Queries vulnerabilities in your assets by type.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeVulList

The operation that you want to perform.

Set the value to DescribeVulList.

Type String Yes cve

The type of the vulnerability to query. Valid values:

  • cve: Linux software vulnerabilities
  • sys: Windows system vulnerabilities
  • cms: Web-CMS vulnerabilities
  • app: application vulnerabilities
  • emg: urgent vulnerabilities
  • sca: vulnerabilities that are detected based on software component analysis
Lang String No zh

The natural language of the request and response. Default value: zh. Valid values:

  • zh: Chinese
  • en: English
Remark String No 1.2.XX.XX

The remarks for the asset affected by the vulnerability, which can be the private IP address, public IP address, or name of the asset.

GroupId String No 9207613

The ID of the asset group.

Note You can call the DescribeAllGroups operation to query the IDs of asset groups.
Uuids String No 1587bedb-fdb4-48c4-9330-************

The UUID of the server affected by the vulnerability. Separate multiple UUIDs with commas (,).

AliasName String No RHSA-2019:0230-Important: polkit security update

The name of the vulnerability.

Necessity String No asap,later,nntf

The priority to fix the vulnerability. Separate multiple priorities with commas (,). Valid values:

  • asap: high
  • later: medium
  • nntf: low
Dealed String No n

Specifies whether the vulnerability is handled. Valid values:

  • y: handled
  • n: unhandled
CurrentPage Integer No 1

The page number of the current page. Default value: 1.

PageSize Integer No 20

The number of entries to return on each page.

Default value: 20. If you leave this parameter empty, 20 entries are returned on each page.

Note We recommend that you do not leave this parameter empty.
AttachTypes String No sca

If Type is set to app, you must specify this parameter. Set the value to sca.

Note If this parameter is set to sca, application vulnerabilities and the vulnerabilities that are detected based on software component analysis are queried. If you do not specify this parameter, only application vulnerabilities are queried.
VpcInstanceIds String No ins-133****,ins-5414****

The ID of the virtual private cloud (VPC) in which the vulnerability is detected. Separate multiple IDs with commas (,).

Note You can call the DescribeVpcList operation to query the VPC IDs.

All Alibaba Cloud API operations must include common request parameters. For more information about common request parameters, see Common parameters.

For more information about sample requests, see the "Examples" section of this topic.

Response parameters

Parameter Type Example Description
RequestId String 2F26AB2A-1075-488F-8472-40E5DB486ACC

The ID of the request.

CurrentPage Integer 1

The page number of the current page.

PageSize Integer 20

The number of entries returned per page.

TotalCount Integer 2

The total number of vulnerabilities returned.

VulRecords Array of VulRecord

The information of the vulnerability.

AliasName String RHSA-2019:0230-Important: polkit security update

The name of the vulnerability.

ExtendContentJson Struct

The extended information of the vulnerability.

AbsolutePath String /roo/www/web

The package path of the software that has the vulnerability.

AliasName String RHSA-2019:0230-Important: polkit security update

The name of the vulnerability.

Ip String 1.2.XX.XX

The public IP address of the asset that is associated with the vulnerability.

LastTs Long 1620404763000

The timestamp when the vulnerability was last detected. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.

Necessity Struct

Indicates whether the vulnerability needs to be fixed.

Assets_factor String 1

The asset importance score. Valid values:

  • 2: important asset
  • 1: general asset
  • 0: test asset
Cvss_factor String 7.8

The Common Vulnerability Scoring System (CVSS) score.

Enviroment_factor String 1.0

The environmental score.

Is_calc String 1

Indicates whether the vulnerability priority score is calculated. Valid values:

  • 0: The score is not calculated.
  • 1: The score is calculated.
Status String normal

The status of the vulnerability priority score. Valid values:

  • none: No score is generated.
  • pending: The score is pending calculation.
  • miss: The score failed to be calculated.
  • normal: The calculation is normal.
Time_factor String 1.0

The temporal score.

Total_score String 7.8

The total vulnerability priority score.

The following list describes priority scores and the related fixing suggestions:

  • If the priority score is from 13.5 to 15, the vulnerability is a high-risk vulnerability. You must fix the vulnerability at the earliest opportunity.
  • If the priority score is greater than or equal to 7 but less than 13.5, the vulnerability is a medium-risk vulnerability. You can fix the vulnerability at your convenience.
  • If the priority score is less than 7, the vulnerability is a low-risk vulnerability. You can temporarily ignore the vulnerability.
Os String centos

The name of the operating system.

