GET List of Vulnerabilities Discovered by EASM
This API helps you to get host data from GAV/CSAM.
Input ParametersInput Parameters
|
Parameters |
Description |
Character Limit |
|---|---|---|
|
asset.assetId |
Integer |
Provide the asset Id for which you want to get the list of vulnerabilities. |
|
asset.ipaddress |
String |
Provide the IP address of the asset for which you want to get the list of vulnerabilities. |
|
vulnerability.cveId |
Integer | Provide the cveId of the vulnerability. |
|
vulnerability.type (String) |
String |
Provide the vulnerability type, for example - Potential. |
|
vulnerability.cvss (Integer) |
Integer |
Provide the cvss score of the vulnerability. |
|
vulnerability.qvs (Integer) |
Integer |
Provide the qvs score of the vulnerability. |
Important to Know!
- The following operators are supported for asset.assetID, vulnerabilities.qid, vulnerabilities.port,and vulnerabilities.protocol input parameters:
- asset.assetID, vulnerabilities.qid, vulnerabilities.port,and vulnerabilities.protocol, vulnerabilities.status: EQUALS, IN, NOT_EQUALS
- vulnerabilities.severity: EQUALS, LESSER, GREATER, GREATER_THAN_EQUAL, LESS_THAN_EQUAL
- vulnerabilities.solution: CONTAINS
- vulnerabilities.title: CONTAINS
- vulnerabilities.rti: EQUALS, NOT_EQUALS
- The page size for the response will be 1000; the lastSeenId can be used for pagination.
Example: <qualys_base_url>/rest/2.0/search/am/easm/scan/vulns?lastSeenId=23846 - You can provide multiple values for a given filter by using the "IN" Operator and providing a comma-separated list of values.
Example:
{
"filters": [
{
"field": "asset.assetID",
"operator": "IN",
"value": "41734168,41734549"
}
]
}
Sample - Get a list of assets with vulnerabilities with specific CVEID, CVSS, and QVSSample - Get a list of assets with vulnerabilities with specific CVEID, CVSS, and QVS
API Request (without filter)
curl --location --request POST
'<qualys_base_url>/rest/2.0/search/am/easm/vulns' \
--header 'Authorization: Bearer <JWT Token>' \--data-raw ''
Response
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenVulnId": 16972,
"hasMore": 0,
"externalVulnerabilityListData": {
"vulnerability": [
{
"ipaddress": "10.100.152.200",
"assetId": 19047900,
"vulnId": 16971,
"cveId": "CVE-2016-20012",
"type": "Potential",
"summary": "** DISPUTED ** OpenSSH through 8.7
allows remote attackers, who have a suspicion that a certain
combination of username and public key is known to an SSH server,
to test whether this suspicion is correct. This occurs because a
challenge is sent only when that combination could be valid for a
login session. NOTE: the vendor does not recognize user
enumeration as a vulnerability for this product.",
"lastUpdated": "2022-12-14",
"qvs": 37,
"cvss": 5.3
},
{
"ipaddress": "10.100.152.200",
"assetId": 19047900,
"vulnId": 16972,
"cveId": "CVE-2017-15906",
"type": "Potential",
"summary": "The process_open function in sftp-
server.c in OpenSSH before 7.6 does not properly prevent write
operations in readonly mode, which allows attackers to create
zero-length files.",
"lastUpdated": "2022-12-14",
"qvs": 30,
"cvss": 5.3
},
}
}
Refer to the following example, wherein you can see a sample request to get all assets with vulnerabilities with CVSS greater then 9.
