{

"metadata": {
  "default": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
},
"content": [
  {
    "id": "server_security_misconfiguration",
    "children": [
      {
        "id": "unsafe_cross_origin_resource_sharing",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
      },
      {
        "id": "path_traversal",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
      },
      {
        "id": "directory_listing_enabled",
        "children": [
          {
            "id": "sensitive_data_exposure",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
          },
          {
            "id": "non_sensitive_data_exposure",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
          }
        ]
      },
      {
        "id": "same_site_scripting",
        "cvss_v3": "AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N"
      },
      {
        "id": "ssl_attack_breach_poodle_etc",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"
      },
      {
        "id": "using_default_credentials",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
      },
      {
        "id": "misconfigured_dns",
        "children": [
          {
            "id": "basic_subdomain_takeover",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          {
            "id": "high_impact_subdomain_takeover",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"
          },
          {
            "id": "zone_transfer",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
          },
          {
            "id": "missing_caa_record",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
          }
        ]
      },
      {
        "id": "mail_server_misconfiguration",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
        "children": [
          {
            "id": "no_spoofing_protection_on_email_domain",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
          },
          {
            "id": "email_spoofing_to_inbox_due_to_missing_or_misconfigured_dmarc_on_email_domain",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
          }
        ]
      },
      {
        "id": "dbms_misconfiguration",
        "children": [
          {
            "id": "excessively_privileged_user_dba",
            "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N"
          }
        ]
      },
      {
        "id": "lack_of_password_confirmation",
        "cvss_v3": "AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
        "children": [
          {
            "id": "manage_two_fa",
            "cvss_v3": "AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L"
          }
        ]
      },
      {
        "id": "no_rate_limiting_on_form",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
        "children": [
          {
            "id": "login",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          }
        ]
      },
      {
        "id": "unsafe_file_upload",
        "children": [
          {
            "id": "no_antivirus",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N"
          },
          {
            "id": "no_size_limit",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          {
            "id": "file_extension_filter_bypass",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
          }
        ]
      },
      {
        "id": "cookie_scoped_to_parent_domain",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "missing_secure_or_httponly_cookie_flag",
        "children": [
          {
            "id": "session_token",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
          },
          {
            "id": "non_session_cookie",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
          }
        ]
      },
      {
        "id": "clickjacking",
        "children": [
          {
            "id": "sensitive_action",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
          },
          {
            "id": "form_input",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
          },
          {
            "id": "non_sensitive_action",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
          }
        ]
      },
      {
        "id": "oauth_misconfiguration",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "children": [
          {
            "id": "account_takeover",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
          }
        ]
      },
      {
        "id": "captcha",
        "children": [
          {
            "id": "implementation_vulnerability",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          {
            "id": "brute_force",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
          },
          {
            "id": "missing",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
          }
        ]
      },
      {
        "id": "exposed_admin_portal",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "missing_dnssec",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "fingerprinting_banner_disclosure",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "username_enumeration",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "potentially_unsafe_http_method_enabled",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "insecure_ssl",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "rfd",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N"
      },
      {
        "id": "lack_of_security_headers",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
        "children": [
          {
            "id": "cache_control_for_a_sensitive_page",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
          }
        ]
      },
      {
        "id": "waf_bypass",
        "children": [
          {
            "id": "direct_server_access",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          }
        ]
      },
      {
        "id": "bitsquatting",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
      }
    ]
  },
  {
    "id": "server_side_injection",
    "children": [
      {
        "id": "file_inclusion",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
      },
      {
        "id": "parameter_pollution",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "remote_code_execution_rce",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
      },
      {
        "id": "sql_injection",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
      },
      {
        "id": "xml_external_entity_injection_xxe",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
      },
      {
        "id": "http_response_manipulation",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
      },
      {
        "id": "content_spoofing",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N",
        "children": [
          {
            "id": "iframe_injection",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
          },
          {
            "id": "external_authentication_injection",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
          },
          {
            "id": "flash_based_external_authentication_injection",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
          },
          {
            "id": "email_html_injection",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
          }
        ]
      }
    ]
  },
  {
    "id": "broken_authentication_and_session_management",
    "children": [
      {
        "id": "authentication_bypass",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
      },
      {
        "id": "two_fa_bypass",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
      },
      {
        "id": "privilege_escalation",
        "cvss_v3": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"
      },
      {
        "id": "cleartext_transmission_of_session_token",
        "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
      },
      {
        "id": "weak_login_function",
        "children": [
          {
            "id": "not_operational",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
