All Products
Search
Document Center

Security Center:DescribeVulList

Last Updated:Feb 20, 2024

Queries vulnerabilities by type.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-sas:DescribeVulListRead
  • All Resources
    *
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
LangstringNo

The language of the content within the request and response. Default value: zh. Valid values:

  • zh: Chinese
  • en: English
zh
RemarkstringNo

The remarks for the asset affected by the vulnerability. The value can be the private IP address, public IP address, or name of the asset.

1.2.XX.XX
GroupIdstringNo

The ID of the asset group.

Note You can call the DescribeAllGroups operation to query the IDs of asset groups.
9207613
TypestringYes

The type of the vulnerability. Valid values:

  • cve: Linux software vulnerability
  • sys: Windows system vulnerability
  • cms: Web-CMS vulnerability.
  • app: application vulnerability that is detected by using web scanner
  • emg: urgent vulnerability.
  • sca: application vulnerability that is detected by using software component analysis
cve
UuidsstringNo

The UUIDs of the servers on which you want to query the vulnerabilities. Separate multiple UUIDs with commas (,).

1587bedb-fdb4-48c4-9330-****
NamestringNo

The alias of the vulnerability.

oval:com.redhat.rhsa:def:20172836
AliasNamestringNo

The name of the vulnerability.

RHSA-2019:0230-Important: polkit security update
StatusListstringNo

The status of the vulnerability. Separate multiple statuses with commas (,). Valid values:

  • 1: unfixed
  • 2: fix failed
  • 3: rollback failed
  • 4: being fixed
  • 5: being rolled back
  • 6: being verified
  • 7: fixed
  • 8: fixed and to be restarted
  • 9: rolled back
  • 10: ignored
  • 11: rolled back and to be restarted
  • 12: not found
  • 20: expired
1,2,3
NecessitystringNo

The priority to fix the vulnerability. Separate multiple priorities with commas (,). Valid values:

  • asap: high
  • later: medium
  • nntf: low
asap,later,nntf
DealedstringNo

Specifies whether the vulnerabilities are fixed. Valid values:

  • y: yes
  • n: no
n
CurrentPageintegerNo

The number of the page to return. Default value: 1.

1
PageSizeintegerNo

The number of entries per page. Default value: 10.

20
AttachTypesstringNo

The additional type of the vulnerabilities. You need to specify this parameter when you query application vulnerabilities. Set the value to sca. If you set Type to app, you must specify this parameter.

Note If you set this parameter to sca, application vulnerabilities and the vulnerabilities that are detected based on software component analysis are queried. If you do not specify this parameter, only application vulnerabilities are queried.
sca
VpcInstanceIdsstringNo

The ID of the virtual private cloud (VPC) in which the vulnerabilities are detected. Separate multiple IDs with commas (,).

ins-133****,ins-5414****
ResourceDirectoryAccountIdlongNo

The Alibaba Cloud account ID of the member in the resource directory.

Note You can call the DescribeMonitorAccounts operation to obtain the IDs.
1232428423234****
UseNextTokenbooleanNo

Specifies whether to use NextToken to query the data of vulnerabilities. If you set UseNextToken to true, the value of TotalCount is not returned. Valid values:

  • true
  • false
false
NextTokenstringNo

The pagination token that is used in the next request to retrieve a new page of results. You must specify the token that is obtained from the previous query as the value of NextToken. You do not need to specify this parameter for the first request.

E17B501887A2D3AA5E8360A6EFA3B***

Response parameters

ParameterTypeDescriptionExample
object
CurrentPageinteger

The page number of the returned page.

1
RequestIdstring

The ID of the request, which is used to locate and troubleshoot issues.

2F26AB2A-1075-488F-8472-40E5DB486ACC
PageSizeinteger

The number of entries per page.

20
TotalCountinteger

The total number of vulnerabilities returned.

2
VulRecordsobject []

The information about the vulnerability.

