Access the Vulnerability Entities

  • Release version: Xanadu
  • Updated February 20, 2026
  • 9 minutes to read

    • The Vulnerability Intelligence Center (VIC) uses the following entities to store and organize vulnerability, product, and vendor intelligence data.

    Product

    The Product entity stores information about software and hardware products that may be affected by vulnerabilities from the table sn_sec_tisc_intel_product.

    Label Description
    ID Indicates the Product ID, which must be unique.
    Name Indicates the name of the product. The value should be the product's full canonical name, including version number.
    Vendor Indicates the corresponding vendor for the product. References the Vendor table (sn_sec_tisc_vendor). Vendors can be created in the Threat Intelligence Library.
    Product Family Indicates the product family that the product falls into.
    Architecture Specifies the architecture for which the product is intended, such as x86, ARM, or x64.
    Host Name Specifies the host name or system name where the product is installed or running.
    Language Specifies the language or locale of the product.
    Patch Level Indicates the patch level or update level of the product.
    Service Pack Indicates the service pack level applied to the product.
    Specification Provides additional specification details about the product.
    Product Group Indicates the parent product group this product belongs to. References the product table itself, as product groups are also stored in the product table.
    Last Modified in Source Timestamp indicating when the product information was last modified in the source system.
    Created in Source Timestamp indicating when the product was first created in the source system.
    Replaced By Product Reference to a product that replaces this product. Used when a product has been superseded or replaced by a newer version or alternative.
    Product Version(s) Specifies the version or versions of the product as comma-separated values. Indicates specific version numbers for product identification.
    Product Version Range Specifies a range of product versions affected. Used in vulnerability contexts to indicate version ranges using operators or specific version bounds.
    Is Product Group Boolean flag indicating whether this entry represents a product group rather than an individual product.
    CPE The Common Platform Enumeration (CPE) attribute that provides standardized product identification using CPE 2.3 or CPE 2.2 format.
    Status

    Indicates the current lifecycle status of the product. Valid values:

    • Active: Product is currently active and supported.
    • Legacy (End of Product): Product has reached end-of-life but may still be in use.
    • Deprecated By Vendor: Product has been officially deprecated by the vendor and is no longer supported.

    Remediation

    The Remediation entity stores information about available fixes, mitigations, and workarounds for vulnerabilities from the table sn_sec_tisc_vulnerability_remediation.

    Label Description
    Remediation Id Auto-generated unique identifier for the remediation record. Used for internal tracking and reference purposes.
    Description Contains a thorough human-readable discussion of the remediation, including detailed steps and guidance for addressing the vulnerability.
    Prerequisites Lists the conditions that must be met for the vulnerability remediation to apply. Contains any vendor-defined constraints or requirements for obtaining and applying the fix.
    Action Link Contains the URL where the remediation can be obtained.
    Type Specifies the category of the remediation.

    The following are the valid values for this type:

    • Workaround: A temporary solution that mitigates the vulnerability without fixing the root cause.
    • Mitigation: Actions that reduce the severity or impact of the vulnerability.
    • Vendor fix: An official patch or update provided by the vendor that resolves the vulnerability.
    • First fixed: The first version where the vulnerability has been fixed.
    • None available: No remediation is currently available.
    • Will not fix: The vendor has decided not to fix this vulnerability.
    • No fix planned: There are no plans to fix this vulnerability in the future.
    Restart Category Indicates whether a restart is necessary after remediation and, if so, this specifies the required type of restart.

    The following are the valid values for this category:

    • Connected: Restart of connected systems or services is required.
    • Dependencies: Restart of dependent components or services is required.
    • Machine: Full machine or system restart is required.
    • Parent: Restart of the parent process or service is required.
    • Service: Restart of the specific service is required.
    • System: System level restart is required.
    • Vulnerable component: Only the vulnerable component needs to be restarted.
    • Zone: Restart of the security zone or container is required.
    Remediation Published Date Contains the date from which the remediation is available.
    Vulnerability Reference to the vulnerability being remediated.
    Products Specifies a list of products to give context to the remediation. Contains references to products affected by or related to this remediation.

    Vendor

    The Vendor entity stores information about organizations that develop or distribute products from the table sn_sec_tisc_intel_vendor.

    Label Description
    Name Indicates the name of the vendor.
    Contact Details Provides contact information for the vendor, such as email addresses and phone numbers.
    Organization Specifies organizational context for the vendor, such as department, division, or organizational unit.
    Description Provides a detailed description of the vendor's role, scope, and relevant background information.
    Website URL Contains the vendor's official website URL.

    CWE Weakness

    The CWE Weakness entity stores Common Weakness Enumeration records that describe categories of software weaknesses from the table sn_sec_tisc_cwe_weakness.

    Label Description
    ID Indicates the unique CWE identifier, such as CWE-79 or CWE-89, that standardizes the identification of software weaknesses.
    Name Indicates the name of the CWE weakness as defined in the CWE catalog.
    Description Provides a detailed description of the weakness, its characteristics, and potential security implications.
    Type Specifies the type classification of the CWE weakness.

    The following are the valid values for this type:

    • Primary: The initial, underlying weakness that directly enables a subsequent weakness to occur.
    • Secondary: The weakness that is triggered or made possible by the occurrence of the primary weakness.

    Vulnerability Product Mapping

    The Vulnerability Product Mapping entity defines the relationship between vulnerabilities and affected products from the table sn_sec_tisc_m2m_vulnerability_product.

