cve
The Patch Management feature of Ivanti Neurons supports the use of the Common Vulnerabilities and Exposures (CVE) list. CVEs are vulnerability disclosures that can potentially relate to many patches and notifications. The CVE list is used by Patch Management to determine which patches are related to each CVE and it will display those patches for your review. You can use this information to perform actions such as adding patches to a patch group and then using that patch group in your scans and deployments.
The Cve endpoint enables you to retrieve the set of data items that represents a CVE and its related metadata.
Required Header Parameters
| Name | Type | Description |
|---|---|---|
|
Authorization |
Authheader |
Use the Bearer <access-token> value determined during the Authenticate to the Patch Management API process. |
|
X-RapidAPI-Key |
Enum |
The key that applications and developers need to invoke the API. |
|
X-RapidAPI-Host |
String |
The name that identifies which API will be used. For example: my-api-name.ivanti.rapidapi.com. |
Optional Parameters
| Name | Type | Description |
|---|---|---|
|
Filter |
String |
An optional filter statement. There is no default. |
| OrderBy | String | If no sort value is provided, results are sorted by PublishedDate in descending order. |
| PageNumber | Number | The requested page number of the data result. If no value is provided, the default value is 1. |
| PageSize | Number | The requested page size of the data result. The maximum page size is 150. If no value is provided, the default value is 10. |
Output Data Properties
The following set of data items represent a CVE and its related metadata that will be returned as part of a successful Cve_Get response.
| Name |
Type |
Format |
Description |
|---|---|---|---|
| cveId |
String |
|
The unique CVE ID. |
| earliestExploitDate |
String |
Date-time |
Provides the earliest known exploit date. |
| hasCvssScore |
Boolean |
|
Specifies if the CVE has a CVSS score. |
| highestCvssVersion |
Number |
Float |
Provides the highest CVSS version. |
|
lastModifiedDate |
String |
Date-time |
The last date that the CVE was modified. |
| notificationsAffected |
Array |
|
The collection of notification IDs that are affected by the CVE. The Notifications endpoint can be used to query for additional details related to the notification ID. |
|
patchesAffected |
Array |
|
The collection of patch IDs that are affected by the CVE. The Patch endpoint can be used to query for additional details related to specific patches. |
|
publiclyDisclosed |
Boolean |
|
Specifies if the CVE has been publicly disclosed. |
|
publishedDate |
String |
Date-time |
The date that the CVE was published. |
|
riskSenseData |
|
|
This complex field is not filterable or sortable. Provides the associated RiskSense data. |
|
riskSenseScoreAvailable |
Boolean |
|
Specifies if the RiskSense score is available. |
|
userTargeted |
Boolean |
|
Specifies if the user is targeted by this CVE. |
|
v2AccessComplexity |
|
|
The V2 access complexity instance. |
|
v2AccessVector |
|
|
The V2 access vector instance. |
|
v2AcInsufInfo |
Boolean |
|
Specifies if V2 insufficient information was detected. |
|
v2Authentication |
|
|
The V2 authentication instance. |
|
v2AvailabilityImpact |
|
|
The associated V2 availability impact instance. |
|
v2BaseScore |
Number |
Float |
The V2 base score. The minimum is -3.402823669209385e+38. The maximum is3.402823669209385e+38. |
|
v2ConfidentialityImpact |
|
|
The V2 confidentiality impact instance. |
|
v2ExploitabilityScore |
Number |
Float |
The V2 exploitability score. The minimum is -3.402823669209385e+38. The maximum is3.402823669209385e+38. |
|
v2ImpactScore |
Number |
Float |
The V2 impact score. The minimum is -3.402823669209385e+38. The maximum is3.402823669209385e+38. |
|
v2IntegrityImpact |
|
|
The associated V2 integrity impact instance. |
|
v2ObtainAllPrivilege |
Boolean |
|
Specifies if V2 obtained all privileges. |
|
v2ObtainOtherPrivilege |
Boolean |
|
Specifies if V2 obtained other privileges. |
|
v2ObtainUserPrivilege |
Boolean |
|
Specifies if V2 obtained user privileges. |
|
v2Severity |
|
|
The associated V2 severity impact instance. |
|
v2UserInteractionRequired |
Boolean |
|
Specifies if V2 user interaction is required. |
|
v2VectorString |
String |
|
The V2 vector string. |
|
v3AttackComplexity |
|
|
The associated V3 attack complexity instance. |
|
v3AvailabilityImpact |
|
|
The associated V3 availability impact instance. |
|
v3AttackVector |
|
|
The associated V3 attack vector instance. |
|
v3BaseScore |
Number |
Float |
The V3 base score. The minimum is -3.402823669209385e+38. The maximum is 3.402823669209385e+38. |
|
v3BaseSeverity |
|
|
The associated V3 base severity instance. |
|
v3ConfidentialityImpact |
|
|
The associated V3 confidentiality impact instance. |
|
v3ExploitabilityScore |
Number |
Float |
The V3 exploitability score. The minimum is -3.402823669209385e+38. The maximum is 3.402823669209385e+38. |
|
v3ImpactScore |
Number |
Float |
The V3 impact score. The minimum is -3.402823669209385e+38. The maximum is 3.402823669209385e+38. |
|
v3IntegrityImpact |
|
|
The associated V3 integrity impact instance. |
|
v3PrivilegesRequired |
|
|
The associated V3 privileges required instance. |
|
v3Scope |
|
|
The associated V3 scope instance. |
|
v3UserInteraction |
|
|
The associated V3 user interaction instance. |
|
v3VectorString |
String |
|
The V3 vector string. |
|
zeroDay |
Boolean |
|
Specifies if this is a zero day issue. |
Default Filter and Sort Behavior
The API will not return all records. If no filter and sort criteria are provided, this endpoint returns all CVE data that has been published in the last 60 days.