OsRelease String 7

The release of the operating system.

PrimaryId Long 111

The ID of the vulnerability.

RpmEntityList Array of RpmEntity

The details about the RPM package.

FullVersion String 3.10.0-693.2.2.el7

The complete version number of the RPM package.

MatchDetail String python-perf version less than 0:3.10.0-693.21.1.el7

The detailed matching information of the vulnerability.

Name String python-perf

The name of the RPM package.

Path String /usr/lib64/python2.7/site-packages

The path of the software that has the vulnerability.

UpdateCmd String *** update python-perf

The command used to fix the vulnerability.

Version String 3.10.0

The version number of the package of the software that has the vulnerability.

Status String 1

The status of the vulnerability. Valid values:

  • 1: unfixed
  • 2: fix failed
  • 3: rollback failed
  • 4: fixing
  • 5: rolling back
  • 6: verifying
  • 7: fixed
  • 8: fixed and to be restarted
  • 9: rolled back
  • 10: ignored
  • 11: rolled back and to be restarted
  • 12: not found
  • 20: expired
Tag String oval

The tag of the vulnerability.

cveList List ["CVE-2016-8610", "CVE-2017-5335" ]

The Common Vulnerabilities and Exposures (CVE) list.

FirstTs Long 1554189334000

The timestamp when the vulnerability was first detected. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.

GroupId Integer 281801

The ID of the asset group.

InstanceId String i-bp18t***

The ID of the asset.

InstanceName String Test ECS

The name of the asset.

InternetIp String 1.2.3.1

The public IP address of the asset.

IntranetIp String 1.2.3.4

The private IP address of the asset.

LastTs Long 1620404763000

The timestamp when the vulnerability was last detected. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.

ModifyTs Long 1620404763000

The timestamp when the vulnerability status was modified. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.

Name String oval:com.redhat.rhsa:def:20170574

The name of the vulnerability.

Necessity String asap

The priority to fix the vulnerability. Valid values:

  • asap: high
  • later: medium
  • nntf: low
Note We recommend that you fix the vulnerabilities that have the high priority at the earliest opportunity.
Online Boolean true

Indicates whether the Security Center agent on your asset is online. Valid values:

  • true: online
  • false: offline
OsVersion String linux

The name of the operating system for your asset.

PrimaryId Long 101162078

The ID of the vulnerability.

Related String CVE-2017-7518,CVE-2017-12188

The ID of a CVE related to the vulnerability. Multiple CVE IDs are separated by commas (,).

RepairTs Long 1541207563000

The timestamp when the vulnerability was fixed. This value is a UNIX timestamp representing the number of milliseconds that have elapsed since the epoch time January 1, 1970, 00:00:00 UTC.

ResultCode String 0

The code returned after the vulnerability is fixed.

ResultMessage String timeout

The message returned after the vulnerability is fixed.

Status Integer 1

The status of the vulnerability. Valid values:

  • 1: unfixed
  • 2: fix failed
  • 3: rollback failed
  • 4: fixing
  • 5: rolling back
  • 6: verifying
  • 7: fixed
  • 8: fixed and to be restarted
  • 9: rolled back
  • 10: ignored
  • 11: rolled back and to be restarted
  • 12: not found
  • 20: expired
Tag String oval

The tag of the vulnerability.

Type String cve

The type of the vulnerability. Valid values:

  • cve: Linux software vulnerabilities
  • sys: Windows system vulnerabilities
  • cms: Web-CMS vulnerabilities
  • emg: urgent vulnerabilities
  • app: application vulnerabilities
Uuid String 04c56617-23fc-43a5-ab9b-****

The UUID of the asset.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribeVulList
&Type=cve
&<Common request parameters>

