Fetch Vulnerability Details for an Image
Shows the vulnerability details for an image.
Input ParametersInput Parameters
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
|
imageSha |
Mandatory |
string |
Specify the SHA value of a specific image in the user’s scope. |
|
filter |
Optional |
string |
Filter the images list by providing a query using Qualys syntax. |
|
type |
Optional |
string |
Specify the type of information to be fetched.
|
|
sort |
Optional |
string |
Sort the results using a Qualys token. |
| applyException | Optional | boolean | Use this to enable or disable exceptions. Valid values: true/false Default value: true |
SampleSample
API request
curl -X GET
"<qualys_base_url>/csapi/v1.3/images/76c8fb57b6fc8599de38027112c47170bd19f99e7945392bd78d6816db01f4ad/vuln? type=ALL&sort=vulnerabilities.qid%3Aasc&applyException=false"
-H "accept: application/json"
-H "Authorization: Bearer <token>"
Response
{ "details": [ { "vulnerability": null, "result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nexpat 2.1.0-10.21.amzn1.x86__64 2.1.0-14.31.amzn1\nexpat 2.1.0-10.21.amzn1.x86__64 2.1.0-14.31.amzn1", "lastFound": "1738827505526", "firstFound": "1738660042992", "severity": 5, "customerSeverity": 5, "port": null, "typeDetected": "CONFIRMED", "status": null, "risk": 50, "category": "Amazon Linux", "discoveryType": [ "AUTHENTICATED" ], "authType": [ "UNIX_AUTH" ], "supportedBy": [ "VM", "CA-Linux Agent" ], "product": [ "expat" ], "vendor": [ "amazon linux" ], "cveids": [ "CVE-2022-22827", "CVE-2022-22826", "CVE-2022-22823", "CVE-2022-22824", "CVE-2021-46143", "CVE-2022-22822", "CVE-2022-22825" ], "threatIntel": { "activeAttacks": null, "zeroDay": null, "publicExploit": true, "highLateralMovement": null, "easyExploit": true, "highDataLoss": null, "noPatch": null, "denialOfService": null, "malware": null, "exploitKit": null, "publicExploitNames": null, "malwareNames": null, "exploitKitNames": null }, "qid": 353975, "title": "Amazon Linux Security Advisory for expat : ALAS-2022-1603", "cvssInfo": { "baseScore": "7.5", "temporalScore": "5.9", "accessVector": "Network" }, "cvss3Info": { "baseScore": "9.8", "temporalScore": "8.8" }, "patchAvailable": true, "published": 1657545460000, "scanType": [ "STATIC" ], "qdsScore": 65, "isExempted": false, "vendorData": null, "software": [ { "name": "expat", "version": "2.1.0-10.21.amzn1", "scanType": "STATIC", "packagePath": null, "fixVersion": "2.1.0-14.31.amzn1", "vulnerabilities": null } ], "layerSha": [ "ec7e9b7a9687c54974be3e2dee312c06f52762c58b670561bd49dcb14c225dfa" ] }, { "vulnerability": null, "result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nopenssl 1.0.1k-15.99.amzn1.x86__64 1.0.2k-16.159.amzn1\nopenssl 1.0.1k-15.99.amzn1.x86__64 1.0.2k-16.159.amzn1", "lastFound": "1738827505526", "firstFound": "1738660042995", "severity": 5, "customerSeverity": 5, "port": null, "typeDetected": "CONFIRMED", "status": null, "risk": 50, "category": "Amazon Linux", "discoveryType": [ "AUTHENTICATED" ], "authType": [ "UNIX_AUTH" ], "supportedBy": [ "VM", "CA-Linux Agent" ], "product": [ "openssl" ], "vendor": [ "amazon linux" ], "cveids": [ "CVE-2022-2068" ], "threatIntel": { "activeAttacks": null, "zeroDay": null, "publicExploit": true, "highLateralMovement": true, "easyExploit": true, "highDataLoss": true, "noPatch": null, "denialOfService": true, "malware": null, "exploitKit": null, "publicExploitNames": null, "malwareNames": null, "exploitKitNames": null }, "qid": 354035, "title": "Amazon Linux Security Advisory for Open Secure Sockets Layer (OpenSSL) : ALAS-2022-1626", "cvssInfo": { "baseScore": "10.0", "temporalScore": "7.8", "accessVector": "Network" }, "cvss3Info": { "baseScore": "9.8", "temporalScore": "8.8" }, "patchAvailable": true, "published": 1659963868000, "scanType": [ "STATIC" ], "qdsScore": 95, "isExempted": false, "vendorData": null, "software": [ { "name": "openssl", "version": "1.0.1k-15.99.amzn1", "scanType": "STATIC", "packagePath": null, "fixVersion": "1.0.2k-16.159.amzn1", "vulnerabilities": null } ], "layerSha": [ "ec7e9b7a9687c54974be3e2dee312c06f52762c58b670561bd49dcb14c225dfa" ] }, { "vulnerability": null, "result": "#table cols=\"5\"\nPackage Installed_Version Required_Version Language Install_Path\ncom.fasterxml.jackson.core:jackson-databind 2.8.11.3 2.9.10.7 Java root/random/lib/presto/plugin/pulsar-presto-connector/jackson-databind-2.8.11.3.jar\ncom.fasterxml.jackson.core:jackson-databind 2.8.11.3 2.9.10.7 Java root/random/lib/presto/lib/jackson-databind-2.8.11.3.jar\ncom.fasterxml.jackson.core:jackson-databind 2.9.8 2.9.10.7 Java root/log4j/java-instance.jar\ncom.fasterxml.jackson.core:jackson-databind 2.9.8 