Fetch Vulnerability Data for Software and Operating Systems Across Assets
Click here to see this page in full context


Fetch Vulnerability Data for Software and Operating Systems Across Assets

This API helps you to view the vulnerability data for software and operating systems across your assets.

[POST] /rest/2.0/am/catalog/cve/detail


- This API is supported only for CSAM Trial and Full (Paid).

- The API response time varies based on the number of software and operating Systems installed on the assets. It might take up to approximately 15 to 25 minutes, as fetching the
vulnerability data generates a significant load on the system.

Input ParametersInput Parameters

Parameters

Mandatory/

Optional

Data Type

Description
cpeIds

Mandatory

String

 Provide a comma-separated list of CPE IDs to retrieve the list of corresponding CVE’s. The maximum value supported for CPE list size is 100.

cpeType

 Optional String ProvideQualys or NIST CPE type to filter CVEs. Note that this is case-sensitive.

pageNumber

 Optional Integer
 Provide the page number for which CVE’s are included in the response. The default page number is 0. Note that if the page Number is not specified in the request, the first page records will be fetched by default.

pageSize

 Optional Integer Provide the number of records you want to include per page in the response. The default value is 50. Also, the maximum value for this parameter is 50.

Sample -  Fetch Vulnerability Data for Software and Operating SystemsSample -  Fetch Vulnerability Data for Software and Operating Systems

API Request

curl --location --request POST
'<qualys_base_url>/am/catalog/cve/detail?cpeIds=4980’ 
--header 'Authorization: Bearer <JWT Token>'

 

Response

{
 "responseMessage": "Valid API Access",
 "totalCveCount": 437438,
 "responseCode": "SUCCESS",
 "hasMore": 1,
 "cpeCveListData": {
 "cveList": [
 {
 "cveId": "CVE-2016-2334",
 "qvs": 71,
 "publishedOn": "2016-12-13T22:59:00.000Z",
 "qvsType": "CVE",
 "qvsPrimeCredit": 0,
 "cvss": "9.3",
 "cvssVersion": "v2",
 "trending": [
 "2024-01-22T00:00:00.000Z,2024-01-03T00:00:00.000Z,2024-01-
08T00:00:00.000Z,2024-01-10T00:00:00.000Z,2024-01-01T00:00:00.000Z,2024-
01-05T00:00:00.000Z,2024-01-12T00:00:00.000Z,2024-01-
04T00:00:00.000Z,2023-12-25T00:00:00.000Z,2024-01-06T00:00:00.000Z"
 ],
 "highestContributor": false,
 "cpeName": "cpe:2.3:a:7-zip:7-zip:4.65:*:*:*:*:*:*:*",
"cpeId": 455,
 "cpeType": "NIST",
 "RTI": null,
 "exploit_maturity": [
 "weaponized,poc"
 ],
 "malware_name": [
 "Bl00dy Ransomware Gang,BianLian,Lockbit,Clop,Buhti"
 ],
 "threat_actors": [
 "Static Kitten,Graceful
Spider,Hezb,Wazawaka,FIN11,Unattributed,APT35,Charming Kitten"
 ],
 "CISA_vuln": [
 "YES"
 ]
 },
 ...
{
 "cveId": "CVE-2017-17969",
 "qvs": 42,
 "publishedOn": "2018-01-30T16:29:00.000Z",
 "qvsType": "CVE",
 "qvsPrimeCredit": 0,
 "cvss": "7.8",
 "cvssVersion": "v3.x",
 "trending": [
 "2024-04-19T00:00:00.000Z"
 ],
 "highestContributor": false,
 "cpeName": "cpe:2.3:a:7-zip:7-zip:4.65:*:*:*:*:*:*:*",
 "cpeId": 455,
 "cpeType": "NIST",
 "RTI": null,
 "exploit_maturity": [
 "poc"
 ],
 "malware_name": null,
 "threat_actors": null,
 "CISA_vuln": null
 },
 ],
 "totalCves": 437438
 }
}