Statusinteger

The status of the vulnerability. Valid values:

  • 1: unfixed
  • 2: fix failed
  • 3: rollback failed
  • 4: being fixed
  • 5: being rolled back
  • 6: being verified
  • 7: fixed
  • 8: fixed and to be restarted
  • 9: rolled back
  • 10: ignored
  • 11: rolled back and to be restarted
  • 12: not found
  • 20: expired
1
RaspDefendinteger

Indicates whether the application protection feature is supported. Valid values:

  • 0: no
  • 1: yes
Note If this parameter is not returned, the application protection is not supported.
1
RaspStatusinteger

The protection mode of the application protection feature. Valid values:

  • 0: unprotected
  • 1: the Monitor mode
  • 2: the Block mode
  • 3: disabled
1
Typestring

The type of the vulnerability. Valid values:

  • cve: Linux software vulnerability
  • sys: Windows system vulnerability
  • cms: Web-CMS vulnerability
  • emg: urgent vulnerability
  • app: application vulnerability
  • sca: application vulnerability that is detected by using software component analysis
cve
ModifyTslong

The timestamp when the vulnerability status was modified. Unit: milliseconds.

1620404763000
InternetIpstring

The public IP address of the asset.

1.2.XX.XX
PrimaryIdlong

The ID of the vulnerability.

101162078
Tagstring

The tag that is added to the vulnerability.

oval
K8sClusterIdstring

The ID of the cluster.

c863dc93bed3843de9934d4346dc4****
K8sNodeIdstring

The ID of the node.

i-bp1ifm6suw9mnbsr****
InstanceNamestring

The name of the asset.

testInstance
Onlineboolean

Indicates whether the Security Center agent on the asset is online. Valid values:

  • true
  • false
true
OsVersionstring

The name of the operating system for your asset.

linux
Namestring

The name of the vulnerability.

oval:com.redhat.rhsa:def:20170574
ResultCodestring

The code that indicates the vulnerability fixing result.

0
InstanceIdstring

The ID of the asset.

i-bp18t***
Relatedstring

The Common Vulnerabilities and Exposures (CVE) IDs related to the vulnerability. Multiple CVE IDs are separated by commas (,).

CVE-2017-7518,CVE-2017-12188
IntranetIpstring

The private IP address of the asset.

1.2.XX.XX
LastTslong

The timestamp when the vulnerability was last detected. Unit: milliseconds.

1620404763000
FirstTslong

The timestamp when the vulnerability was first detected. Unit: milliseconds.

1554189334000
RegionIdstring

The region ID of the asset.

cn-hangzhou
Necessitystring

The priority to fix the vulnerability. Valid values:

  • asap: high
  • later: medium
  • nntf: low
Note We recommend that you fix high-risk vulnerabilities at the earliest opportunity.
asap
RepairTslong

The timestamp when the vulnerability was fixed. Unit: milliseconds.

1541207563000
Uuidstring

The UUID of the asset.

04c56617-23fc-43a5-ab9b-****
K8sPodNamestring

The name of the pod.

deployment-riskai-7b67d68975-m****
GroupIdinteger

The ID of the asset group.

281801
ResultMessagestring

The message that indicates the vulnerability fixing result.

timeout
K8sNamespacestring

The namespace.

default
AliasNamestring

The name of the vulnerability.

RHSA-2019:0230-Important: polkit security update
K8sNodeNamestring

The name of the node.

deployment-riskai-7b67d68975-m****
ExtendContentJsonobject

The extended information about the vulnerability.

Statusstring

The status of the vulnerability. Valid values:

  • 1: unfixed
  • 2: fix failed
  • 3: rollback failed
  • 4: being fixed
  • 5: being rolled back
  • 6: being verified
  • 7: fixed
  • 8: fixed and to be restarted
  • 9: rolled back
  • 10: ignored
  • 11: rolled back and to be restarted
  • 12: not found
  • 20: expired
1
EmgProofstring

The returned message that indicates the urgent vulnerability.

com.xxl.rpc.util.XxlRpcException: xxl-rpc request data is empty.\n\tat com.xxl.rpc.remoting.net.impl.servlet.serve"
Ipstring

The public IP address of the asset that is associated with the vulnerability.

1.2.XX.XX
PrimaryIdlong

The ID of the vulnerability.

111
Osstring

The name of the operating system.

centos
Tagstring

The tag that is added to the vulnerability.

oval
LastTslong

The timestamp when the vulnerability was last detected. Unit: milliseconds.

1620404763000
Descriptionstring

The description of the vulnerability.

kernel version:5.10.84-10.2.al8.x86_64
OsReleasestring

The information about the operating system version.

