List CWEs
Returns a list of all CWEs.
External Documentation
To learn more, visit the Securin VI documentation.
Parameters
Parameter | Description |
---|---|
Limit | Amount of results per response. |
Offset | The offset of the results that are returned. |
Search Criteria | Search Criteria which is used to search for specific vulnerabilities.For further information about the Search Criteria , please refer to Securin VI Documentation. |
Sort Criteria | Sort Criteria by which vulnerabilities will be sorted. |
Example Output
{
"releaseVersion": "<string>",
"releaseNotes": "<string>",
"type": "<string>",
"message": "<string :: A custom “reason” message to return.>",
"results": [
{
"abstraction": "<string :: Defines the different abstraction levels that apply to a weakness.\nA \"Pillar\" is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things. A \"Class\" is a weakness also described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. A \"Base\" is a more specific type of weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. A \"Variant\" is a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. A \"Compound\" weakness is a meaningful aggregation of several weaknesses, currently known as either a Chain or Composite..>",
"alternateTerms": [
{
"term": "<string :: Provides the actual alternate term.>"
}
],
"description": "<string :: Short description that defines the weakness>",
"id": "<string :: Unique identifier for the Weakness. It is considered static for the lifetime of the weakness. If this weakness becomes deprecated, the identifier will not be reused.>",
"lastModifiedDate": "<string(date-time) :: Provides the date on which the last modification was done to the weakness data>",
"lastUpdatedDate": "<string(date-time) :: Provides the date on which the last modification was done to the weakness data>",
"likelihoodOfExploit": "<string :: Defines the weakness severity which explains the exploitability tendency>",
"potentialMitigations": [
{
"description": [
"<string :: Description of this individual mitigation including any strengths and shortcomings of this mitigation for the weakness.>",
"<string :: Description of this individual mitigation including any strengths and shortcomings of this mitigation for the weakness.>"
],
"effectiveness": "<string :: Summarizes how effective the mitigation may be in preventing the weakness. A value of \"High\" means the mitigation is frequently successful in eliminating the weakness entirely. A value of \"Moderate\" means the mitigation will prevent the weakness in multiple forms, but it does not have complete coverage of the weakness. A value of \"Limited\" means the mitigation may be useful in limited circumstances, or it is only applicable to a subset of potential errors of this weakness type. A value of \"Incidental\" means the mitigation is generally not effective and will only provide protection by chance, rather than in a reliable manner. A value of \"Defense in Depth\" means the mitigation may not necessarily prevent the weakness, but it may help to minimize the potential impact of an attacker exploiting the weakness.>",
"effectivenessNotes": [
"<string :: Provides additional discussion/comments on the effectiveness of mitigation.>",
"<string :: Provides additional discussion/comments on the effectiveness of mitigation.>"
],
"id": "<string :: Uniquely identify mitigations that are repeated across any number of individual weaknesses.>",
"phases": [
"<string :: Indicates the development life cycle phase during which this particular mitigation may be applied.>",
"<string :: Indicates the development life cycle phase during which this particular mitigation may be applied.>"
],
"strategy": "<string :: Describes a general strategy for protecting a system to which this mitigation contributes.>"
}
],
"references": [
{
"id": "<string :: ID represents the external reference defined within the weakness catalog>",
"author": [
"<string :: Provides the author(s) for the material being referenced>",
"<string :: Provides the author(s) for the material being referenced>"
],
"section": "<string :: Holds any section title or page number that is specific to this use of the reference.>",
"title": "<string :: Provides the title of the material being referenced>",
"edition": "<string :: Identifies the edition of the material being referenced in the event that multiple editions of the material exist>",
