Empirical.Models.EPSS

The Empirical.Models.EPSS API provides real-time updates and an accurate view of exploit likelihood through the Exploit Prediction Scoring System (EPSS). Users have access to EPSS scores updated hourly, support for legacy versions of EPSS (v3) as well as the newest version.

EPSS Users only receive this smaller subset of data. Examples are shown below.

Data Dictionary

Exploit Prediction Scoring Data

epss_v4

Empirical Security generates the EPSS scores that are served from first.org. In our enterprise API, we update the scores hourly rather than daily.

epss_score float (ex. 0.9713943314711305)

epss_percentile float (ex. 0.9713943314711305)

computed_at datetime (ex. 2025-03-16 18:46:04 UTC)

epss_v3

Empirical Security generates the EPSS scores that are served from first.org. In our enterprise API, we update the scores hourly rather than daily

epss_score float (ex. 0.9713943314711305)

epss_percentile float (ex. 0.9713943314711305)

computed_at datetime (ex. 2025-03-16 18:46:04 UTC)

CVE Data

identifier

CVE ID assigned to a vulnerability

string (ex. "CVE-2023-49103")

description

Text summary describing the CVE ID referenced by the identifier.

string (ex. "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1")

reserved_at

datetime (ex. "2023-11-21T00:00:00.000Z")

published_at

datetime (ex. "2023-11-21T00:00:00.000Z")

recently_updated

Returns CVEs with updated information and/or any score change greater than 0.0001 within the selected date range.

past_day boolean CVE data has been updated in the last 24 hours

past_week boolean CVE data has been updated in the last 7 days

past_month boolean CVE data has been updated in the last 30 days

vendor

The name of the software vendor responsible for the affected software. Spaces in vendor names should be replaced with underscores. string (ex. "google")

product

The name of the affected software product. Spaces in product names should be replaced with underscores. string (ex. "chrome_os")

CVSS and CWE Data

CVSS

Common Vulnerability Scoring System data (only 4.0 and 3.1 vectors are supported)

version integer (ex. 3.1)

score integer (ex. 10.0)

vector string (ex. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

metrics See below for examples

sources See below for examples

metrics

CVSS data includes:

attack_vector string (ex. "Network")

attack_complexity string (ex. "Low")

privileges_required string (ex. "None")

user_interaction string (ex. "None")

scope string (ex. "Changed")

confidentiality string (ex. "High")

integrity string (ex. "High")

availability string (ex. "High")

sources

CVSS data includes:

string (ex. ["[email protected]", "mitre"])

cwes

Common Weakness Enumeration data

identifier string (ex. "CWE-200")

name string ("Exposure of Sensitive Information to an Unauthorized Actor")

description string (ex. "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.")

category_name string (ex. "SFP Secondary Cluster: Exposed Data")

category_id string (ex. "CWE-963")

API Response Example

{
  "identifier": "CVE-2023-49103",
  "description": "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.",
  "reserved_at": "2023-11-21T06:00:00.000Z",
  "published_at": "2023-11-21T06:00:00.000Z",
  "cvss": [
    {
      "version": "3.1",
      "score": 10.0,
      "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "metrics": {
        "attack_vector": "Network",
        "attack_complexity": "Low",
        "privileges_required": "None",
        "user_interaction": "None",
        "scope": "Changed",
        "confidentiality": "High",
        "integrity": "High",
        "availability": "High"
      },
      "sources": [
        "mitre"
      ]
    }
  ],
  "cwes": [
    {
      "identifier": "CWE-200",
      "name": "Exposure of Sensitive Information to an Unauthorized Actor",
      "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
      "category_name": "SFP Secondary Cluster: Exposed Data",
      "category_id": "CWE-963"
    }
  ],
  "scores": {
    "epss_v4": {
      "score": 0.9091291982186883,
      "percentile": 0.996181146025878,
      "computed_at": "2025-03-16 18:46:04 UTC"
    },
    "epss_v3": {
      "score": 0.92099,
      "percentile": 0.99238,
      "computed_at": "2025-03-16 15:46:16 UTC"
    },
    "global": {
      "score": 0.9713943314711305,
      "percentile": 0.9998484036161284,
      "computed_at": "2025-03-16 07:27:24 UTC"
    }
  },
  "platforms": [
    {
      "product": "product",
      "vendor": "vendor"
    }
  ]
}

PreviousEmpirical.Models.Global NextLegacy - Exploit Intelligence Service

Last updated 7 months ago

Was this helpful?