          },
          {
            "id": "other_plaintext_protocol_no_secure_alternative",
            "cvss_v3": "AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
          },
          {
            "id": "lan_only",
            "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          {
            "id": "http_and_https_available",
            "cvss_v3": "AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
          },
          {
            "id": "https_not_available_or_http_by_default",
            "cvss_v3": "AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          }
        ]
      },
      {
        "id": "session_fixation",
        "children": [
          {
            "id": "remote_attack_vector",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
          },
          {
            "id": "local_attack_vector",
            "cvss_v3": "AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"
          }
        ]
      },
      {
        "id": "failure_to_invalidate_session",
        "children": [
          {
            "id": "on_logout",
            "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
          },
          {
            "id": "on_logout_server_side_only",
            "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
          },
          {
            "id": "on_password_change",
            "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"
          },
          {
            "id": "all_sessions",
            "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
          },
          {
            "id": "on_email_change",
            "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
          },
          {
            "id": "long_timeout",
            "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N"
          }
        ]
      },
      {
        "id": "concurrent_logins",
        "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "weak_registration_implementation",
        "cvss_v3": "AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N"
      }
    ]
  },
  {
    "id": "sensitive_data_exposure",
    "children": [
      {
        "id": "critically_sensitive_data",
        "children": [
          {
            "id": "password_disclosure",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
          },
          {
            "id": "private_api_keys",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
          }
        ]
      },
      {
        "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
        "children": [
          {
            "id": "automatic_user_enumeration",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
          },
          {
            "id": "manual_user_enumeration",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
          }
        ]
      },
      {
        "id": "visible_detailed_error_page",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
        "children": [
          {
            "id": "detailed_server_configuration",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
          }
        ]
      },
      {
        "id": "disclosure_of_known_public_information",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "token_leakage_via_referer",
        "children": [
          {
            "id": "trusted_third_party",
            "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
          },
          {
            "id": "untrusted_third_party",
            "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N"
          },
          {
            "id": "over_http",
            "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"
          }
        ]
      },
      {
        "id": "sensitive_token_in_url",
        "cvss_v3": "AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
      },
      {
        "id": "non_sensitive_token_in_url",
        "cvss_v3": "AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "weak_password_reset_implementation",
        "cvss_v3": "AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
        "children": [
          {
            "id": "token_leakage_via_host_header_poisoning",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"
          }
        ]
      },
      {
        "id": "mixed_content",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N"
      },
      {
        "id": "sensitive_data_hardcoded",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "internal_ip_disclosure",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "xssi",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"
      },
      {
        "id": "json_hijacking",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
      }
    ]
  },
  {
    "id": "cross_site_scripting_xss",
    "children": [
      {
        "id": "stored",
        "children": [
          {
            "id": "non_admin_to_anyone",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N"
          },
          {
            "id": "privileged_user_to_privilege_elevation",
            "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"
          },
          {
            "id": "privileged_user_to_no_privilege_elevation",
            "cvss_v3": "AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"
          },
          {
            "id": "url_based",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          {
            "id": "self",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
          }
        ]
      },
      {
        "id": "reflected",
        "children": [
          {
            "id": "non_self",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          {
            "id": "self",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
          }
        ]
      },
      {
        "id": "flash_based",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
      },
      {
        "id": "cookie_based",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N"
      },
      {
        "id": "ie_only",
        "children": [
          {
            "id": "ie_eleven",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
          },
          {
            "id": "xss_filter_disabled",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
          },
          {
            "id": "older_version_ie_eleven",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N"
          }
        ]
      },
      {
        "id": "referer",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
      },
      {
        "id": "trace_method",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
      },
      {
        "id": "universal_uxss",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
      },
      {
        "id": "off_domain",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
      }
    ]
  },
  {
    "id": "broken_access_control",
    "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
    "children": [
      {
        "id": "server_side_request_forgery_ssrf",
        "children": [
          {
            "id": "internal_high_impact",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"
          },
          {
            "id": "internal_scan_and_or_medium_impact",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N"
          },
          {
            "id": "external",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"
          }
        ]
      },
      {
        "id": "username_enumeration",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
      }
    ]
  },
  {
    "id": "cross_site_request_forgery_csrf",
    "children": [
      {
        "id": "application_wide",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L"
      },
      {
        "id": "action_specific",
        "children": [
          {
            "id": "authenticated_action",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N"
          },
          {
            "id": "unauthenticated_action",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
          },
          {