"publication": "<string :: Provides the name of the book, magazine or journal being referenced>",
"publisher": "<string :: Provides the name of the individual or organization that published the book, magazine or journal being referenced>",
"publicationYear": "<string :: Provides the year the book, magazine, or journal being referenced is published>",
"publicationMonth": "<string :: Provides the month of the year the book, magazine, or journal being referenced is published>",
"publicationDay": "<string :: Provides the day of the month the book, magazine, or journal being referenced is published>",
"url": "<string :: Captures the URL of the material being referenced. This would always be used for web references, and may optionally be used for book and other publication references.>",
"urlDate": "<string(date-time) :: Provides the date when the URL was validated to exist>"
}
],
"relatedAttackPattern": [
{
"id": "<integer(int32) :: The Common Attack Pattern Enumeration and Classification Identifier for an attack pattern>"
}
],
"relatedWeaknesses": [
{
"nature": "<string :: Provides the nature of the relation. A ChildOf nature denotes a related weakness at a higher level of abstraction. A ParentOf nature denotes a related weakness at a lower level of abstraction. The StartsWith, CanPrecede, and CanFollow relationships are used to denote weaknesses that are part of a chaining structure. The RequiredBy and Requires relationships are used to denote a weakness that is part of a composite weakness structure. The CanAlsoBe relationship denotes a weakness that, in the proper environment and context, can also be perceived as the target weakness. Note that the CanAlsoBe relationship is not necessarily reciprocal. The PeerOf relationship is used to show some similarity with the target weakness that does not fit any of the other type of relationships.>",
"id": "<string :: Unique identifier for the Related Weakness>",
"type": "<string :: Provides the type of the weakness i.e. Weakness, View, Category>",
"title": "<string :: Name of the weakness. Name, mainly focuses on the weakness being described and does NOT mention about the attack that exploits the weakness or the consequences of exploiting the weakness.>",
"abstraction": "<string :: Defines the different abstraction levels that apply to a weakness>",
"chainId": "<string :: Specifies the Unique ID of a named chain that a CanFollow or CanPrecede relationship pertains to>",
"viewId": "<string :: Unique identifier of the View that the Category and the Related Weakness is a part of.>",
"ordinal": "<string :: Ordinal attribute is used to determine if this relationship is the primary ChildOf relationship for this weakness for a given View_ID. This attribute can only have the value \"Primary\" and should only be included for the primary parent/child relationship. For each unique triple of <Nature, CWE_ID, View_ID>, there should be only one relationship that is given a \"Primary\" ordinal.>"
}
],
"sources": [
{
"sourceName": "<string :: Identifies the name of the source for the weakness. For example, MITRE>",
"sourceUrl": "<string :: Provides the direct URL for the weakness from the source>"
}
],
"status": "<string :: Defines the different status values that a weakness can have. A value of Deprecated refers to a weakness that has been removed from CWE, likely because it was a duplicate or was created in error. A value of Obsolete is used when a weakness is still valid but no longer is relevant, likely because it has been superceded by a more recent weakness. A value of Incomplete means that a weakness does not have all important elements filled, and there is no guarantee of quality. A value of Draft refers to a weakness that has all important elements filled, and critical elements such as Name and Description are reasonably well-written; the weakness may still have important problems or gaps. A value of Usable refers to a weakness that has received close, extensive review, with critical elements verified. A value of Stable indicates that all important elements have been verified, and is unlikely to change significantly in the future.>",
"structure": "<string :: Defines the different structural nature of a weakness. A Simple structure represents a single weakness whose exploitation is not dependent on the presence of another weakness. A Composite is a set of weaknesses that must all be present simultaneously in order to produce an exploitable vulnerability, while a Chain is a set of weaknesses that must be reachable consecutively in order to produce an exploitable vulnerability.>",
