LLexicon Workbenchv2.1
home/glossary/vulnerability

vulnerability

nounid 4629·updated May 9, 2026
candidate
GlossaryL1 — whatDictionaryL2 — how usedThesaurusL3 — relationsUniversaleverything

Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

polysemous

Classifications

per-axis with provenance

Entity Type

Vulnerability95%rule-basedr:entity.vulnerability.cve.v1

Sensitivity

unclassified

Information Class

unclassified

Variants

3 surface forms
plural
vulnerabilities
possessive
vulnerability's
pluralpossessive
vulnerabilities'

Framework definitions

18 senses across 17 frameworks
National Initiative for Cybersecurity Careers and Studies (NICCS) Cybersecurity Lexicon1 senseview framework →
§1 · extended_definition_available
A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.
ISACA Cybersecurity Glossary1 senseview framework →
§1
A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events
NIST Cybersecurity Framework1 senseview framework →
§1
A weakness in an information system, administrative controls, internal controls, system security practices and procedures, implementation, or physical layout that could be accidentally triggered or intentionally exploited by a threat in order to gain unauthorized access to information or disrupt processing.
FFIEC Cybersecurity Assessment Tool, Baseline, May 20171 senseview framework →
§1
A weakness in an information system, administrative controls, internal controls, system security practices and procedures, implementation, or physical layout that could be accidentally triggered or intentionally exploited by a threat in order to gain unauthorized access to information or disrupt processing.
NERC CIP-010-2 (Config Change Management & Vulnerability) v21 senseview framework →
§1
A weakness in an information system, administrative controls, internal controls, system security practices and procedures, implementation, or physical layout that could be accidentally triggered or intentionally exploited by a threat in order to gain unauthorized access to information or disrupt processing.
NERC CIP-007-6 (System Security Management) v61 senseview framework →
§1
A weakness in an information system, administrative controls, internal controls, system security practices and procedures, implementation, or physical layout that could be accidentally triggered or intentionally exploited by a threat in order to gain unauthorized access to information or disrupt processing.
CPMI-IOSCO Guidance on Cyber Resilience for Financial Market Infrastructures1 senseview framework →
§1
A weakness, susceptibility or flaw in a system that an attacker can access and exploit to compromise system security. Vulnerability arises from the confluence of three elements: the presence of a susceptibility or flaw in a system; an attacker’s access to that flaw; and an attacker’s capability to exploit the flaw.
Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook Infobase, Glossary1 senseview framework →
§1
A hardware, firmware, or software flaw that leaves an information system open to potential exploitation; a weakness in automated system security procedures, administrative controls, physical layout, internal controls, etc., that could be exploited to gain unauthorized access to information or to disrupt critical processing.
NISTIR 7298: Glossary of Key Information Security Terms, Revision 22 sensesview framework →
§1
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
§2 · sense_2_pending_review
A weakness in a system, application, or network that is subject to exploitation or misuse.
CNSSI-4009 (Glossary of Information Assurance Terms)1 senseview framework →
§1
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.
NIST SP 800-531 senseview framework →
§1
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
NIST SP 800-53A1 senseview framework →
§1
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
NIST SP 800-371 senseview framework →
§1
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
FIPS PUB 2001 senseview framework →
§1
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
NIST SP 800-601 senseview framework →
§1
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
NIST SP 800-1151 senseview framework →
§1
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
NIST SP 800-611 senseview framework →
§1
A weakness in a system, application, or network that is subject to exploitation or misuse.

Outgoing relationships

term as subject — 0 triples
No outgoing triples
This term is not the subject of any RDF-style relationship yet.

Incoming relationships

term as object — 1 triple
related
snapshot nexus-lexicon@liveschema v0.3.3-draftfetched May 14, 2026, 01:36 AM