Endpoint: cve

The Patch Management feature of Ivanti Neurons supports the use of the Common Vulnerabilities and Exposures (CVE) list. CVEs are vulnerability disclosures that can potentially relate to many patches and notifications. The CVE list is used by Patch Management to determine which patches are related to each CVE and it will display those patches for your review. You can use this information to perform actions such as adding patches to a patch group and then using that patch group in your scans and deployments.

The Cve endpoint enables you to retrieve the set of data items that represents a CVE and its related metadata.

Required Header Parameters

Name Type Description

Authorization

Authheader

Use the Bearer <access-token> value determined during the Authenticate to the Patch Management API process.

X-RapidAPI-Key

Enum

The key that applications and developers need to invoke the API.

X-RapidAPI-Host

String

The name that identifies which API will be used. For example: my-api-name.ivanti.rapidapi.com.

Optional Parameters

Name Type Description

Filter

String

An optional filter statement. There is no default.

OrderBy String If no sort value is provided, results are sorted by PublishedDate in descending order.
PageNumber Number The requested page number of the data result. If no value is provided, the default value is 1.
PageSize Number The requested page size of the data result. The maximum page size is 150. If no value is provided, the default value is 10.

Output Data Properties

The following set of data items represent a CVE and its related metadata that will be returned as part of a successful Cve_Get response.

Name

Type

Format

Description
cveId

String

 

The unique CVE ID.
earliestExploitDate

String

Date-time

Provides the earliest known exploit date.
hasCvssScore

Boolean

 

Specifies if the CVE has a CVSS score.
highestCvssVersion

Number

Float

Provides the highest CVSS version.

lastModifiedDate

String

Date-time

The last date that the CVE was modified.

notificationsAffected

Array

 

The collection of notification IDs that are affected by the CVE. The Notifications endpoint can be used to query for additional details related to the notification ID.

patchesAffected

Array

 

The collection of patch IDs that are affected by the CVE. The Patch endpoint can be used to query for additional details related to specific patches.

publiclyDisclosed

Boolean

 

Specifies if the CVE has been publicly disclosed.

publishedDate

String

Date-time

The date that the CVE was published.

riskSenseData

 

 

This complex field is not filterable or sortable.

Provides the associated RiskSense data.

riskSenseScoreAvailable

Boolean

 

Specifies if the RiskSense score is available.

userTargeted

Boolean

 

Specifies if the user is targeted by this CVE.

v2AccessComplexity

 

 

The V2 access complexity instance.

v2AccessVector

 

 

The V2 access vector instance.

v2AcInsufInfo

Boolean

 

Specifies if V2 insufficient information was detected.

v2Authentication

 

 

The V2 authentication instance.

v2AvailabilityImpact

 

 

The associated V2 availability impact instance.

v2BaseScore

Number

Float

The V2 base score. The minimum is -3.402823669209385e+38. The maximum is3.402823669209385e+38.

v2ConfidentialityImpact

 

 

The V2 confidentiality impact instance.

v2ExploitabilityScore

Number

Float

The V2 exploitability score. The minimum is -3.402823669209385e+38. The maximum is3.402823669209385e+38.

v2ImpactScore

Number

Float

The V2 impact score. The minimum is -3.402823669209385e+38. The maximum is3.402823669209385e+38.

v2IntegrityImpact

 

 

The associated V2 integrity impact instance.

v2ObtainAllPrivilege

Boolean

 

Specifies if V2 obtained all privileges.

v2ObtainOtherPrivilege

Boolean

 

Specifies if V2 obtained other privileges.

v2ObtainUserPrivilege

Boolean

 

Specifies if V2 obtained user privileges.

v2Severity

 

 

The associated V2 severity impact instance.

v2UserInteractionRequired

Boolean

 

Specifies if V2 user interaction is required.

v2VectorString

String

 

The V2 vector string.

v3AttackComplexity

 

 

The associated V3 attack complexity instance.

v3AvailabilityImpact

 

 

The associated V3 availability impact instance.

v3AttackVector

 

 

The associated V3 attack vector instance.

v3BaseScore

Number

Float

The V3 base score. The minimum is -3.402823669209385e+38. The maximum is 3.402823669209385e+38.

v3BaseSeverity

 

 

The associated V3 base severity instance.

v3ConfidentialityImpact

 

 

The associated V3 confidentiality impact instance.

v3ExploitabilityScore

Number

Float

The V3 exploitability score. The minimum is -3.402823669209385e+38. The maximum is 3.402823669209385e+38.

v3ImpactScore

Number

Float

The V3 impact score. The minimum is -3.402823669209385e+38. The maximum is 3.402823669209385e+38.

v3IntegrityImpact

 

 

The associated V3 integrity impact instance.

v3PrivilegesRequired

 

 

The associated V3 privileges required instance.

v3Scope

 

 

The associated V3 scope instance.

v3UserInteraction

 

 

The associated V3 user interaction instance.

v3VectorString

String

 

The V3 vector string.

zeroDay

Boolean

 

Specifies if this is a zero day issue.

Default Filter and Sort Behavior

The API will not return all records. If no filter and sort criteria are provided, this endpoint returns all CVE data that has been published in the last 60 days.