NIST NVD (Independent Publisher) (Preview)

  • Reference

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Contact
Name Paul Culmsee
URL https://nvd.nist.gov/
Email paul.culmsee@sevensigma.com.au
Connector Metadata
Publisher Paul Culmsee
Website https://nvd.nist.gov/
Privacy Policy https://www.nist.gov/privacy-policy#privpolicy
Categories Business Management; IT Operations

Creating a connection

The connector supports the following authentication types:
Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Name Type Description Required
NIST API Key securestring The NIST API Key for this api True

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Actions

Retrieve a collection of CVE

Retrieve a collection of CVE
Retrieve CPE information

Retrieve Common Platform Enumeration information

Retrieve a collection of CVE

Operation ID:
GetCVECollection

Retrieve a collection of CVE

Parameters

Name Key Required Type Description
Add CPE names
 addOns string

addOns=dictionaryCpes adds official CPE names to the request
CPE Match String
 cpeMatchString string

Filter vulnerabilities based on cpeMatchString of affected products
CVSS2 vector strings
 cvssV2Metrics string

Filter vulnerabilities based on CVSS vector strings
CVSS V2 Severity
 cvssV2Severity string

LOW, MEDIUM, or HIGH vulnerabilities
CVSS3 vector strings.
 cvssV3Metrics string

Filter vulnerabilities based on CVSS vector strings
CVSS V3 Severity
 cvssV3Severity string

Severity of LOW, MEDIUM, HIGH or CRITICAL vulnerabilities
Vulnerability classification (CWE-XX)
 cweId string

MITRE Vulnerability classification (https://cwe.mitre.org/data/index.html)
Include Modified Names
 includeMatchStringChange boolean

Include modified names in date queries
Exact Match
 isExactMatch boolean

Match all keywords exactly vs match any
Keyword(s)
 keyword string

keywords from vulnerability description or reference links.
Start Date Modified
 modStartDate string

yyyy-MM-ddTHH:mm:ss:SSS Z
End Date Modified
 modEndDate string

yyyy-MM-ddTHH:mm:ss:SSS Z
Start Date Published
 pubStartDate string

yyyy-MM-ddTHH:mm:ss:SSS Z
End Date Published
 pubEndDate string

yyyy-MM-ddTHH:mm:ss:SSS Z
Max results returned
 resultsPerPage integer

maximum allowable limit is 2,000
Start Index
 startIndex integer

Start Index

Returns

Name Path Type Description
resultsPerPage
 resultsPerPage integer

Results Per Page
startIndex
 startIndex integer

Start Index
totalResults
 totalResults integer

Total Results
CVE_data_type
 result.CVE_data_type string

CVE Data Type
CVE_data_format
 result.CVE_data_format string

CVE Data Format
CVE_data_version
 result.CVE_data_version string

CVE Data Version
CVE_data_timestamp
 result.CVE_data_timestamp string

CVE Data Timestamp
CVE_Items
 result.CVE_Items array of object

CVE Items
data_type
 result.CVE_Items.cve.data_type string

Data Type
data_format
 result.CVE_Items.cve.data_format string

Data Format
data_version
 result.CVE_Items.cve.data_version string

Data Version
ID
 result.CVE_Items.cve.CVE_data_meta.ID string

CVE ID
ASSIGNER
 result.CVE_Items.cve.CVE_data_meta.ASSIGNER string

CVE ASSIGNER
problemtype_data
 result.CVE_Items.cve.problemtype.problemtype_data array of object

Problem Type Data
description
 result.CVE_Items.cve.problemtype.problemtype_data.description array of object

Problem Type Description
lang
 result.CVE_Items.cve.problemtype.problemtype_data.description.lang string

Problem Type Language
value
 result.CVE_Items.cve.problemtype.problemtype_data.description.value string

Problem Type Value
reference_data
 result.CVE_Items.cve.references.reference_data array of object

Reference Data
url
 result.CVE_Items.cve.references.reference_data.url string

Reference Url
name
 result.CVE_Items.cve.references.reference_data.name string

Reference Name
refsource
 result.CVE_Items.cve.references.reference_data.refsource string

