Get Vulnerabilities

API version3.2
Last Update08/15/2023
AuthenticationYES
HTTP MethodPOST
Content Typeapplication/json
Rate limitedYES
Requests per rate limit10/min
Response FormatJSON
Change HistoryAdded support for Known Exploited Vulnerabilities

Use to query vulnerabilities which devices on an account have .

API URL

Copy

Request Parameters

KeyDatatypeParameter TypeRequiredDescriptionDefault
access_tokenstringURLYesAccess token which archived from OAuth authentication step
searchstringBodyOptionalA key word to search vulnerabilities.
filterobjectBodyOptionalSpecify filter criteria
filter.severityarrayBodyOptional

Filter vulnerabilities based on score_type:

  • cvss2_score: "high", "medium", "low
  • cvss3_score: "critical", "high", "medium", "low", "none
  • opswat_score: "critical", "important", "moderate", "low", "unknown"
all based on selected score_type
filter.scoredoubleBodyOptionalDefine a score to filter vulnerabilities My OPSWAT Central Management returns vulnerabilities that have a score greater or equal to this value. You need to specify what score type in the field filter.score_type; otherwise, the error code 400 is returned
filter.score_typestringBodyOptional

Specify what score type used to filter along with the field filter.score

Value can be: "opswat_score", "cvss2_score", "cvss3_score"

opswat_score
filter.kevnumberBodyOptional

0: Return all CVEs

1: Only return CVEs in the KEV list

0
sortobjectBodyOptionalSpecify how to sort devices in result-set By default: sort by CVE-ID in ASC order.
sort.orderstringBodyOptionalSpecify how to sort vulnerabilities in result-set Value can be: "asc", "desc"asc
sort.fieldstringBodyOptionalSpecify which field is used to sort vulnerabilities in result-set. Value can be: "opswat_score", "cvss2_score", "cvss3_score", "severity", "cve_id"cve_id
pagenumberBodyOptionalSpecify page number which vulnerabilities will be returned in. If the requested page exceeds the number of pages of devices, error code will be 413. It means that the requested page number is too large, no vulnerability will be returned in this case.1
limitnumberBodyOptionalDefine maximum number of devices which will be returned in the response. The value should be in [1,50].50

Response HTTP Code

this page

Response Parameters

KeyDataTypeRequiredDescription
cve_idstringYesCVE ID
severitystringYesvulnerability severity. Value can be: "critical", "important", "moderate", "low", "unknown", "high", "medium".
summarystringYesvulnerability summary
updated_datestringYesThe last date NIST updated this vulnerability
opswat_scoredoubleOptionalOpswat score
cvss2_scoredoubleOptionalCVSS 2 score
cvss3_scoredoubleOptionalCVSS 3 score
total_devicesintYesNumber of devices has this vulnerability
kev.due_datestringOptionalThe due date to fix this vulnerability
kev.published_datestringOptionalThe date CISA published this vulnerability

Example

Example Request: using Product ID

Copy

Example Response

Copy

History

ActionVersionURL
Get Vulnerabilities3.1auto$
Get Vulnerabilities3.0auto$
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Get PMP Reports
On This Page
Get VulnerabilitiesAPI URLRequest ParametersResponse HTTP CodeResponse ParametersExampleHistory