Get Vulnerabilities
Returns all vulnerabilities that can be assessed during a scan.
Parameters
| Parameter | Description |
|---|---|
| Disable SSL Enforcement | Enable this option to skip SSL verification of the server's certificate chain and host name. This may increase security vulnerabilities, but can be useful for testing or when custom verification is employed. |
| Page | The index of the page (zero-based) to retrieve. |
| Return All Pages | Automatically fetch all resources, page by page. |
| Size | The number of records per page to retrieve. |
| Sort | The criteria to sort the records by, in the format: `property[,ASC |
Example Output
{
"links": [
{
"href": "https://hostname:3780/api/3/...",
"rel": "self"
}
],
"page": {
"number": 6,
"size": 10,
"totalPages": 13,
"totalResources": 123
},
"resources": [
{
"added": "2017-10-10",
"categories": [
"string"
],
"cves": [
"string"
],
"cvss": {
"links": [
{
"href": "https://hostname:3780/api/3/...",
"rel": "self"
}
],
"v2": {
"accessComplexity": "M",
"accessVector": "L",
"authentication": "N",
"availabilityImpact": "P",
"confidentialityImpact": "P",
"exploitScore": 3.3926,
"impactScore": 6.443,
"integrityImpact": "P",
"score": 4.4,
"vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"
},
"v3": {
"attackComplexity": "H",
"attackVector": "N",
"availabilityImpact": "H",
"confidentialityImpact": "H",
"exploitScore": 1.6201,
"impactScore": 5.8731,
"integrityImpact": "H",
"privilegeRequired": "N",
"scope": "U",
"score": 7.5,
"userInteraction": "R",
"vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
},
"denialOfService": false,
"description": {
"html": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. ...",
"text": "\u003cp\u003eA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. ...\u003c/p\u003e"
},
"exploits": 0,
"id": "msft-cve-2017-11804",
"links": [
{
"href": "https://hostname:3780/api/3/...",
"rel": "self"
}
],
"malwareKits": 0,
"modified": "2017-10-10",
"pci": {
"adjustedCVSSScore": 4,
"adjustedSeverityScore": 3,
"fail": true,
"specialNotes": "",
"status": "Fail"
},
"published": "2017-10-10",
"riskScore": 123.69,
"severity": "Severe",
"severityScore": 4,
"title": "Microsoft CVE-2017-11804: Scripting Engine Memory Corruption Vulnerability"
}
]
}
Workflow Library Example
Get Vulnerabilities with Rapid7 and Send Results Via Email
Preview this Workflow on desktop