Cisa Cves - Get Cisa Cve
Retrieve details of CisaCve by cveId
GET {endpoint}/cisaCves/{cveId}?api-version=2024-10-01-previewURI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
cve
|
path | True |
string |
The CVE ID of the vulnerability in the format CVE-YYYY-NNNN, note that the number portion can have more than 4 digits. |
|
endpoint
|
path | True |
string |
The endpoint hosting the requested resource. For example, https://{region}.easm.defender.microsoft.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/workspaces/{workspaceName} |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
The request has succeeded. |
|
| Other Status Codes |
An unexpected error response. Headers x-ms-error-code: string |
Security
OAuth2Auth
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| https://easm.defender.microsoft.com/.default |
Examples
CisaCves_GetCisaCve
Sample request
GET {endpoint}/cisaCves/CVE-2021-40438?api-version=2024-10-01-preview
Sample response
{
"cveId": "CVE-0000-00000",
"vendorProject": "Apache",
"product": "Apache",
"vulnerabilityName": "Apache HTTP Server-Side Request Forgery (SSRF)",
"shortDescription": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"requiredAction": "Apply updates per vendor instructions.",
"notes": "",
"dateAdded": "2022-12-09T06:01:35.000+00:00",
"dueDate": "2022-12-09T06:01:35.000+00:00",
"updatedAt": "2022-12-10T06:01:35.000+00:00",
"count": 121
}Definitions
| Name | Description |
|---|---|
|
Azure. |
The error object. |
|
Azure. |
A response containing error details. |
|
Azure. |
An object containing more specific information about the error. As per Microsoft One API guidelines - https://github.com/microsoft/api-guidelines/blob/vNext/azure/Guidelines.md#handling-errors. |
|
Cisa |
cisa cve in a given workspace. |
Azure.Core.Foundations.Error
The error object.
| Name | Type | Description |
|---|---|---|
| code |
string |
One of a server-defined set of error codes. |
| details |
An array of details about specific errors that led to this reported error. |
|
| innererror |
An object containing more specific information than the current object about the error. |
|
| message |
string |
A human-readable representation of the error. |
| target |
string |
The target of the error. |
Azure.Core.Foundations.ErrorResponse
A response containing error details.
| Name | Type | Description |
|---|---|---|
| error |
The error object. |
Azure.Core.Foundations.InnerError
An object containing more specific information about the error. As per Microsoft One API guidelines - https://github.com/microsoft/api-guidelines/blob/vNext/azure/Guidelines.md#handling-errors.
| Name | Type | Description |
|---|---|---|
| code |
string |
One of a server-defined set of error codes. |
| innererror |
Inner error. |
CisaCveResult
cisa cve in a given workspace.
| Name | Type | Description |
|---|---|---|
| count |
integer (int64) |
The number of assets affected by the vulnerability |
| cveId |
string |
The CVE ID of the vulnerability in the format CVE-YYYY-NNNN, note that the number portion can have more than 4 digits. |
| dateAdded |
string (date-time) |
The date the vulnerability was added to the catalog in the format YYYY-MM-DD |
| dueDate |
string (date-time) |
The date the required action is due in the format YYYY-MM-DD |
| notes |
string |
Any additional notes about the vulnerability |
| product |
string |
The vulnerability product |
| requiredAction |
string |
The required action to address the vulnerability |
| shortDescription |
string |
A short description of the vulnerability |
| updatedAt |
string (date-time) |
The date the vulnerability was updated |
| vendorProject |
string |
The vendor or project name for the vulnerability. |
| vulnerabilityName |
string |
The name of the vulnerability |