2.9.10.7 Java root/random/java-instance.jar\ncom.fasterxml.jackson.core:jackson-databind 2.9.8 2.9.10.7 Java root/random/lib/com.fasterxml.jackson.core-jackson-databind-2.9.8.jar", "lastFound": "1738827505607", "firstFound": "1738660043412", "severity": 4, "customerSeverity": 4, "port": null, "typeDetected": "CONFIRMED", "status": null, "risk": 40, "category": "SCA", "discoveryType": [ "AUTHENTICATED" ], "authType": [ "UNIX_AUTH" ], "supportedBy": [ "CA-Windows Agent", "CA-Linux Agent", "SCA", "CS-Windows", "CS-Linux" ], "product": [ "jackson-databind", "oncommand_insight", "oncommand_api_services", "service_level_manager", "active_iq_unified_manager" ], "vendor": [ "fasterxml", "netapp", "netapp", "netapp", "netapp" ], "cveids": [ "CVE-2021-20190" ], "threatIntel": { "activeAttacks": null, "zeroDay": null, "publicExploit": null, "highLateralMovement": null, "easyExploit": null, "highDataLoss": null, "noPatch": null, "denialOfService": true, "malware": null, "exploitKit": null, "publicExploitNames": null, "malwareNames": null, "exploitKitNames": null }, "qid": 982711, "title": "Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-5949-rw7g-wx7w)", "cvssInfo": { "baseScore": "8.3", "temporalScore": "6.1", "accessVector": "Network" }, "cvss3Info": { "baseScore": "8.1", "temporalScore": "7.1" }, "patchAvailable": true, "published": 1647355408000, "scanType": [ "SCA" ], "qdsScore": 35, "isExempted": false, "vendorData": null, "software": [ { "name": "com.fasterxml.jackson.core:jackson-databind", "version": "2.8.11.3", "scanType": "SCA", "packagePath": "root/random/lib/presto/plugin/pulsar-presto-connector/jackson-databind-2.8.11.3.jar", "fixVersion": "2.9.10.7", "vulnerabilities": null }, { "name": "com.fasterxml.jackson.core:jackson-databind", "version": "2.9.8", "scanType": "SCA", "packagePath": "root/random/java-instance.jar", "fixVersion": "2.9.10.7", "vulnerabilities": null } ], "layerSha": [ "a89a93d2f3594bb3aaaaa42f4baed95aa1e69c17b679ae69892ff391daaa62b0" ] }, ], "vulnSummary": { "confirmed": { "sev1Count": 0, "sev5Count": 54, "sev2Count": 18, "sev4Count": 130, "sev3Count": 131 }, "potential": { "sev1Count": 0, "sev5Count": 0, "sev2Count": 0, "sev4Count": 0, "sev3Count": 0 }, "patchAvailability": { "confirmed": { "sev1Count": 0, "sev5Count": 45, "sev2Count": 18, "sev4Count": 127, "sev3Count": 122 }, "potential": { "sev1Count": 0, "sev5Count": 0, "sev2Count": 0, "sev4Count": 0, "sev3Count": 0 },"igs": { "sev1Count": 0, "sev5Count": 0, "sev2Count": 0, "sev4Count": 0, "sev3Count": 0 }} } }
Error Response
The following error response is seen when the sub-users don't have permission to the specified image.
{
"errorCode": "403 FORBIDDEN",
"message": "Request Forbidden",
"timestamp": 1700721586546
}
Sample with SCA ScanningSample with SCA Scanning
This is applicable for subscriptions with SCA Scanning enabled and for images scanned using SCA.
API request
curl -X GET
"<qualys_base_url>/csapi/v1.3/images/5d556c82899c/vuln?type=ALL&sort=qid%3Aasc" --header "Authorization: Bearer <token>"
Response
{
"details": [
{
"vulnerability": null,
"result": "#table cols=\"3\"\nPackage Installed_Version Required_Version\nopenssl-libs 1.1.1k-4.el8.x86__64 1.1.1k-7.el8__6",
"lastFound": "1661479693755",
"firstFound": "1661479693755",
"severity": 5,
"customerSeverity": 5,
"port": null,
"typeDetected": "CONFIRMED",
"status": null,
"risk": 50,
"category": "OEL",
"discoveryType": [
"AUTHENTICATED"
],
"authType": [
"UNIX_AUTH"
],
"supportedBy": [
"VM",
"CA-Linux Agent"
],
"product": [
"openssl"
],
"vendor": [
"oracle"
],
"cveids": [
"CVE-2022-2097",
"CVE-2022-1292",
"CVE-2022-2068"
],
"threatIntel": {
"activeAttacks": null,
"zeroDay": null,
"publicExploit": null,
"highLateralMovement": true,
"easyExploit": true,
"highDataLoss": true,
"noPatch": null,
"denialOfService": true,
"malware": null,
"exploitKit": null,
"publicExploitNames": null,
"malwareNames": null,
"exploitKitNames": null
},
"qid": 980351,
"title": "Java (maven) Security Update for commons-io:commons-io (GHSA-gwrp-pvrq-jmwv)",
"cvssInfo": {
"baseScore": "5.8",
"temporalScore": "4.3",
"accessVector": "Network"
},
"cvss3Info": {
"baseScore": "4.8",
"temporalScore": "4.2"
},
"patchAvailable": true,
"published": 1647355370000,
"scanType": [
"SCA"
],
"software": [
{
"name": "commons-io:commons-io",
"version": "2.6",
"scanType": "SCA",
"packagePath": "usr/share/maven/lib/wagon-http-3.4.3-shaded.jar",
"fixVersion": "2.7",
"vulnerabilities": null
}
]
},
...
Error Response
The following error response is seen when the sub-users don't have permission to the specified image.
{
"errorCode": "403 FORBIDDEN",
"message": "Request Forbidden",
"timestamp": 1700721586546
}