Get vulnerabilities of a device
API version |
3.0 |
Last Update |
02/02/2021 |
Authentication |
YES |
HTTP Method |
POST |
Content Type |
application/json |
Rate limited |
YES |
Requests per rate limit |
10 requests/min |
Response Format |
JSON |
Use to fetch detected vulnerabilities that are associated to a device
API URL
https: //gears.opswat.com/o/api/v3/get_cves |
Request Parameters
Key |
Datatype |
Parameter Type |
Required |
Description |
Default |
access_token |
string |
URL |
Yes |
access token which archived from OAuth authentication step |
|
id |
string |
Body |
Yes |
The Device ID or MAC Address of a device you want to fetch vulnerabilities |
|
verbose |
int |
Body |
Optional |
1 - detailed vulnerability information will return in response |
0 |
limit |
int |
Body |
Optional |
Specific maximum number of vulnerabilities will be returned in the response. The value should be in [1,100]. |
100 |
page |
int |
Body |
Optional |
A page you want to get data |
1 |
filter |
object |
Body |
Optional |
Specify filter criteria |
|
filter.severity |
array |
Body |
Optional |
Filter vulnerabilities based on severity level . Value can be: "critical", "important", "moderate", "low", "unknown" |
all |
Response HTTP Code
Response Parameters
Key |
DataType |
Description |
cve_id |
string |
CVE ID |
severity |
string |
vulnerability severity. Value can be: "critical", "important", "moderate", "low", "unknown" |
summary |
string |
Vulnerability summary |
update_date |
string |
The last date NIST updated this vulnerability |
publish_date |
string |
The date NIST published this vulnerability |
opswat_score |
string |
OPSWAT score |
cvss2_score |
string |
CVSS 2 score |
cvss3_score |
number |
CVSS 3 score |
remediation |
string |
Suggestion to remediate the CVE |
cwe_id |
string |
A CWE(Common Weakness Enumeration) group identification string. |
Example
Example Request:
https: //gears.opswat.com/o/api/v3/get_cves?access_token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX { "id" : "device_id" , "filter" : { "severity" : [ "critical" ] }, "page" : 1 , "limit" : 20 } |
Example Response with verbose as OFF
[
{
"cve_id"
:
"CVE-2015-8459"
,
"severity"
:
"critical"
,
"opswat_score"
:
9.6
,
"cvss2_score"
:
10
,
"cvss3_score"
:
10
,
},
{
"cve_id"
:
"CVE-2004-0629"
,
"severity"
:
"critical"
,
"opswat_score"
:
5.3
,
"cvss2_score"
:
7.5
"cvss3_score"
:
10
,
}
]
Example Response with verbose as ON
[
{
"cve_id"
:
"CVE-2007-5341"
,
"severity"
:
"critical"
,
"summary"
:
"Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8."
,
"cwe_id"
:
"CWE-119"
,
"update_date"
:
"2017-02-17T02:59:08Z"
,
"publish_date"
:
"2017-02-17T02:59:08Z"
,
"opswat_score"
:
9.0
,
"cvss2_score"
:
7.5
,
"cvss3_score"
:
9.8
,
"remediation"
:
"Mozilla Firefox 0.0: Upgrade to a version higher than 2.0.0.7"
},
{
"cve_id"
:
"CVE-2016-0990"
,
"severity"
:
"critical"
,
"summary"
:
"Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000."
,
"cwe_id"
:
""
,
"update_date"
:
"2017-02-17T02:59:08Z"
,
"publish_date"
:
"2017-02-17T02:59:08Z"
,
"opswat_score"
:
8.1
,
"cvss2_score"
:
10.0
,
"cvss3_score"
:
9.8
,
"remediation"
:
"Adobe Flash Player (ActiveX) 10.0.32.18: Upgrade to a version higher than 20.0.0.306"
}
]