Empirical.Models.EPSS
The Empirical.Models.EPSS API provides real-time updates and an accurate view of exploit likelihood through the Exploit Prediction Scoring System (EPSS). Users have access to EPSS scores updated hourly, support for legacy versions of EPSS (v3) as well as the newest version.
EPSS Users only receive this smaller subset of data. Examples are shown below.
Data Dictionary
Exploit Prediction Scoring Data
epss_v4
Empirical Security generates the EPSS scores that are served from first.org. In our enterprise API, we update the scores hourly rather than daily.
epss_score
float (ex. 0.9713943314711305)
epss_percentile
float (ex. 0.9713943314711305)
computed_at
datetime (ex. 2025-03-16 18:46:04 UTC)
epss_v3
Empirical Security generates the EPSS scores that are served from first.org. In our enterprise API, we update the scores hourly rather than daily
epss_score
float (ex. 0.9713943314711305)
epss_percentile
float (ex. 0.9713943314711305)
computed_at
datetime (ex. 2025-03-16 18:46:04 UTC)
CVE Data
description
Text summary describing the CVE ID referenced by the identifier.
string (ex. "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1")
vendor
The name of the software vendor responsible for the affected software. Spaces in vendor names should be replaced with underscores. string (ex. "google")
product
The name of the affected software product. Spaces in product names should be replaced with underscores. string (ex. "chrome_os")
CVSS and CWE Data
CVSS
Common Vulnerability Scoring System data
vector
integer (ex. 3.1)
score
integer (ex. 10.0)
vector
string (ex. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
metrics
See below for examples
sources
See below for examples
metrics
CVSS data includes:
attack_vector
string (ex. "Network")
attack_complexity
string (ex. "Low")
privileges_required
string (ex. "None")
user_interaction
string (ex. "None")
scope
string (ex. "Changed")
confidentiality
string (ex. "High")
integrity
string (ex. "High")
availability
string (ex. "High")
cwes
Common Weakness Enumeration data
identifier
string (ex. "CWE-200")
name
string ("Exposure of Sensitive Information to an Unauthorized Actor")
description
string (ex. "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.")
category_name
string (ex. "SFP Secondary Cluster: Exposed Data")
category_id
string (ex. "CWE-963")
API Response Example
{
"identifier": "CVE-2023-49103",
"description": "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.",
"reserved_at": "2023-11-21T06:00:00.000Z",
"published_at": "2023-11-21T06:00:00.000Z",
"cvss": [
{
"version": "3.1",
"score": 10.0,
"vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"metrics": {
"attack_vector": "Network",
"attack_complexity": "Low",
"privileges_required": "None",
"user_interaction": "None",
"scope": "Changed",
"confidentiality": "High",
"integrity": "High",
"availability": "High"
},
"sources": [
"mitre"
]
}
],
"cwes": [
{
"identifier": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
"description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
"category_name": "SFP Secondary Cluster: Exposed Data",
"category_id": "CWE-963"
}
],
"scores": {
"epss_v4": {
"score": 0.9091291982186883,
"percentile": 0.996181146025878,
"computed_at": "2025-03-16 18:46:04 UTC"
},
"epss_v3": {
"score": 0.92099,
"percentile": 0.99238,
"computed_at": "2025-03-16 15:46:16 UTC"
},
"global": {
"score": 0.9713943314711305,
"percentile": 0.9998484036161284,
"computed_at": "2025-03-16 07:27:24 UTC"
}
},
"platforms": [
{
"product": "product",
"vendor": "vendor"
}
]
}
Last updated
Was this helpful?