    Label Description
    Vulnerability Reference to the vulnerability record that affects the associated product.
    Product Reference to the product record that is affected by the associated vulnerability.
    Status

    Indicates the relationship status between the vulnerability and product. Valid values:

    • Known affected: Product version is confirmed to be affected by the vulnerability.
    • Known not affected: Product version is confirmed to not be affected by the vulnerability.
    • First affected: First version of the product affected by the vulnerability.
    • First fixed: First version where the vulnerability has been fixed.
    • Fixed: Product version has been fixed and is no longer vulnerable.
    • Last affected: Last version of the product affected by the vulnerability.
    • Recommended: Recommended version to use to avoid the vulnerability.
    • Under investigation: Product version is currently being investigated by the vendor; it is not yet known whether this version is affected.

    Related Vulnerability CWE

    The Related Vulnerability CWE entity maps vulnerabilities to their associated CWE weaknesses from the table sn_sec_tisc_m2m_vulnerability_cwe.

    Label Description
    Vulnerability Reference to the vulnerability record associated with the CWE weakness.
    CWE Reference to the CWE weakness record.

    CWE Weakness Relationship

    The CWE Weakness Relationship entity defines hierarchical and associative relationships between CWE weakness records from the table sn_sec_tisc_m2m_cwe.

    Label Description
    Source CWE Reference to the source CWE weakness record in the relationship.
    Target CWE Reference to the target CWE weakness record in the relationship.
    Relationship Type Specifies the type of relationship between the source and target CWE weaknesses. Valid values:
    • Parent/Child: Hierarchical relationship where one CWE is a parent or child of another.
    • Peer: Peer relationship where CWEs are at the same level or category.
    • Requires/Can Precede: One CWE requires or can precede another in an attack chain.
    • Can Also Be: One CWE can also be classified or manifested as another.

    Attribute

    The Attribute entity defines metadata attributes that can be assigned to vulnerabilities from the table sn_sec_tisc_intel_attribute.

    Label Description
    Name Indicates the name used to identify the attribute in the system.
    Description Provides a detailed description of the attribute's purpose, usage, and meaning.
    Active Boolean flag indicating whether the attribute is currently active and available for use.
    Internal Identifier Contains the internal system identifier for the attribute. Used for programmatic reference and integration purposes.
    Attribute Type Specifies the category or type of the attribute.

    The following are the valid values for this type:

    • Score attribute: Attribute related to scoring metrics.
    • Threat attribute: Attribute related to threat characteristics or properties.
    • Other attribute: General purpose attribute not fitting other categories.
    • Score value: Attribute representing a specific score or numerical value.

    Vulnerability Attribute Value

    The Vulnerability Attribute Value entity stores attribute values assigned to specific vulnerabilities from the table sn_sec_tisc_m2m_vulnerability_attribute_value.

    Label Description
    Vulnerability Reference to the vulnerability record that has this attribute value assigned.
    Attribute Reference to the attribute definition being assigned to the vulnerability.
    Qualitative Value Contains the qualitative or text-based value for the attribute, such as "High" or "Critical". Used when the attribute value is descriptive rather than numeric.
    Quantitative Value Contains the quantitative or numeric value for the attribute, such as CVSS scores or probability values. Used when the attribute value is a number or decimal.

    Vulnerability Identifier

    The Vulnerability Identifier entity stores alternative or supplementary identifiers for vulnerabilities from the table sn_sec_tisc_vulnerability_identifier.

    Label Description
    Vulnerability Reference to the vulnerability record that this identifier represents.
    Identifier Contains the unique identifier value for the vulnerability. This can be a vendor-specific ID or standardized identifier such as GHSA-xxxx-xxxx-xxxx or OSV-xxxx-xxxx.
    Identifier Assigned By Indicates the organization or authority that assigned the identifier, such as MITRE, NVD, or GitHub.

    Vulnerability Vendor Comment

    The Vulnerability Vendor Comment entity stores vendor-provided statements and comments about specific vulnerabilities from the table sn_sec_tisc_m2m_vulnerability_vendor_comment.

    Label Description
    Vulnerability Reference to the vulnerability record that the vendor is commenting on.
    Vendor Reference to the vendor providing the comment.
    Comment Contains the vendor's comment or statement about the vulnerability, including vendor-specific clarifications or additional context.
    Comment Date Timestamp indicating when the vendor comment was published or last updated.

    Product Identifier

    The Product Identifier entity stores alternative identifiers associated with products from the table sn_sec_tisc_intel_product_identifier.

    Label Description
    Product Reference to the product record that this identifier belongs to.
    Identifier Type Specifies the type of identifier used for product identification.

    The following are the valid values for this category:

    • Hashes: Cryptographic hash values for verifying product integrity, such as SHA-256 or MD5.
    • Model Numbers: Manufacturer's model numbers or part numbers.
    • PURL: Package URL, a standardized way to identify software packages.
    • SBOM URLs: URLs pointing to Software Bill of Materials documents.
    • Serial Numbers: Unique serial numbers assigned to product instances.
    • SKUs: Stock Keeping Units for product identification.
    • Generic URIs: Generic Uniform Resource Identifiers for product references.
    Identifier Contains the actual identifier value, such as a hash value, model number, PURL string, or serial number.
    Additional Information Provides supplementary information about the identifier, including additional context or notes that clarify or qualify it.

    Related Product

    The Related Product entity defines relationships between products from the table sn_sec_tisc_m2m_product.

    Label Description
    Source Product Reference to the source product in the relationship.
    Target Product Reference to the target product in the relationship.

    Vulnerability Class

    The vulnerability class options are configured in the sn_sec_tisc_vulnerability_class table, enabling you to define and manage vulnerability class selections on the Vulnerabilities page.

    Field Description
    Name Name of the vulnerability class.
    Description A brief description of the vulnerability class.