This API helps you to get host data from GAV/CSAM.
|
Parameters |
Description |
Character Limit |
|---|---|---|
|
asset.assetId |
Integer |
Provide the asset Id for which you want to get the list of vulnerabilities. |
|
asset.ipaddress |
String |
Provide the IP address of the asset for which you want to get the list of vulnerabilities. |
|
vulnerability.cveId |
Integer | Provide the cveId of the vulnerability. |
|
vulnerability.type (String) |
String |
Provide the vulnerability type, for example - Potential. |
|
vulnerability.cvss (Integer) |
Integer |
Provide the cvss score of the vulnerability. |
|
vulnerability.qvs (Integer) |
Integer |
Provide the qvs score of the vulnerability. |
Example:
{
"filters": [
{
"field": "asset.assetID",
"operator": "IN",
"value": "41734168,41734549"
}
]
}
API Request (without filter)
curl --location --request POST
'<qualys_base_url>/rest/2.0/search/am/easm/vulns' \
--header 'Authorization: Bearer <JWT Token>' \--data-raw ''
Response
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenVulnId": 16972,
"hasMore": 0,
"externalVulnerabilityListData": {
"vulnerability": [
{
"ipaddress": "10.100.152.200",
"assetId": 19047900,
"vulnId": 16971,
"cveId": "CVE-2016-20012",
"type": "Potential",
"summary": "** DISPUTED ** OpenSSH through 8.7
allows remote attackers, who have a suspicion that a certain
combination of username and public key is known to an SSH server,
to test whether this suspicion is correct. This occurs because a
challenge is sent only when that combination could be valid for a
login session. NOTE: the vendor does not recognize user
enumeration as a vulnerability for this product.",
"lastUpdated": "2022-12-14",
"qvs": 37,
"cvss": 5.3
},
{
"ipaddress": "10.100.152.200",
"assetId": 19047900,
"vulnId": 16972,
"cveId": "CVE-2017-15906",
"type": "Potential",
"summary": "The process_open function in sftp-
server.c in OpenSSH before 7.6 does not properly prevent write
operations in readonly mode, which allows attackers to create
zero-length files.",
"lastUpdated": "2022-12-14",
"qvs": 30,
"cvss": 5.3
},
}
}
Refer to the following example, wherein you can see a sample request to get all assets with vulnerabilities with CVSS greater then 9.
API Request with filter in XML format:
curl --location --request POST
'<qualys_base_url>/rest/2.0/search/am/easm/vulns' \
--header 'Authorization: Bearer <JWT Token> ' \
--header 'Content-Type: application/xml' \
--data-raw '<FilterRequest>
<filters>
<Criteria field="vulnerability.cvss" operator="GREATER">
<value>9</value>
</Criteria>
</filters>
</FilterRequest>'
Response
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenVulnId": 17060,
"hasMore": 0,
"externalVulnerabilityListData": {
"vulnerability": [
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17046,
"cveId": "CVE-2017-9120",
"type": "Potential",
"summary": "PHP 7.x through 7.1.5 allows remote
attackers to cause a denial of service (buffer overflow and
application crash) or possibly have unspecified other impact via a
long string because of an Integer overflow in
mysqli_real_escape_string.",
"lastUpdated": "2022-12-14",
"qvs": 72,
"cvss": 9.8
},
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17060,
"cveId": "CVE-2021-21708",
"type": "Potential",
"summary": "In PHP versions 7.4.x below 7.4.28,
8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter
functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of
allocated memory after free, which can result it crashes, and
potentially in overwrite of other memory chunks and RCE. This issue
affects: code that uses FILTER_VALIDATE_FLOAT with min/max
limits.",
"lastUpdated": "2022-12-14",
"qvs": 72,
"cvss": 9.8
},
]
}
}
Refer to the following example, wherein you can see the sample request to get all assets
with vulnerabilities with CVE-ID : CVE-2016-20012.
API Request with filter in JSON format:
curl --location --request POST
'<qualys_base_url>/rest/2.0/search/am/easm/vulns' \
--header 'Authorization: Bearer <JWT Token>' \
--header 'Content-Type: application/json' \
--data-raw '{
"filters": [
{
"field": "vulnerability.cveId",
"operator": "EQUALS",
"value": "CVE-2016-20012"
}
]
}'
Response
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenVulnId": 17043,
"hasMore": 0,
"externalVulnerabilityListData": {
"vulnerability": [
{
"ipaddress": "10.100.152.200",
"assetId": 19047900,
"vulnId": 16971,
"cveId": "CVE-2016-20012",
"type": "Potential",
"summary": "** DISPUTED ** OpenSSH through 8.7 allows remote
attackers, who have a suspicion that a certain combination of username and
public key is known to an SSH server, to test whether this suspicion is
correct. This occurs because a challenge is sent only when that
combination could be valid for a login session. NOTE: the vendor does not
recognize user enumeration as a vulnerability for this product.",
"lastUpdated": "2022-12-14",
"qvs": 37,
"cvss": 5.3
},
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17043,
"cveId": "CVE-2016-20012",
"type": "Potential",
"summary": "** DISPUTED ** OpenSSH through 8.7 allows remote
attackers, who have a suspicion that a certain combination of username and
public key is known to an SSH server, to test whether this suspicion is
correct. This occurs because a challenge is sent only when that
combination could be valid for a login session. NOTE: the vendor does not
recognize user enumeration as a vulnerability for this product.",
"lastUpdated": "2022-12-14",
"qvs": 37,
"cvss": 5.3
}
]
}
}
Refer to the following example, wherein you can see the sample request to get all assets
with vulnerabilities type as ’Potential’ and cvss greater than 8.
Request with multiple filters
curl --location --request POST '<qualys_base_url>/rest/2.0/search/am/easm/vulns' \ --header 'Authorization: Bearer <JWT Token>' \ --header 'Content-Type: application/json' \ --data-raw '{ "filters": [ { "field": "vulnerability.type", "operator": "EQUALS", "value": "Potential" }, { "field": "vulnerability.cvss", "operator": "GREATER", "value": "8" } ], "operation": "AND" }'
Response
{
"responseMessage": "Valid API Access",
"count": 2,
"responseCode": "SUCCESS",
"lastSeenVulnId": 17068,
"hasMore": 0,
"externalVulnerabilityListData": {
"vulnerability": [
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17046,
"cveId": "CVE-2017-9120",
"type": "Potential",
"summary": "PHP 7.x through 7.1.5 allows remote attackers
to cause a denial of service (buffer overflow and application
crash) or possibly have unspecified other impact via a long string
because of an Integer overflow in mysqli_real_escape_string.",
"lastUpdated": "2022-12-14",
"qvs": 72,
"cvss": 9.8
},
{
"ipaddress": "20.100.300.600",
"assetId": 19046733,
"vulnId": 17068,
"cveId": "CVE-2022-37454",
"type": "Potential",
"summary": "The Keccak XKCP SHA-3 reference implementation
before fdc6fef has an integer overflow and resultant buffer
overflow that allows attackers to execute arbitrary code or
eliminate expected cryptographic properties. This occurs in the
sponge function interface.",
"lastUpdated": "2022-12-14",
"qvs": 72,
"cvss": 9.8
}
]
}
}