Get Vulnerabilities
Returns all vulnerabilities that can be assessed during a scan.
Parameters
| Parameter | Description |
|---|---|
| Disable SSL Enforcement | Enable this option to skip SSL verification of the server's certificatechain and host name. This may increase security vulnerabilities, but can be usefulfor testing or when custom verification is employed. |
| Page | The index of the page (zero-based) to retrieve. |
| Return All Pages | Automatically fetch all resources, page by page. |
| Size | The number of records per page to retrieve. |
| Sort | The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters. |
Example Output
{
"links": [
{
"href": "https://hostname:3780/api/3/...",
"rel": "self"
}
],
"page": {
"number": 6,
"size": 10,
"totalPages": 13,
"totalResources": 123
},
"resources": [
{
"added": "2017-10-10",
"categories": [
"string"
],
"cves": [
"string"
],
"cvss": {
"links": [
{
"href": "https://hostname:3780/api/3/...",
"rel": "self"
}
],
"v2": {
"accessComplexity": "M",
"accessVector": "L",
"authentication": "N",
"availabilityImpact": "P",
"confidentialityImpact": "P",
"exploitScore": 3.3926,
"impactScore": 6.443,
"integrityImpact": "P",
"score": 4.4,
"vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"
},
"v3": {
"attackComplexity": "H",
"attackVector": "N",
"availabilityImpact": "H",
"confidentialityImpact": "H",
"exploitScore": 1.6201,
"impactScore": 5.8731,
"integrityImpact": "H",
"privilegeRequired": "N",
"scope": "U",
"score": 7.5,
"userInteraction": "R",
"vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
},
"denialOfService": false,
"description": {
"html": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. ...",
"text": "\u003cp\u003eA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. ...\u003c/p\u003e"
},
"exploits": 0,
"id": "msft-cve-2017-11804",
"links": [
{
"href": "https://hostname:3780/api/3/...",
"rel": "self"
}
],
"malwareKits": 0,
"modified": "2017-10-10",
"pci": {
"adjustedCVSSScore": 4,
"adjustedSeverityScore": 3,
"fail": true,
"specialNotes": "",
"status": "Fail"
},
"published": "2017-10-10",
"riskScore": 123.69,
"severity": "Severe",
"severityScore": 4,
"title": "Microsoft CVE-2017-11804: Scripting Engine Memory Corruption Vulnerability"
}
]
}
Workflow Library Example
Get Vulnerabilities with Rapid7 and Send Results Via Email
Preview this Workflow on desktop