Reference Source
tags
 result.CVE_Items.cve.references.reference_data.tags array of string

Reference Tags
description_data
 result.CVE_Items.cve.description.description_data array of object

Vulnerability Description Data
lang
 result.CVE_Items.cve.description.description_data.lang string

Vulnerability Description Language
value
 result.CVE_Items.cve.description.description_data.value string

Vulnerability Description Value
CVE_data_version
 result.CVE_Items.configurations.CVE_data_version string

CVE Data Version
nodes
 result.CVE_Items.configurations.nodes array of object

Nodes
operator
 result.CVE_Items.configurations.nodes.operator string

Logical Operator
children
 result.CVE_Items.configurations.nodes.children array of

Children
cpe_match
 result.CVE_Items.configurations.nodes.cpe_match array of object

Maching CPE
vulnerable
 result.CVE_Items.configurations.nodes.cpe_match.vulnerable boolean

Vulnerable
cpe23Uri
 result.CVE_Items.configurations.nodes.cpe_match.cpe23Uri string

CPE23 Uri
versionEndExcluding
 result.CVE_Items.configurations.nodes.cpe_match.versionEndExcluding string

Version End Excluding
cpe_name
 result.CVE_Items.configurations.nodes.cpe_match.cpe_name array of object

CPE_Name
cpe23Uri
 result.CVE_Items.configurations.nodes.cpe_match.cpe_name.cpe23Uri string

CPE23 Uri
lastModifiedDate
 result.CVE_Items.configurations.nodes.cpe_match.cpe_name.lastModifiedDate string

Last Modified Date
version
 result.CVE_Items.impact.baseMetricV3.cvssV3.version string

CVSSV3 Version
vectorString
 result.CVE_Items.impact.baseMetricV3.cvssV3.vectorString string

CVSSV3 Vector String
attackVector
 result.CVE_Items.impact.baseMetricV3.cvssV3.attackVector string

CVSSV3 Attack Vector
attackComplexity
 result.CVE_Items.impact.baseMetricV3.cvssV3.attackComplexity string

CVSSV3 Attack Complexity
privilegesRequired
 result.CVE_Items.impact.baseMetricV3.cvssV3.privilegesRequired string

CVSSV3 Privileges Required
userInteraction
 result.CVE_Items.impact.baseMetricV3.cvssV3.userInteraction string

CVSSV3 User Interaction
scope
 result.CVE_Items.impact.baseMetricV3.cvssV3.scope string

CVSSV3 Scope
confidentialityImpact
 result.CVE_Items.impact.baseMetricV3.cvssV3.confidentialityImpact string

CVSSV3 Confidentiality Impact
integrityImpact
 result.CVE_Items.impact.baseMetricV3.cvssV3.integrityImpact string

CVSSV3 Integrity Impact
availabilityImpact
 result.CVE_Items.impact.baseMetricV3.cvssV3.availabilityImpact string

CVSSV3 Availability Impact
baseScore
 result.CVE_Items.impact.baseMetricV3.cvssV3.baseScore

CVSSV3 Base Score
baseSeverity
 result.CVE_Items.impact.baseMetricV3.cvssV3.baseSeverity string

CVSSV3 Base Severity
exploitabilityScore
 result.CVE_Items.impact.baseMetricV3.exploitabilityScore

CVSSV3 Exploitability Score
impactScore
 result.CVE_Items.impact.baseMetricV3.impactScore

CVSSV3 Impact Score
version
 result.CVE_Items.impact.baseMetricV2.cvssV2.version string

CVSSV2 Version
vectorString
 result.CVE_Items.impact.baseMetricV2.cvssV2.vectorString string

CVSSV2 VectorString
accessVector
 result.CVE_Items.impact.baseMetricV2.cvssV2.accessVector string

CVSSV2 AccessVector
accessComplexity
 result.CVE_Items.impact.baseMetricV2.cvssV2.accessComplexity string

