Get Vulnerabilities v3.1
| API version | 3.1 |
|---|---|
| Last Update | 04/18/2023 |
| Authentication | YES |
| HTTP Method | POST |
| Content Type | application/json |
| Rate limited | YES |
| Requests per rate limit | 10/min |
| Response Format | JSON |
| Change History | Added support multiple CVSS scores on the response data |
Use to query vulnerabilities which devices on an account have .
API URL
Request Parameters
| Key | Datatype | Parameter Type | Required | Description | Default |
|---|---|---|---|---|---|
| access_token | string | URL | Yes | access token which archived from OAuth authentication step | |
| search | string | Body | Optional | A key word to search vulnerabilities. | |
| filter | object | Body | Optional | Specify filter criteria | |
| filter.severity | array | Body | Optional | Filter vulnerabilities based on score_type:
| all based on selected score_type |
| filter.score | double | Body | Optional | Specify a score to filter vulnerabilities. MetaAccess returns vulnerabilities that have a score greater or equal to this value. You need to specify what score type in the field filter.score_type; otherwise, the error code 400 is returned | |
| filter.score_type | string | Body | Optional | Specify what score type used to filter along with the field filter.score Value can be: "opswat_score", "cvss2_score", "cvss3_score" | opswat_score |
| sort | object | Body | Optional | Specify how to sort devices in result-set By default: sort by CVE-ID in ASC order. | |
| sort.order | string | Body | Optional | Specify how to sort vulnerabilities in result-set Value can be: "asc", "desc" | asc |
| sort.field | string | Body | Optional | Specify which field is used to sort vulnerabilities in result-set. Value can be: "opswat_score", "cvss2_score", "cvss3_score", "severity", "cve_id" | cve_id |
| page | number | Body | Optional | Specify page number which vulnerabilities will be returned in. If the requested page exceeds the number of pages of devices, error code will be 413. It means that the requested page number is too large, no vulnerability will be returned in this case. | 1 |
| limit | number | Body | Optional | Specify maximum number of devices will be returned in the response. The value should be in [1,50]. | 50 |
Response HTTP Code
See APIs
Response Parameters
| Key | DataType | Required | Description |
|---|---|---|---|
| cve_id | string | Yes | CVE ID |
| severity | string | Yes | vulnerability severity. Value can be: "critical", "important", "moderate", "low", "unknown", "high", "medium". |
| summary | string | Yes | vulnerability summary |
| updated_date | string | Yes | The last date NIST updated this vulnerability |
| opswat_score | double | Optional | Opswat score |
| cvss2_score | double | Optional | CVSS 2 score |
| cvss3_score | double | Optional | CVSS 3 score |
| total_devices | int | Yes | Number of devices has this vulnerability |
Example
Example Request: using Product ID
Example Response
History
| Action | Version | URL |
|---|---|---|
| Get Vulnerabilities | 3.0 | Get Vulnerabilities v3.0 |
Was this page helpful?