Accessing Basic Windows Vulnerability Info
Function
This API is used to query basic information about Windows vulnerabilities.
Authorization Information
Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
- If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
- If you are using identity policy-based authorization, no identity policy-based permission required for calling this API.
URI
GET /v5/{project_id}/vulnerability/windows-detail
| Parameter | Mandatory | Type | Description |
|---|---|---|---|
| project_id | Yes | String | Definition Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID. Constraints N/A Range The value can contain 1 to 256 characters. Default Value N/A |
| Parameter | Mandatory | Type | Description |
|---|---|---|---|
| enterprise_project_id | No | String | Definition Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID. To query assets in all enterprise projects, set this parameter to all_granted_eps. Constraints You need to set this parameter only after the enterprise project function is enabled. Range The value can contain 1 to 256 characters. Default Value 0: default enterprise project. |
| limit | No | Integer | Definition Number of records displayed on each page. Constraints N/A Range Value range: 10-200 Default Value 10 |
| offset | No | Integer | Definition Offset, which specifies the start position of the record to be returned. Constraints N/A Range The value range is 0 to 2,000,000. Default Value The default value is 0. |
| vul_id | Yes | String | Definition Vulnerability ID. Constraints N/A Range Length: 0 to 256 characters Default Value N/A |
| cve_id | No | String | Definition CVE ID. Constraints N/A Range Length: 1 to 128 characters Default Value N/A |
| handle_status | No | String | Definition Vulnerability handling status. Constraints N/A Range Default Value N/A |
Request Parameters
| Parameter | Mandatory | Type | Description |
|---|---|---|---|
| X-Auth-Token | Yes | String | Definition User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token. Constraints N/A Range The value can contain 1 to 32,768 characters. Default Value N/A |
Response Parameters
Status code: 200
| Parameter | Type | Description |
|---|---|---|
| total_num | Integer | Definition Total number of records. Range The value range is 0 to 2,147,483,647. |
| data_list | Array of WindowsVulDetailInfo objects | Definition Software vulnerability CVE list. Range N/A |
| Parameter | Type | Description |
|---|---|---|
| cve_id | String | Definition CVE ID Range The value can contain 1 to 32 characters. |
| cve_name | String | Definition CVE vulnerability name. Range The value can contain 0 to 512 characters. |
| cvss_version | String | Definition CVS score version. Range The value can contain 0 to 32 characters. |
| cvss_vector | String | Definition Attack vector. Range The value can contain 0 to 128 characters. |
| cve_solution | String | Definition CVE fixing suggestion. Range The value can contain 0 to 128 characters. |
| cve_affect | String | Definition CVE vulnerability severity. Range The value can contain 0 to 128 characters. |
| cve_affect_description | String | Definition Description of the CVE vulnerability severity. Range The value can contain 0 to 4,096 characters. |
| cve_type | String | Definition CVE vulnerability type. Range The value can contain 0 to 128 characters. |
| cve_type_description | String | Definition Description of a CVE vulnerability type. Range The value can contain 0 to 4,096 characters. |
| cve_level | String | Definition Severity. Range |
| cvss | Float | Definition CVS score. Range Minimum value:0; maximum value: 10 |
| public_time | Long | Definition Vulnerability disclosure time. Range The value range is 0 to 9,223,372,036,854,775,807. |
| description | String | Definition CVE vulnerability description. Range The value can contain 0 to 65,535 characters. |
| hosts_num | VulnerabilityHostNumberInfo object | Definition Number of servers affected by a CVE vulnerability. Range N/A |
| Parameter | Type | Description |
|---|---|---|
| important | Integer | Definition Number of important servers. Range The value range is 0 to 10,000. |
| common | Integer | Definition Number of common servers. Range The value range is 0 to 10,000. |
| test | Integer | Definition Number of test servers. Range The value range is 0 to 10,000. |
Example Requests
None
Example Responses
Status code: 200
Request succeeded.
{
"total_num" : 1,
"data_list" : [ {
"cve_id" : "CVE-2020-26144",
"cve_name" : "Improper input validation vulnerability",
"description" : "The software has an input verification error vulnerability.",
"cvss" : 6.5,
"cvss_vector" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cve_solution" : "A patch has been released on the official website. Please visit the official website immediately.",
"cve_affect" : "Remote Limited Command Execution (RLCE)",
"cve_affect_description" : "Attackers can remotely execute system commands within a specified range. This command may be a repacked command and can run only specified restricted commands. Alternatively, the user who runs the command does not have sufficient permissions, and can only run specified commands.",
"cve_type" : "Improper input verification",
"cve_type_description" : "When receiving input data, the program does not check or incorrectly checks the data integrity, correctness, and validity required by the functional logic layer (for example, valid value range, parameter position, parameter existence, syntax format, and consistency check of the same and duplicate content). As a result, it cannot be ensured that the input data is valid and secure when being processed in the code or communicating with other components.",
"cve_level" : "Medium",
"cvss_version" : 3.1,
"public_time" : 1620732784000,
"hosts_num" : {
"important" : 0,
"common" : 5,
"test" : 0
}
} ]
} Status Codes
| Status Code | Description |
|---|---|
| 200 | Request succeeded. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