7
AliasNamestring

The name of the vulnerability.

RHSA-2019:0230-Important: polkit security update
Targetstring

The URL of the vulnerability.

http://39.99.XX.XX:30005/toLogin
AbsolutePathstring

The path to the package of the software that has the vulnerability.

/roo/www/web
RpmEntityListobject []

The information about RPM Package Manager (RPM) packages.

FullVersionstring

The complete version number.

3.10.0-693.2.2.el7
Versionstring

The version number of the package of the software that has the vulnerability.

3.10.0
MatchDetailstring

The reason why the vulnerability is detected.

python-perf version less than 0:3.10.0-693.21.1.el7
ImageNamestring

The name of the image.

registry_387ytb_xxx
Pathstring

The path to the software that has the vulnerability.

/usr/lib64/python2.7/site-packages
ContainerNamestring

The name of the container.

k8s_67895c4_xxx
Namestring

The name of the RPM package.

python-perf
UpdateCmdstring

The command that is used to fix the vulnerability.

*** update python-perf
MatchListarray

The rules that are used to detect the vulnerability.

string

The rule that is used to detect the vulnerability.

fastjson(jar) extendField.safemode equals false
Pidstring

The process ID.

8664
cveListarray

The CVE list.

string

The CVE.

CVE-2016-8610
Necessityobject

Indicates whether the vulnerability needs to be fixed.

Statusstring

The status of the vulnerability priority score. Valid values:

  • none: No score is generated.
  • pending: The score is pending calculation.
  • normal: The calculation is normal.
normal
Time_factorstring

The time score.

1.0
Enviroment_factorstring

The environment score.

1.0
Is_calcstring

Indicates whether the vulnerability priority score is calculated. Valid values:

  • 0: no
  • 1: yes
1
Total_scorestring

The vulnerability priority score.

The following list describes scores and related fixing suggestions:

  • If the score is from 13.5 to 15, the vulnerability is a high-risk vulnerability. You must fix the vulnerability at the earliest opportunity.
  • If the score is greater than or equal to 7 but less than 13.5, the vulnerability is a medium-risk vulnerability. You can fix the vulnerability at your convenience.
  • If the score is less than 7, the vulnerability is a low-risk vulnerability. You can ignore the vulnerability.
7.8
Cvss_factorstring

The Common Vulnerability Scoring System (CVSS) score.

7.8
Assets_factorstring

The asset importance score. Valid values:

  • 2: important asset
  • 1: common asset
  • 0: test asset
1
Bindboolean

Indicates whether Security Center is authorized to scan the asset. Valid values:

  • true
  • false
true
OsNamestring

The name of the operating system for your asset.

CentOS 7.2 64-bit
AuthVersionstring

The edition of Security Center that is authorized to scan the asset. Valid values:

  • 1: Basic
  • 6: Anti-virus
  • 5: Advanced
  • 3: Enterprise
  • 7: Ultimate
  • 10: Value-added Plan
3
NextTokenstring

The value of NextToken that is returned when the NextToken method is used.

