Fetch Vulnerability Details for an Image
Shows the vulnerability details for an image.
Input ParametersInput Parameters
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
|
imageSha |
Mandatory |
string |
Specify the SHA value of a specific image in the user’s scope. |
|
filter |
Optional |
string |
Filter the images list by providing a query using Qualys syntax. |
|
type |
Optional |
string |
Specify the type of information to be fetched.
|
|
sort |
Optional |
string |
Sort the results using a Qualys token. |
| applyException | Optional | boolean | Use this to enable or disable exceptions. Valid values: true/false Default value: true |
SampleSample
API request
curl -X GET
"<qualys_base_url>/csapi/v1.3/images/76c8fb57b6fc8599de38027112c47170bd19f99e7945392bd78d6816db01f4ad/vuln? type=ALL&sort=vulnerabilities.qid%3Aasc&applyException=false"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
Response
{
"details":
[
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nexpat 2.1.0-10.21.amzn1.x86__64 2.1.0-14.31.amzn1\nexpat 2.1.0-10.21.amzn1.x86__64 2.1.0-14.31.amzn1",
"lastFound": "1738827505526",
"firstFound": "1738660042992",
"severity": 5,
"customerSeverity": 5,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 50,
"category": "Amazon Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent"
],
"product": [
"expat"
],
"vendor": [
"amazon linux"
],
"cveids": [
"CVE-2022-22827",
"CVE-2022-22826",
"CVE-2022-22823",
"CVE-2022-22824",
"CVE-2021-46143",
"CVE-2022-22822",
"CVE-2022-22825"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": null,
"easyExploit": true,
"highDataLoss": null,
"noPatch": null,
"denialOfService": null,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 353975,
"title": "Amazon Linux Security Advisory for expat : ALAS-2022-1603",
"cvssInfo": {
"baseScore": "7.5",
"temporalScore": "5.9",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "9.8",
"temporalScore": "8.8"
},
"patchAvailable": true,
"published": 1657545460000,
"scanType": [
"STATIC"
],
"qdsScore": 65,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "expat",
"version": "2.1.0-10.21.amzn1",
"scanType": "STATIC",
"packagePath": null,
"fixVersion": "2.1.0-14.31.amzn1",
"vulnerabilities": null
}
],
"layerSha": [
"ec7e9b7a9687c54974be3e2dee312c06f52762c58b670561bd49dcb14c225dfa"
]
},
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nopenssl 1.0.1k-15.99.amzn1.x86__64 1.0.2k-16.159.amzn1\nopenssl 1.0.1k-15.99.amzn1.x86__64 1.0.2k-16.159.amzn1",
"lastFound": "1738827505526",
"firstFound": "1738660042995",
"severity": 5,
"customerSeverity": 5,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 50,
"category": "Amazon Linux",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent"
],
"product": [
"openssl"
],
"vendor": [
"amazon linux"
],
"cveids": [
"CVE-2022-2068"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": true,
"highLateralMovement": true,
"easyExploit": true,
"highDataLoss": true,
"noPatch": null,
"denialOfService": true,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 354035,
"title": "Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS-2022-1626",
"cvssInfo": {
"baseScore": "10.0",
"temporalScore": "7.8",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "9.8",
"temporalScore": "8.8"
},
"patchAvailable": true,
"published": 1659963868000,
"scanType": [
"STATIC"
],
"qdsScore": 95,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "openssl",
"version": "1.0.1k-15.99.amzn1",
"scanType": "STATIC",
"packagePath": null,
"fixVersion": "1.0.2k-16.159.amzn1",
"vulnerabilities": null
}
],
"layerSha": [
"ec7e9b7a9687c54974be3e2dee312c06f52762c58b670561bd49dcb14c225dfa"
]
},
{
"vulnerability": null,
"result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\ncom.fasterxml.jackson.core:jackson-databind 2.8.11.3 2.9.10.7 Java root/random/lib/presto/plugin/pulsar-presto-connector/jackson-databind-2.8.11.3.jar\ncom.fasterxml.jackson.core:jackson-databind 2.8.11.3 2.9.10.7 Java root/random/lib/presto/lib/jackson-databind-2.8.11.3.jar\ncom.fasterxml.jackson.core:jackson-databind 2.9.8 2.9.10.7 Java root/log4j/java-instance.jar\ncom.fasterxml.jackson.core:jackson-databind 2.9.8 2.9.10.7 Java root/random/java-instance.jar\ncom.fasterxml.jackson.core:jackson-databind 2.9.8 2.9.10.7 Java root/random/lib/com.fasterxml.jackson.core-jackson-databind-2.9.8.jar",
