Get vulnerabilities of a device
|
API version |
3.0 |
|
Last Update |
02/02/2021 |
|
Authentication |
YES |
|
HTTP Method |
POST |
|
Content Type |
application/json |
|
Rate limited |
YES |
|
Requests per rate limit |
10 requests/min |
|
Response Format |
JSON |
Use to fetch detected vulnerabilities that are associated to a device
API URL
https://gears.opswat.com/o/api/v3/get_cves |
Request Parameters
|
Key |
Datatype |
Parameter Type |
Required |
Description |
Default |
|
access_token |
string |
URL |
Yes |
access token which archived from OAuth authentication step |
|
|
id |
string |
Body |
Yes |
The Device ID or MAC Address of a device you want to fetch vulnerabilities |
|
|
verbose |
int |
Body |
Optional |
1 - detailed vulnerability information will return in response |
0 |
|
limit |
int |
Body |
Optional |
Specific maximum number of vulnerabilities will be returned in the response. The value should be in [1,100]. |
100 |
|
page |
int |
Body |
Optional |
A page you want to get data |
1 |
|
filter |
object |
Body |
Optional |
Specify filter criteria |
|
|
filter.severity |
array |
Body |
Optional |
Filter vulnerabilities based on severity level . Value can be: "critical", "important", "moderate", "low", "unknown" |
all |
Response HTTP Code
Response Parameters
|
Key |
DataType |
Description |
|
cve_id |
string |
CVE ID |
|
severity |
string |
vulnerability severity. Value can be: "critical", "important", "moderate", "low", "unknown" |
|
summary |
string |
Vulnerability summary |
|
update_date |
string |
The last date NIST updated this vulnerability |
|
publish_date |
string |
The date NIST published this vulnerability |
|
opswat_score |
string |
OPSWAT score |
|
cvss2_score |
string |
CVSS 2 score |
|
cvss3_score |
number |
CVSS 3 score |
|
remediation |
string |
Suggestion to remediate the CVE |
|
cwe_id |
string |
A CWE(Common Weakness Enumeration) group identification string. |
Example
Example Request:
https://gears.opswat.com/o/api/v3/get_cves?access_token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX{ "id": "device_id", "filter": { "severity": ["critical"] }, "page": 1, "limit": 20} |
Example Response with verbose as OFF
[ { "cve_id": "CVE-2015-8459", "severity": "critical", "opswat_score": 9.6, "cvss2_score": 10, "cvss3_score": 10, }, { "cve_id": "CVE-2004-0629", "severity": "critical", "opswat_score": 5.3, "cvss2_score": 7.5 "cvss3_score": 10, }]Example Response with verbose as ON
[ { "cve_id": "CVE-2007-5341", "severity": "critical", "summary": "Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8.", "cwe_id": "CWE-119", "update_date": "2017-02-17T02:59:08Z", "publish_date": "2017-02-17T02:59:08Z", "opswat_score": 9.0, "cvss2_score": 7.5, "cvss3_score": 9.8, "remediation": "Mozilla Firefox 0.0: Upgrade to a version higher than 2.0.0.7" }, { "cve_id": "CVE-2016-0990", "severity": "critical", "summary": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.", "cwe_id": "", "update_date": "2017-02-17T02:59:08Z", "publish_date": "2017-02-17T02:59:08Z", "opswat_score": 8.1, "cvss2_score": 10.0, "cvss3_score": 9.8, "remediation": "Adobe Flash Player (ActiveX) 10.0.32.18: Upgrade to a version higher than 20.0.0.306" }]