"submissionDate": "<string(date-time) :: Provides submitted date of this weakness>",
"summary": {
"vulnerabilitiesCount": "<integer(int32) :: Provides a CVE count associated to the CWE>"
},
"taxonomies": [
{
"name": "<string :: MITRE Top 25 Most Dangerous Software Weakness/ Weaknesses in OWASP Top 10 Vulnerabilities>",
"rank": "<string :: rank according mitre>",
"source": "<string :: MITRE/OWASP>",
"vulnerabilities": [
{
"category": "<string :: OSWASP category for the weaknesses>",
"title": "<string :: OSWASP category name>"
}
],
"year": "<string :: published year in MITRE/OWASP>"
}
],
"title": "<string :: Provides a descriptive title used to give the reader an idea of what perspective this view represents.>",
"type": "<string :: Provides the type of the weakness i.e. Weakness, View, Category>",
"viCreatedDate": "<string(date-time) :: Indicates the date and timestamp when the weakness record was created in VI>",
"viUpdatedDate": "<string(date-time) :: Indicates the date and timestamp when the weakness record was last updated in VI>",
"vrs": {
"score": "<number(double) :: score for the CWE>",
"severity": "<string :: severity for the CWE>"
},
"vulnerabilities": [
{
"id": "<string :: Common Vulnerabilities and Exposures - Publicly disclosed computer security flaw that's been assigned a CVE ID number>",
"cvssv2": {
"score": "<number(double) :: Base Metrics Group Score, a numerical score reflecting the severity of the vulnerability. Low - 0.0-3.9;Medium - 4.0-6.9; High - 7.0-10.0;>",
"severity": "<string :: Reflects the severity of a vulnerability according to its intrinsic characteristics which are constant over time and assumes the reasonable worst case impact across different deployed environments.>"
},
"cvssv3": {
"score": "<number(double) :: Base Metrics Group Score, a numerical score reflecting the severity of the vulnerability. None - 0.0; Low - 0.1-3.9; Medium - 4.0-6.9;High - 7.0-8.9; Critical - 9.0-10.0;>",
"severity": "<string: Reflects the severity of a vulnerability according to its intrinsic characteristics which are constant over time and assumes the reasonable worst case impact across different deployed environments.>"
},
"vrs": {
"lastModifiedDate": "<string>",
"score": "<number(double) :: Base Metrics Group Score, a numerical score reflecting the severity of the vulnerability. \nLow - 0.0-3.9; \nMedium - 4.0-6.9; \nHigh - 7.0-10.0>",
"severity": "<string :: Reflects the severity of a vulnerability according to its intrinsic characteristics which are constant over time and assumes the reasonable worst case impact across different deployed environments>"
}
},
{
"id": "<string :: Common Vulnerabilities and Exposures - Publicly disclosed computer security flaw that's been assigned a CVE ID number>",
"cvssv2": {
"score": "<number(double) :: Base Metrics Group Score, a numerical score reflecting the severity of the vulnerability. Low - 0.0-3.9;Medium - 4.0-6.9; High - 7.0-10.0;>",
"severity": "<string :: Reflects the severity of a vulnerability according to its intrinsic characteristics which are constant over time and assumes the reasonable worst case impact across different deployed environments.>"
},
"cvssv3": {
"score": "<number(double) :: Base Metrics Group Score, a numerical score reflecting the severity of the vulnerability. None - 0.0; Low - 0.1-3.9; Medium - 4.0-6.9;High - 7.0-8.9; Critical - 9.0-10.0;>",
"severity": "<string: Reflects the severity of a vulnerability according to its intrinsic characteristics which are constant over time and assumes the reasonable worst case impact across different deployed environments.>"
},
"vrs": {
"lastModifiedDate": "<string>",
"score": "<number(double) :: Base Metrics Group Score, a numerical score reflecting the severity of the vulnerability. \nLow - 0.0-3.9; \nMedium - 4.0-6.9; \nHigh - 7.0-10.0>",
"severity": "<string :: Reflects the severity of a vulnerability according to its intrinsic characteristics which are constant over time and assumes the reasonable worst case impact across different deployed environments>"
}
}
]
}
],
"count": "<integer(int64) :: The integer representing the total number of objects returned in the Response.>"
}
Workflow Library Example
List Cwes with Securin Vi and Send Results Via Email
Preview this Workflow on desktop