Sample success responses

XML format

<DescribeVulListResponse>
  <TotalCount>2</TotalCount>
  <PageSize>20</PageSize>
  <RequestId>2F26AB2A-1075-488F-8472-40E5DB486ACC</RequestId>
  <VulRecords>
        <Status>1</Status>
        <InstanceId>i-bp18t***</InstanceId>
        <OsVersion>linux</OsVersion>
        <Necessity>asap</Necessity>
        <LastTs>1620404763000</LastTs>
        <ResultMessage>timeout</ResultMessage>
        <IntranetIp>1.2.3.4</IntranetIp>
        <GroupId>281801</GroupId>
        <Name>oval:com.redhat.rhsa:def:20170574</Name>
        <InstanceName>ECS01</InstanceName>
        <RepairTs>1541207563000</RepairTs>
        <FirstTs>1554189334000</FirstTs>
        <Type>cve</Type>
        <ModifyTs>1620404763000</ModifyTs>
        <Related>CVE-2017-7518,CVE-2017-12188</Related>
        <Uuid>04c56617-23fc-43a5-ab9b-****</Uuid>
        <InternetIp>1.2.3.1</InternetIp>
        <AliasName>RHSA-2019:0230-Important: polkit security update</AliasName>
        <Tag>oval</Tag>
        <Online>true</Online>
        <ResultCode>0</ResultCode>
        <PrimaryId>101162078</PrimaryId>
        <ExtendContentJson>
              <Status>1</Status>
              <Os>centos</Os>
              <Ip>1.2.XX.XX</Ip>
              <AliasName>RHSA-2019:0230-Important: polkit security update</AliasName>
              <LastTs>1620404763000</LastTs>
              <Tag>oval</Tag>
              <AbsolutePath>/roo/www/web</AbsolutePath>
              <OsRelease>7</OsRelease>
              <PrimaryId>111</PrimaryId>
              <RpmEntityList>
                    <Path>/usr/lib64/python2.7/site-packages</Path>
                    <UpdateCmd>*** update python-perf</UpdateCmd>
                    <Version>3.10.0</Version>
                    <FullVersion>3.10.0-693.2.2.el7</FullVersion>
                    <MatchDetail>python-perf version less than 0:3.10.0-693.21.1.el7</MatchDetail>
                    <Name>python-perf</Name>
              </RpmEntityList>
              <cveList>["CVE-2016-8610", "CVE-2017-5335" ]</cveList>
              <Necessity>
                    <Total_score>7.8</Total_score>
                    <Status>normal</Status>
                    <Time_factor>1.0</Time_factor>
                    <Cvss_factor>7.8</Cvss_factor>
                    <Is_calc>1</Is_calc>
                    <Enviroment_factor>1.0</Enviroment_factor>
                    <Assets_factor>1</Assets_factor>
              </Necessity>
        </ExtendContentJson>
  </VulRecords>
  <CurrentPage>1</CurrentPage>
</DescribeVulListResponse>

JSON format

{
	"TotalCount": "2",
	"PageSize": "20",
	"RequestId": "2F26AB2A-1075-488F-8472-40E5DB486ACC",
	"VulRecords": [
		{
			"Status": "1",
			"InstanceId": "i-bp18t***",
			"OsVersion": "linux",
			"Necessity": "asap",
			"LastTs": "1620404763000",
			"ResultMessage": "timeout",
			"IntranetIp": "1.2.3.4",
			"GroupId": "281801",
			"Name": "oval:com.redhat.rhsa:def:20170574",
			"InstanceName": "ECS01",
			"RepairTs": "1541207563000",
			"FirstTs": "1554189334000",
			"Type": "cve",
			"ModifyTs": "1620404763000",
			"Related": "CVE-2017-7518,CVE-2017-12188",
			"Uuid": "04c56617-23fc-43a5-ab9b-****",
			"InternetIp": "1.2.3.1",
			"AliasName": "RHSA-2019:0230-Important: polkit security update",
			"Tag": "oval",
			"Online": "true",
			"ResultCode": "0",
			"PrimaryId": "101162078",
			"ExtendContentJson": {
				"Status": "1",
				"Os": "centos",
				"Ip": "1.2.XX.XX",
				"AliasName": "RHSA-2019:0230-Important: polkit security update",
				"LastTs": "1620404763000",
				"Tag": "oval",
				"AbsolutePath": "/roo/www/web",
				"OsRelease": "7",
				"PrimaryId": "111",
				"RpmEntityList": [
					{
						"Path": "/usr/lib64/python2.7/site-packages",
						"UpdateCmd": "*** update python-perf",
						"Version": "3.10.0",
						"FullVersion": "3.10.0-693.2.2.el7",
						"MatchDetail": "python-perf version less than 0:3.10.0-693.21.1.el7",
						"Name": "python-perf"
					}
				],
				"cveList": "[\"CVE-2016-8610\", \"CVE-2017-5335\" ]",
				"Necessity": {
					"Total_score": "7.8",
					"Status": "normal",
					"Time_factor": "1.0",
					"Cvss_factor": "7.8",
					"Is_calc": "1",
					"Enviroment_factor": "1.0",
					"Assets_factor": "1"
				}
			}
		}
	],
	"CurrentPage": "1"
}

Error codes

For a list of error codes, visit the API Error Center.