"lastFound": "1738827505607",
"firstFound": "1738660043412",
"severity": 4,
"customerSeverity": 4,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 40,
"category": "SCA",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"CA-Windows Agent",
"CA-Linux Agent",
"SCA",
"CS-Windows",
"CS-Linux"
],
"product": [
"jackson-databind",
"oncommand_insight",
"oncommand_api_services",
"service_level_manager",
"active_iq_unified_manager"
],
"vendor": [
"fasterxml",
"netapp",
"netapp",
"netapp",
"netapp"
],
"cveids": [
"CVE-2021-20190"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": null,
"easyExploit": null,
"highDataLoss": null,
"noPatch": null,
"denialOfService": true,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 982711,
"title": "Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-5949-rw7g-wx7w)",
"cvssInfo": {
"baseScore": "8.3",
"temporalScore": "6.1",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "8.1",
"temporalScore": "7.1"
},
"patchAvailable": true,
"published": 1647355408000,
"scanType": [
"SCA"
],
"qdsScore": 35,
"isExempted": false,
"vendorData": null,
"software": [
{
"name": "com.fasterxml.jackson.core:jackson-databind",
"version": "2.8.11.3",
"scanType": "SCA",
"packagePath": "root/random/lib/presto/plugin/pulsar-presto-connector/jackson-databind-2.8.11.3.jar",
"fixVersion": "2.9.10.7",
"vulnerabilities": null
},
{
"name": "com.fasterxml.jackson.core:jackson-databind",
"version": "2.9.8",
"scanType": "SCA",
"packagePath": "root/random/java-instance.jar",
"fixVersion": "2.9.10.7",
"vulnerabilities": null
}
],
"layerSha": [
"a89a93d2f3594bb3aaaaa42f4baed95aa1e69c17b679ae69892ff391daaa62b0"
]
},
],
"vulnSummary": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 54,
"sev2Count": 18,
"sev4Count": 130,
"sev3Count": 131
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
},
"patchAvailability": {
"confirmed": {
"sev1Count": 0,
"sev5Count": 45,
"sev2Count": 18,
"sev4Count": 127,
"sev3Count": 122
},
"potential": {
"sev1Count": 0,
"sev5Count": 0,
"sev2Count": 0,
"sev4Count": 0,
"sev3Count": 0
}
}
}
}
Error Response
The following error response is seen when the sub-users don't have permission to the specified image.
{
"errorCode": "403 FORBIDDEN",
"message": "Request Forbidden",
"timestamp": 1700721586546
}
Sample with SCA ScanningSample with SCA Scanning
This is applicable for subscriptions with SCA Scanning enabled and for images scanned using SCA.
API request
curl -X GET
"<qualys_base_url>/csapi/v1.3/images/5d556c82899c/vuln?type=ALL&sort=qid%3Aasc" --header "Authorization: Bearer <token>"
Response
{
"details": [
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nopenssl-libs 1.1.1k-4.el8.x86__64 1.1.1k-7.el8__6",
"lastFound": "1661479693755",
"firstFound": "1661479693755",
"severity": 5,
"customerSeverity": 5,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 50,
"category": "OEL",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent"
],
"product": [
"openssl"
],
"vendor": [
"oracle"
],
"cveids": [
"CVE-2022-2097",
"CVE-2022-1292",
"CVE-2022-2068"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": true,
"highDataLoss": true,
"noPatch": null,
"denialOfService": true,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 980351,
"title": "Java (maven) Security Update for commons-io:commons-io (GHSA-gwrp-pvrq-jmwv)",
"cvssInfo": {
"baseScore": "5.8",
"temporalScore": "4.3",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "4.8",
"temporalScore": "4.2"
},
"patchAvailable": true,
"published": 1647355370000,
"scanType": [
"SCA"
],
"software": [
{
"name": "commons-io:commons-io",
"version": "2.6",
"scanType": "SCA",
"packagePath": "usr/share/maven/lib/wagon-http-3.4.3-shaded.jar",
"fixVersion": "2.7",
"vulnerabilities": null
}
]
},
...
Error Response
The following error response is seen when the sub-users don't have permission to the specified image.
{
"errorCode": "403 FORBIDDEN",
"message": "Request Forbidden",
"timestamp": 1700721586546
}