E17B501887A2D3AA5E8360A6EFA3B***

Examples

Sample success responses

JSONformat

{
  "CurrentPage": 1,
  "RequestId": "2F26AB2A-1075-488F-8472-40E5DB486ACC",
  "PageSize": 20,
  "TotalCount": 2,
  "VulRecords": [
    {
      "Status": 1,
      "RaspDefend": 1,
      "RaspStatus": 1,
      "Type": "cve",
      "ModifyTs": 1620404763000,
      "InternetIp": "1.2.XX.XX",
      "PrimaryId": 101162078,
      "Tag": "oval",
      "K8sClusterId": "c863dc93bed3843de9934d4346dc4****",
      "K8sNodeId": "i-bp1ifm6suw9mnbsr****",
      "InstanceName": "testInstance",
      "Online": true,
      "OsVersion": "linux",
      "Name": "oval:com.redhat.rhsa:def:20170574",
      "ResultCode": "0",
      "InstanceId": "i-bp18t***",
      "Related": "CVE-2017-7518,CVE-2017-12188",
      "IntranetIp": "1.2.XX.XX",
      "LastTs": 1620404763000,
      "FirstTs": 1554189334000,
      "RegionId": "cn-hangzhou",
      "Necessity": "asap",
      "RepairTs": 1541207563000,
      "Uuid": "04c56617-23fc-43a5-ab9b-****",
      "K8sPodName": "deployment-riskai-7b67d68975-m****",
      "GroupId": 281801,
      "ResultMessage": "timeout",
      "K8sNamespace": "default",
      "AliasName": "RHSA-2019:0230-Important: polkit security update",
      "K8sNodeName": "deployment-riskai-7b67d68975-m****",
      "ExtendContentJson": {
        "Status": "1",
        "EmgProof": "com.xxl.rpc.util.XxlRpcException: xxl-rpc request data is empty.\\n\\tat com.xxl.rpc.remoting.net.impl.servlet.serve\"",
        "Ip": "1.2.XX.XX",
        "PrimaryId": 111,
        "Os": "centos",
        "Tag": "oval",
        "LastTs": 1620404763000,
        "Description": "kernel version:5.10.84-10.2.al8.x86_64",
        "OsRelease": "7",
        "AliasName": "RHSA-2019:0230-Important: polkit security update",
        "Target": "http://39.99.XX.XX:30005/toLogin",
        "AbsolutePath": "/roo/www/web",
        "RpmEntityList": [
          {
            "FullVersion": "3.10.0-693.2.2.el7",
            "Version": "3.10.0",
            "MatchDetail": "python-perf version less than 0:3.10.0-693.21.1.el7",
            "ImageName": "registry_387ytb_xxx",
            "Path": "/usr/lib64/python2.7/site-packages",
            "ContainerName": "k8s_67895c4_xxx",
            "Name": "python-perf",
            "UpdateCmd": "*** update python-perf",
            "MatchList": [
              "fastjson(jar) extendField.safemode equals false"
            ],
            "Pid": "8664"
          }
        ],
        "cveList": [
          "CVE-2016-8610"
        ],
        "Necessity": {
          "Status": "normal",
          "Time_factor": "1.0",
          "Enviroment_factor": "1.0",
          "Is_calc": "1",
          "Total_score": "7.8",
          "Cvss_factor": "7.8",
          "Assets_factor": "1"
        }
      },
      "Bind": true,
      "OsName": "CentOS 7.2 64-bit\n",
      "AuthVersion": "3"
    }
  ],
  "NextToken": "E17B501887A2D3AA5E8360A6EFA3B***"
}

Error codes

HTTP status codeError codeError messageDescription
400NoPermissionno permission-
400InnerErrorInnerError-
400IllegalParamIllegal param-
400DataNotExists%s data not exist-
400RdCheckNoPermissionResource directory account verification has no permission.-
403NoPermissioncaller has no permissionYou are not authorized to do this operation.
500RdCheckInnerErrorResource directory account service internal error.-
500ServerErrorServerError-

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2023-11-22The Error code has changed. The response structure of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
    delete Error Codes: 500
Output ParametersThe response structure of the API has changed.
2023-09-26The Error code has changed. The response structure of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
    delete Error Codes: 500
Output ParametersThe response structure of the API has changed.
2023-09-08The Error code has changed. The response structure of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
    delete Error Codes: 500
Output ParametersThe response structure of the API has changed.
2023-09-07The Error code has changed. The request parameters of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
    delete Error Codes: 500
Input ParametersThe request parameters of the API has changed.
    Added Input Parameters: UseNextToken
    Added Input Parameters: NextToken
2023-08-23The Error code has changed. The request parameters of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
    delete Error Codes: 500
Input ParametersThe request parameters of the API has changed.
    Added Input Parameters: StatusList
2023-07-20The Error code has changed. The request parameters of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    Error Codes 400 change
    Added Error Codes: 500
Input ParametersThe request parameters of the API has changed.
    Added Input Parameters: ResourceDirectoryAccountId
2023-03-21The Error code has changed. The response structure of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
Output ParametersThe response structure of the API has changed.
2022-06-20The Error code has changed. The request parameters of the API has changedsee changesets
Change itemChange content
Error CodesThe Error code has changed.
    delete Error Codes: 400
Input ParametersThe request parameters of the API has changed.
    Added Input Parameters: Name