CVE Vulnerabilities

AIP utilizes data from a wide variety of sources, including the packages installed on your individual servers, to show you potentially vulnerable software. The vulnerabilities endpoint enables you to interact with your vulnerability data.

List Vulnerabilities

Overview

This method enables you to list all vulnerabilities found across the infrastructure in your AIP organization.

NOTE

The response defaults to display the active and suppressed vulnerabilities. This endpoint is paginated and returns up to 100 records at a time.

Sample Queries

Find all CVEs:

https://api.threatstack.com/v2/vulnerabilities

Find all active CVEs:

https://api.threatstack.com/v2/vulnerabilities?status=active

Find all active CVEs for which hasSecurityNotices is available:

https://api.threatstack.com/v2/vulnerabilities?status=active&hasSecurityNotices=true

Find all CVEs for a specific agentId:

https://api.threatstack.com/v2/vulnerabilities?agentId=<foo>
Request
query Parameters
status
string

Limit the response to CVEs that are either active or suppressed

Enum: "active" "suppressed"
severity
string

Severity of the CVEs to return

Enum: "high" "medium" "low"
agentId
string

The ID of the Agent to limit the result set to

token
string

This is the Page token of the next set of results to retrieve. Responses display paginated results with up to 100 records per page.

hasSecurityNotices
boolean

Include vulnerabilities with security notices (true), or include vulnerabilities with and without security notices (false)

Responses
200

Successful operation

401

Unauthorized response

429

Rate limit hit

500

An internal error has occurred

get/vulnerabilities
Response samples
application/json
{
  • "cves": [
    ],
  • "token": "string"
}

List Affected Servers by CVE

Overview

This method enables you to list all vulnerabilities found across the infrastructure in your AIP organization.

NOTE

You can only pass one CVE number at a time.

Sample Queries

Find all of the servers affected by a CVE:

https://api.threatstack.com/v2/vulnerabilities/{CVE}/servers

Error Handling Tips

The 404 error code means that the CVE was not found in the database.

Request
path Parameters
cve
required
string
Responses
200

Successful operation

400

Bad parameters

401

Unauthorized response

404

The resource was not found

429

Rate limit hit

500

An internal error has occurred

get/vulnerabilities/{cve}/servers
Response samples
application/json
{
  • "servers": [
    ]
}

List Vulnerabilities by Package

Overview

This method enables you to get the list of CVEs found across the infrastructure in your AIP organization for a specific software package.

NOTE

You can only pass one package (without a version) at a time.

The response defaults to show both active and suppressed vulnerabilities.

Sample Queries

Find all CVEs for a package, example sudo:

https://api.threatstack.com/v2/vulnerabilities/package/sudo

To get the list of active CVEs for a package:

https://api.threatstack.com/v2/vulnerabilities/package/{package}?status=active

Error Handling Tips

The 400 error code means a required parameter is missing or is not correctly specified as a valid option for a parameter.

Request
path Parameters
rootPackageName
required
string
query Parameters
status
string

Limit the response to CVEs that are either active or suppressed.

Enum: "active" "suppressed"
Responses
200

Successful operation

400

Bad parameters

401

Unauthorized response

404

The resource was not found

429

Rate limit hit

500

An internal error has occurred

get/vulnerabilities/package/{rootPackageName}
Response samples
application/json
{
  • "cves": [
    ]
}

List Suppressions with Details

Overview

This method enables you to get the list of current CVE suppressions with suppression reason details for your organization.

Sample Queries

Find the list of current CVE suppressions with details:

https://api.threatstack.com/v2/vulnerabilities/suppressions

Error Handling Tips

The 400 error code means a required parameter is missing or is incorrectly specified and not a valid option for the parameter. You may hit this on an active query.

Responses
200

Successful operation

400

Bad parameters

401

Unauthorized response

429

Rate limit hit

500

An internal error has occurred

get/vulnerabilities/suppressions
Response samples
application/json
{
  • "suppressions": [
    ]
}

List all suppressed vulnerabilities by package

Overview

This method enables you to list all of the suppressed CVEs for a specific package.

NOTE

The list does not show the version of the suppressed CVEs.

Request
path Parameters
rootPackageName
required
string
Responses
200

Successful operation

400

Bad parameters

401

Unauthorized response

429

Rate limit hit

500

An internal error has occurred

get/vulnerabilities/package/{rootPackageName}/suppressed
Response samples
application/json
{
  • "cves": [
    ]
}

List all suppressed vulnerabilities

Overview

This method enables you to list all of the suppressed CVEs in your AIP organization. The list returns all suppressed CVEs.

If you suppress a vulnerability, then the vulnerability for that package version is no longer assessed during a Vulnerability Assessment scan. It will display on a suppressed vulnerabilities list, and will not be listed as an active vulnerability. For more information, see the Vulnerability Assessment Overview

Available Queries

Filter for a Specific server

To view CVES for a particular server, you can use one of the following query params:

  • agentID - The ID of the Agent
  • hostname - The name of the host

You may only use one of these options per query. If multiple are used, the API returns a Bad Request.

Filter for a Specific Suppressed Vulnerability Severity

To view suppressed CVEs of a specific severity, use the severity query parameter. You can filter for high, medium, or low severities within AIP. For example, to view all low severity, suppressed CVEs:

https://api.threatstack.com/v2/vulnerabilities/suppressed?severity=low
Request
query Parameters
severity
string

Severity of the CVEs to return

agentId
string

The ID of the Agent to limit the result set to

hostname
string

The hostname of the server to limit the result set to

Responses
200

OK

400

Bad parameters

401

Unauthorized response

429

Rate limit hit

500

An internal error has occurred

get/vulnerabilities/suppressed
Response samples
application/json
{
  • "cves": [
    ],
  • "token": "string"
}