Help Center/ Host Security Service/ API Reference/ API Description/ Vulnerability Management/ Querying the Servers Affected by a Vulnerability
Updated on 2025-09-22 GMT+08:00

Querying the Servers Affected by a Vulnerability

Function

This API is used to query the servers affected by a vulnerability.

URI

GET /v5/{project_id}/vulnerability/hosts

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

Enterprise project ID. The value 0 indicates the default enterprise project. To query all enterprise projects, set this parameter to all_granted_eps.

vul_id

Yes

String

Vulnerability ID

type

Yes

String

Vulnerability type. Its value can be:

  • linux_vul: Linux vulnerability

  • windows_vul: Windows vulnerability

host_name

No

String

Affected server name

host_ip

No

String

IP address of the affected server

status

No

String

Vulnerability status.

  • vul_status_unfix: not fixed

  • vul_status_ignored: ignored

    • vul_status_verified: verification in progress

    • vul_status_fixing: The fix is in progress.

    • vul_status_fixed: The fix succeeded.

    • vul_status_reboot: The issue is fixed and waiting for restart.

    • vul_status_failed: The issue failed to be fixed.

    • vul_status_fix_after_reboot: Restart the server and try again.

limit

No

Integer

Number of records on each page

offset

No

Integer

Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0.

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

total_num

Integer

Number of affected servers

data_list

Array of VulHostInfo objects

List of affected ECSs

Table 5 VulHostInfo

Parameter

Type

Description

host_id

String

ID of the server affected by the vulnerability

severity_level

String

Risk level.

  • Critical: The CVSS score of the vulnerability is greater than or equal to 9, corresponding to the high risk level on the console.

  • High: The CVSS score of the vulnerability is greater than or equal to 7 and less than 9, corresponding to the medium risk level on the console.

  • Medium: The CVSS score of the vulnerability is greater than or equal to 4 and less than 7, corresponding to the medium risk level on the console.

  • Low: The CVSS score of the vulnerability is less than 4, corresponding to the low risk level on the console.

host_name

String

Affected server name

host_ip

String

IP address of the affected server

cve_num

Integer

Vulnerability CVEs

cve_id_list

Array of strings

The CVE ID list corresponding to the vulnerability

status

String

Vulnerability status.

  • vul_status_unfix: not fixed

  • vul_status_ignored: ignored

  • vul_status_verified: verification in progress

  • vul_status_fixing: The fix is in progress.

  • vul_status_fixed: The fix succeeded.

  • vul_status_reboot : The issue is fixed and waiting for restart.

  • vul_status_failed: The issue failed to be fixed.

  • vul_status_fix_after_reboot: Restart the server and try again.

repair_cmd

String

Command line to be executed to fix the vulnerability (This field is available only for Linux vulnerabilities.)

Example Requests

Query the first 10 records in the list of servers with EulerOS-SA-2021-1894 vulnerability.

GET https://{endpoint}/v5/2b31ed520xxxxxxebedb6e57xxxxxxxx/vulnerability/hosts?vul_id=EulerOS-SA-2021-1894&offset=0&limit=10

Example Responses

Status code: 200

Vul host info list

{
  "total_num" : 1,
  "data_list" : [ {
    "host_id" : "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "severity_level" : "Low",
    "host_name" : "ecs",
    "host_ip" : "xxx.xxx.xxx.xxx",
    "cve_num" : 1,
    "cve_id_list" : [ "CVE-2022-1664" ],
    "status" : "vul_status_ignored",
    "repair_cmd" : "zypper update update-alternatives"
  } ]
}

Status Codes

Status Code

Description

200

Vul host info list

Error Codes

See Error Codes.