7.1.6. Vulnerability Info In Processing Result

Vulnerability info can be generated into scan result if the vulnerability engine is enabled on the scanning node and the file uploaded contains known vulnerability. This
detection is done by the Vulnerability detection engine.

Example

"vulnerability_info": {
"result": {
"code": 0,
"hash": "B428501D1FAD1BA14AA2FC3F9B5F051EC8721EA2",
"method": 50700,
"timestamp": "1493020752",
"timing": 48,
"detected_product": {
"has_vulnerability": true,
"is_current": false,
"product": {
"id": 104,
"name": "Adobe Flash Player"
},
"remediation_link": "http:\/\/get.adobe.com\/flashplayer\/",
"severity": "CRITICAL",
"sig_name": "Adobe Flash Player",
"signature": 107,
"vendor": {
"id": 91,
"name": "Adobe Systems Inc."
},
"version": "20.0.0.235",
"version_data": {
"count_behind": 65,
"feed_id": 200005,
"version": "25.0.0.149"
},
"vulnerabilities": [
{
"description": "Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8460, CVE-2015-8636, and CVE-2015-8645.",
"details": {
"cpe": "cpe:\/a:adobe:flash player",
"cve": "CVE-2015-8459",
"cvss": {
"access-complexity": "LOW",
"access-vector": "NETWORK",
"authentication": "NONE",
"availability-impact": "",
"confidentiality-impact": "COMPLETE",
"generated-on-epoch": "1451411824",
"integrity-impact": "COMPLETE",
"score": "10.0",
"source": "http:\/\/nvd.nist.gov"
},
"cwe": "CWE-119",
"last-modified-epoch": "1487300348",
"published-epoch": "1451347140",
"references": [
"http:\/\/lists.opensuse.org\/opensuse-security-announce\/2015-12\/msg00045.html",
...
]
},
"severity": "CRITICAL",
"severity_index": 5,
"static_id": 20158459
},
{...}
]
}
}
}

Response description:

  • vulnerability_info: Contains all vulnerability related information of the scan result

    • result: The result information from the OESIS Framework

Result description (vulnerability_info.result)

  • code: The result code for vulnerability check, 0 means a successful check

  • hash: The file's SHA1 hash value

  • method: The method used by OESIS Framework, it should be 50700 every time

  • timestamp: Timestamp of the request issued

  • timing: The vulnerability check's duration in milliseconds

  • detected_product: Detected products object is present if input hash has been found to correspond to verified product

    • has_vulnerability: Indicates whether any vulnerabilities have been associated with the particular product

    • is_current: True if this product's patch level is current, defaults to true

    • product: Product data object

      • id: The OPSWAT product id

      • name: The product name

    • remediation_link: A link where product updates or patches can be obtained

    • severity: String description of Severity level: 'low', 'moderate', 'important', 'critical', 'not_available', 'unknown'

    • sig_name: Product signature descriptor

    • signature: OPSWAT signature id

    • vendor: Vendor data object

      • id: The OPSWAT vendor id

      • name: The vendor name

    • version: The installed product version

    • version_data: Object containing detailed patch information

      • count_behind: The number of patches behind of the installed product

      • feed_id: The remote feed ID used to determine patch level

      • version: The current version of the product in the remote feed

    • vulnerabilites: A list of specific vulnerabilities

      • description: A text description of the specific vulnerability

      • details: A set of optional vulnerability details

        • cpe: A CPE product reference

        • cve: A CVE identification string

        • cvss: A set of cvss severity information

          • access-complexity: A CVSS access-complexity descriptor

          • access-vector: A CVSS access-vector descriptor

          • authentication: A CVSS authentication descriptor

          • availability-impact: A CVSS availability impact descriptor

          • confidentiality-impact: A CVSS confidentiality impact descriptor

          • generated-on-epoch: An epoch timestamp indicating CVSS generation time

          • integrity-impact: A CVSS integrity impact descriptor

          • score: A CVSS 10-point severity score

          • source: A CVSS source descriptor

        • cwe: A CWE group identification string

        • last_modified_epoch: An epoch timestamp indicating source last update time

        • published-epoch: An epoch timestamp indicating source publishing time

        • references: An array of external reference links

      • severity: String description of Severity level: 'low', 'moderate', 'important', 'critical', 'not_available', 'unknown'

      • severity_index: A 5 point scale numerical description of Severity level with 5 being greatest and 0 being unknown

      • static_id: An OPSWAT identifier for the vulnerability