            "id": "logout",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N"
          }
        ]
      },
      {
        "id": "csrf_token_not_unique_per_request",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
      }
    ]
  },
  {
    "id": "application_level_denial_of_service_dos",
    "children": [
      {
        "id": "critical_impact_and_or_easy_difficulty",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
      },
      {
        "id": "high_impact_and_or_medium_difficulty",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
      },
      {
        "id": "app_crash",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
      }
    ]
  },
  {
    "id": "unvalidated_redirects_and_forwards",
    "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
    "children": [
      {
        "id": "open_redirect",
        "children": [
          {
            "id": "get_based",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
          }
        ]
      }
    ]
  },
  {
    "id": "external_behavior",
    "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
  },
  {
    "id": "insufficient_security_configurability",
    "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
    "children": [
      {
        "id": "no_password_policy",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
      },
      {
        "id": "weak_password_reset_implementation",
        "children": [
          {
            "id": "token_is_not_invalidated_after_use",
            "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
          }
        ]
      },
      {
        "id": "weak_two_fa_implementation",
        "children": [
          {
            "id": "two_fa_secret_cannot_be_rotated",
            "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          {
            "id": "two_fa_secret_remains_obtainable_after_two_fa_is_enabled",
            "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
          }
        ]
      }
    ]
  },
  {
    "id": "using_components_with_known_vulnerabilities",
    "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
    "children": [
      {
        "id": "rosetta_flash",
        "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
      }
    ]
  },
  {
    "id": "insecure_data_storage",
    "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
    "children": [
      {
        "id": "sensitive_application_data_stored_unencrypted",
        "children": [
          {
            "id": "on_external_storage",
            "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
          }
        ]
      },
      {
        "id": "server_side_credentials_storage",
        "children": [
          {
            "id": "plaintext",
            "cvss_v3": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N"
          }
        ]
      }
    ]
  },
  {
    "id": "lack_of_binary_hardening",
    "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
  },
  {
    "id": "insecure_data_transport",
    "children": [
      {
        "id": "cleartext_transmission_of_sensitive_data",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
      },
      {
        "id": "executable_download",
        "children": [
          {
            "id": "no_secure_integrity_check",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"
          },
          {
            "id": "secure_integrity_check",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N"
          }
        ]
      }
    ]
  },
  {
    "id": "insecure_os_firmware",
    "children": [
      {
        "id": "command_injection",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
      },
      {
        "id": "hardcoded_password",
        "children": [
          {
            "id": "privileged_user",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
          },
          {
            "id": "non_privileged_user",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
          }
        ]
      }
    ]
  },
  {
    "id": "broken_cryptography",
    "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
  },
  {
    "id": "privacy_concerns",
    "children": [
      {
        "id": "unnecessary_data_collection",
        "children": [
          {
            "id": "wifi_ssid_password",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
          }
        ]
      }
    ]
  },
  {
    "id": "network_security_misconfiguration",
    "children": [
      {
        "id": "telnet_enabled",
        "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"
      }
    ]
  },
  {
    "id": "mobile_security_misconfiguration",
    "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
    "children": [
      {
        "id": "clipboard_enabled",
        "children": [
          {
            "id": "on_sensitive_content",
            "cvss_v3": "AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"
          },
          {
            "id": "on_non_sensitive_content",
            "cvss_v3": "AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N"
          }
        ]
      }
    ]
  },
  {
    "id": "client_side_injection",
    "children": [
      {
        "id": "binary_planting",
        "children": [
          {
            "id": "privilege_escalation",
            "cvss_v3": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
          },
          {
            "id": "non_default_folder_privilege_escalation",
            "cvss_v3": "AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"
          },
          {
            "id": "no_privilege_escalation",
            "cvss_v3": "AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N"
          }
        ]
      }
    ]
  },
  {
    "id": "automotive_security_misconfiguration",
    "children": [
      {
        "id": "infotainment",
        "children": [
          {
            "id": "pii_leakage",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
          },
          {
            "id": "code_execution_can_bus_pivot",
            "cvss_v3": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
          },
          {
            "id": "code_execution_no_can_bus_pivot",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"
          },
          {
            "id": "unauthorized_access_to_services",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"
          },
          {
            "id": "source_code_dump",
            "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          {
            "id": "dos_brick",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
          },
          {
            "id": "default_credentials",
            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
          }
        ]
      },
      {
        "id": "rf_hub",
        "children": [
          {
            "id": "key_fob_cloning",
            "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
          },
          {
            "id": "can_injection_interaction",
            "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
          },
          {
            "id": "data_leakage_pull_encryption_mechanism",
            "cvss_v3": "AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
          },
          {
            "id": "unauthorized_access_turn_on",
            "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L"
          },
          {
            "id": "roll_jam",
            "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
          },
          {
            "id": "replay",
            "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
          },
          {
            "id": "relay",
            "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
          }
        ]
      },
      {
        "id": "can",
        "children": [
          {
            "id": "injection_disallowed_messages",
            "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
          },
          {
            "id": "injection_dos",
            "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
          }
        ]
      }
    ]
  }
]

}