API Request with filter in XML format:
curl --location --request POST
'<qualys_base_url>/rest/2.0/search/am/easm/vulns' \
--header 'Authorization: Bearer <JWT Token> ' \
--header 'Content-Type: application/xml' \
--data-raw '<FilterRequest>
<filters>
<Criteria field="vulnerability.cvss" operator="GREATER">
<value>9</value>
</Criteria>
</filters>
</FilterRequest>'
Response
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenVulnId": 17060,
"hasMore": 0,
"externalVulnerabilityListData": {
"vulnerability": [
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17046,
"cveId": "CVE-2017-9120",
"type": "Potential",
"summary": "PHP 7.x through 7.1.5 allows remote
attackers to cause a denial of service (buffer overflow and
application crash) or possibly have unspecified other impact via a
long string because of an Integer overflow in
mysqli_real_escape_string.",
"lastUpdated": "2022-12-14",
"qvs": 72,
"cvss": 9.8
},
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17060,
"cveId": "CVE-2021-21708",
"type": "Potential",
"summary": "In PHP versions 7.4.x below 7.4.28,
8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter
functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of
allocated memory after free, which can result it crashes, and
potentially in overwrite of other memory chunks and RCE. This issue
affects: code that uses FILTER_VALIDATE_FLOAT with min/max
limits.",
"lastUpdated": "2022-12-14",
"qvs": 72,
"cvss": 9.8
},
]
}
}
Refer to the following example, wherein you can see the sample request to get all assets
with vulnerabilities with CVE-ID : CVE-2016-20012.
API Request with filter in JSON format:
curl --location --request POST
'<qualys_base_url>/rest/2.0/search/am/easm/vulns' \
--header 'Authorization: Bearer <JWT Token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"filters": [
{
"field": "vulnerability.cveId",
"operator": "EQUALS",
"value": "CVE-2016-20012"
}
]
}'
Response
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenVulnId": 17043,
"hasMore": 0,
"externalVulnerabilityListData": {
"vulnerability": [
{
"ipaddress": "10.100.152.200",
"assetId": 19047900,
"vulnId": 16971,
"cveId": "CVE-2016-20012",
"type": "Potential",
"summary": "** DISPUTED ** OpenSSH through 8.7 allows remote
attackers, who have a suspicion that a certain combination of username and
public key is known to an SSH server, to test whether this suspicion is
correct. This occurs because a challenge is sent only when that
combination could be valid for a login session. NOTE: the vendor does not
recognize user enumeration as a vulnerability for this product.",
"lastUpdated": "2022-12-14",
"qvs": 37,
"cvss": 5.3
},
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17043,
"cveId": "CVE-2016-20012",
"type": "Potential",
"summary": "** DISPUTED ** OpenSSH through 8.7 allows remote
attackers, who have a suspicion that a certain combination of username and
public key is known to an SSH server, to test whether this suspicion is
correct. This occurs because a challenge is sent only when that
combination could be valid for a login session. NOTE: the vendor does not
recognize user enumeration as a vulnerability for this product.",
"lastUpdated": "2022-12-14",
"qvs": 37,
"cvss": 5.3
}
]
}
}
Refer to the following example, wherein you can see the sample request to get all assets
with vulnerabilities type as ’Potential’ and cvss greater than 8.
Request with multiple filters
curl --location --request POST '<qualys_base_url>/rest/2.0/search/am/easm/vulns' \ --header 'Authorization: Bearer <JWT Token>' \ --header 'Content-Type: application/json' \ --data-raw '{ "filters": [ { "field": "vulnerability.type", "operator": "EQUALS", "value": "Potential" }, { "field": "vulnerability.cvss", "operator": "GREATER", "value": "8" } ], "operation": "AND" }'
Response
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenVulnId": 17068,
"hasMore": 0,
"externalVulnerabilityListData": {
"vulnerability": [
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17046,
"cveId": "CVE-2017-9120",
"type": "Potential",
"summary": "PHP 7.x through 7.1.5 allows remote attackers
to cause a denial of service (buffer overflow and application
crash) or possibly have unspecified other impact via a long string
because of an Integer overflow in mysqli_real_escape_string.",
"lastUpdated": "2022-12-14",
"qvs": 72,
"cvss": 9.8
},
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17068,
"cveId": "CVE-2022-37454",
"type": "Potential",
"summary": "The Keccak XKCP SHA-3 reference implementation
before fdc6fef has an integer overflow and resultant buffer
overflow that allows attackers to execute arbitrary code or
eliminate expected cryptographic properties. This occurs in the
sponge function interface.",
"lastUpdated": "2022-12-14",
"qvs": 72,
"cvss": 9.8
}
]
}
}