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "id": "flash_based_external_authentication_injection", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "id": "email_html_injection", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ] }, { "id": "ssti", "children": [ { "id": "basic", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "id": "custom", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ] } ] }, { "id": "broken_authentication_and_session_management", "children": [ { "id": "authentication_bypass", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "id": "two_fa_bypass", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "id": "privilege_escalation", "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N" }, { "id": "cleartext_transmission_of_session_token", "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "id": "weak_login_function", "children": [ { "id": "not_operational", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "other_plaintext_protocol_no_secure_alternative", "cvss_v3": "AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "id": "over_http", "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ] }, { "id": "session_fixation", "children": [ { "id": "remote_attack_vector", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N" }, { "id": "local_attack_vector", "cvss_v3": "AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N" } ] }, { "id": "failure_to_invalidate_session", "children": [ { "id": "on_logout", "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "id": "on_logout_server_side_only", "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N" }, { "id": "on_password_change", "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "id": "all_sessions", "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N" }, { "id": "on_email_change", "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N" }, { "id": "on_two_fa_activation_change", "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N" }, { "id": "long_timeout", "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N" } ] }, { "id": "concurrent_logins", "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N" }, { "id": "weak_registration_implementation", "cvss_v3": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N" } ] }, { "id": "sensitive_data_exposure", "children": [ { "id": "disclosure_of_secrets", "children": [ { "id": "for_publicly_accessible_asset", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "id": "for_internal_asset", "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "id": "pay_per_use_abuse", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "id": "intentionally_public_sample_or_invalid", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "data_traffic_spam", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "non_corporate_user", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" } ] }, { "id": "exif_geolocation_data_not_stripped_from_uploaded_images", "children": [ { "id": "automatic_user_enumeration", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "id": "manual_user_enumeration", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] }, { "id": "visible_detailed_error_page", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "children": [ { "id": "detailed_server_configuration", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] }, { "id": "disclosure_of_known_public_information", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "token_leakage_via_referer", "children": [ { "id": "trusted_third_party", "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N" }, { "id": "untrusted_third_party", "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N" }, { "id": "over_http", "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N" } ] }, { "id": "sensitive_token_in_url", "cvss_v3": "AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "id": "non_sensitive_token_in_url", "cvss_v3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "weak_password_reset_implementation", "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "children": [ { "id": "token_leakage_via_host_header_poisoning", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" } ] }, { "id": "mixed_content", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N" }, { "id": "sensitive_data_hardcoded", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "internal_ip_disclosure", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "xssi", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N" }, { "id": "json_hijacking", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "id": "via_localstorage_sessionstorage", "children": [ { "id": "sensitive_token", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "id": "non_sensitive_token", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N" } ] } ] }, { "id": "cross_site_scripting_xss", "children": [ { "id": "stored", "children": [ { "id": "non_admin_to_anyone", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N" }, { "id": "privileged_user_to_privilege_elevation", "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "id": "privileged_user_to_no_privilege_elevation", "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N" }, { "id": "url_based", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "id": "self", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" } ] }, { "id": "reflected", "children": [ { "id": "non_self", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "id": "self", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" } ] }, { "id": "flash_based", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N" }, { "id": "cookie_based", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N" }, { "id": "ie_only", "children": [ { "id": "ie_eleven", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "id": "xss_filter_disabled", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "older_version_ie_eleven", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N" } ] }, { "id": "referer", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "id": "trace_method", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "universal_uxss", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "id": "off_domain", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ] }, { "id": "broken_access_control", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "children": [ { "id": "server_side_request_forgery_ssrf", "children": [ { "id": "internal_high_impact", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "id": "internal_scan_and_or_medium_impact", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N" }, { "id": "external", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L" } ] }, { "id": "username_enumeration", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] }, { "id": "cross_site_request_forgery_csrf", "children": [ { "id": "application_wide", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" }, { "id": "action_specific", "children": [ { "id": "authenticated_action", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N" }, { "id": "unauthenticated_action", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "id": "logout", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" } ] }, { "id": "csrf_token_not_unique_per_request", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "id": "flash_based", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" } ] }, { "id": "application_level_denial_of_service_dos", "children": [ { "id": "critical_impact_and_or_easy_difficulty", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "id": "high_impact_and_or_medium_difficulty", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "id": "app_crash", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" } ] }, { "id": "unvalidated_redirects_and_forwards", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "children": [ { "id": "open_redirect", "children": [ { "id": "get_based", "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ] } ] }, { "id": "external_behavior", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "insufficient_security_configurability", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "children": [ { "id": "no_password_policy", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "id": "weak_password_reset_implementation", "children": [ { "id": "token_is_not_invalidated_after_use", "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" } ] }, { "id": "weak_two_fa_implementation", "children": [ { "id": "two_fa_secret_cannot_be_rotated", "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "id": "two_fa_secret_remains_obtainable_after_two_fa_is_enabled", "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ] } ] }, { "id": "using_components_with_known_vulnerabilities", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "children": [ { "id": "rosetta_flash", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" } ] }, { "id": "insecure_data_storage", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "children": [ { "id": "sensitive_application_data_stored_unencrypted", "children": [ { "id": "on_external_storage", "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ] }, { "id": "server_side_credentials_storage", "children": [ { "id": "plaintext", "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N" } ] } ] }, { "id": "lack_of_binary_hardening", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" }, { "id": "insecure_data_transport", "children": [ { "id": "cleartext_transmission_of_sensitive_data", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "id": "executable_download", "children": [ { "id": "no_secure_integrity_check", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "id": "secure_integrity_check", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N" } ] } ] }, { "id": "insecure_os_firmware", "children": [ { "id": "command_injection", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "id": "hardcoded_password", "children": [ { "id": "privileged_user", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "id": "non_privileged_user", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ] } ] }, { "id": "broken_cryptography", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" }, { "id": "privacy_concerns", "children": [ { "id": "unnecessary_data_collection", "children": [ { "id": "wifi_ssid_password", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] } ] }, { "id": "network_security_misconfiguration", "children": [ { "id": "telnet_enabled", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" } ] }, { "id": "mobile_security_misconfiguration", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "children": [ { "id": "clipboard_enabled", "cvss_v3": "AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "id": "auto_backup_allowed_by_default", "cvss_v3": "AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ] }, { "id": "client_side_injection", "children": [ { "id": "binary_planting", "children": [ { "id": "privilege_escalation", "cvss_v3": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "id": "non_default_folder_privilege_escalation", "cvss_v3": "AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "id": "no_privilege_escalation", "cvss_v3": "AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N" } ] } ] }, { "id": "automotive_security_misconfiguration", "children": [ { "id": "infotainment_radio_head_unit", "children": [ { "id": "pii_leakage", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "id": "ota_firmware_manipulation", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "id": "code_execution_can_bus_pivot", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "id": "code_execution_no_can_bus_pivot", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "id": "unauthorized_access_to_services", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" }, { "id": "source_code_dump", "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "id": "dos_brick", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "id": "default_credentials", "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] }, { "id": "rf_hub", "children": [ { "id": "key_fob_cloning", "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "id": "can_injection_interaction", "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "id": "data_leakage_pull_encryption_mechanism", "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "id": "unauthorized_access_turn_on", "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L" }, { "id": "roll_jam", "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "id": "replay", "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" }, { "id": "relay", "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N" } ] }, { "id": "can", "children": [ { "id": "injection_battery_management_system", "cvss_v3": "AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "id": "injection_steering_control", "cvss_v3": "AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "id": "injection_pyrotechnical_device_deployment_tool", "cvss_v3": "AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "id": "injection_headlights", "cvss_v3": "AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "id": "injection_sensors", "cvss_v3": "AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "id": "injection_vehicle_anti_theft_systems", "cvss_v3": "AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "id": "injection_powertrain", "cvss_v3": "AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "id": "injection_basic_safety_message", "cvss_v3": "AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" }, { "id": "injection_disallowed_messages", "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "id": "injection_dos", "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ] }, { "id": "battery_management_system", "children": [ { "id": "firmware_dump", "cvss_v3": "AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "id": "fraudulent_interface", "cvss_v3": "AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H" } ] }, { "id": "gnss_gps", "children": [ { "id": "spoofing", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" } ] }, { "id": "immobilizer", "children": [ { "id": "engine_start", "cvss_v3": "AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" } ] }, { "id": "abs", "children": [ { "id": "unintended_acceleration_brake", "cvss_v3": "AV:P/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" } ] }, { "id": "rsu", "children": [ { "id": "sybil_attack", "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H" } ] } ] }, { "id": "indicators_of_compromise", "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N" } ]
}