CVSSV2 AccessComplexity
authentication
 result.CVE_Items.impact.baseMetricV2.cvssV2.authentication string

CVSSV2 Authentication
confidentialityImpact
 result.CVE_Items.impact.baseMetricV2.cvssV2.confidentialityImpact string

CVSSV2 Confidentiality Impact
integrityImpact
 result.CVE_Items.impact.baseMetricV2.cvssV2.integrityImpact string

CVSSV2 Integrity Impact
availabilityImpact
 result.CVE_Items.impact.baseMetricV2.cvssV2.availabilityImpact string

CVSSV2 Availability Impact
baseScore
 result.CVE_Items.impact.baseMetricV2.cvssV2.baseScore

CVSSV2 Base Score
severity
 result.CVE_Items.impact.baseMetricV2.severity string

CVSSV2 Severity
exploitabilityScore
 result.CVE_Items.impact.baseMetricV2.exploitabilityScore

CVSSV2 Exploitability Score
impactScore
 result.CVE_Items.impact.baseMetricV2.impactScore

CVSSV2 Impact Score
acInsufInfo
 result.CVE_Items.impact.baseMetricV2.acInsufInfo boolean

CVSSV2 acInsufInfo
obtainAllPrivilege
 result.CVE_Items.impact.baseMetricV2.obtainAllPrivilege boolean

CVSSV2 Obtain All Privilege
obtainUserPrivilege
 result.CVE_Items.impact.baseMetricV2.obtainUserPrivilege boolean

CVSSV2 Obtain User Privilege
obtainOtherPrivilege
 result.CVE_Items.impact.baseMetricV2.obtainOtherPrivilege boolean

CVSSV2 Obtain Other Privilege
userInteractionRequired
 result.CVE_Items.impact.baseMetricV2.userInteractionRequired boolean

CVSSV2 User Interaction Required
publishedDate
 result.CVE_Items.publishedDate string

Published Date
lastModifiedDate
 result.CVE_Items.lastModifiedDate string

Last ModifiedDate

Retrieve CPE information

Operation ID:
GetCPECollection

Retrieve Common Platform Enumeration information

Parameters

Name Key Required Type Description
Include vulnerabilities
 addOns string

Including addOns=cves adds the vulnerabilities associated with the CPE.
CPE Match String
 cpeMatchString string

This parameter is used to filter products based on the CPE match criteria
include Deprecated CPE
 includeDeprecated boolean

A deprecated CPE is one that has been replaced by one or more other CPE
Keyword(s)
 keyword string

Filter results to words found in the CPE title or reference links
CPE that were modified after this date
 modStartDate string

yyyy-MM-ddTHH:mm:ss:SSS Z (Z indicates offset-from-UTC. eg UTC+01:00)
CPE that were modified before this date
 modEndDate string

yyyy-MM-ddTHH:mm:ss:SSS Z (Z indicates offset-from-UTC. eg UTC+01:00)
Results per page
 resultsPerPage integer

Results per page
Start Index
 startIndex integer

Start Index

Returns

Name Path Type Description
resultsPerPage
 resultsPerPage integer

Results Per Page
startIndex
 startIndex integer

Start Index
totalResults
 totalResults integer

Total Results
dataType
 result.dataType string

Data Type
feedVersion
 result.feedVersion string

Feed Version
cpeCount
 result.cpeCount integer

CPE Count
feedTimestamp
 result.feedTimestamp string

Feed Timestamp
cpes
 result.cpes array of object

CPEs
deprecated
 result.cpes.deprecated boolean

CPE Deprecated
cpe23Uri
 result.cpes.cpe23Uri string

CPE23 Uri
lastModifiedDate
 result.cpes.lastModifiedDate string

CPE Last Modified Date
titles
 result.cpes.titles array of object

CPE Titles
title
 result.cpes.titles.title string

CPE Title
lang
 result.cpes.titles.lang string

CPE Language
refs
 result.cpes.refs array of

References
deprecatedBy
 result.cpes.deprecatedBy array of

Deprecated By
vulnerabilities
 result.cpes.vulnerabilities array of

Vulnerabilities