Queries the risk information about the assets of organizations.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ListOrgVulFacets

The operation that you want to perform. Set the value to ListOrgVulFacets.

OrgId Integer No 1

The ID of the organization.

Asset String No www.aliyun.com

The asset.

CurrentPage Integer No 1

The number of the page to return.

Default value: 1.

Lang String No en

The language type of the request and response. Valid values:

  • zh: Chinese
  • en: English
PageSize Integer No 10

The number of entries to return on each page.

Default value: 10.

Maximum value: 10.

Response parameters

Parameter Type Example Description
CurrentPage Integer 1

The number of the returned page.

Default value: 1.

PageSize Integer 10

The number of entries returned per page.

Default value: 10.

Maximum value: 10.

RequestId String 14B0B62A-72C5-44E0-866D-55817A31353A

The ID of the request.

Total Integer 10

The total number of returned entries.

TotalCount Integer 17

The total number of assets.

Vuls Array

The total number of vulnerabilities.

Classification String SQL Injection

The category of the vulnerability.

Count Integer 7

The number of vulnerabilities.

Index Integer 1

The index number.

ModuleID Integer 1

The ID of the module.

Name String SQL Injection Vulnerability

The name of the vulnerability.

Severity String High

The severity of the vulnerability. Valid values:

  • High
  • Medium
  • Low
  • Info

Examples

Sample requests

http(s)://[Endpoint]/?Action=ListOrgVulFacets
&<Common request parameters>

Sample success responses

XML format

<ListOrgVulFacetsResponse>
   <code>200</code>
   <data>
        <TotalCount>17</TotalCount>
        <PageSize>10</PageSize>
        <CurrentPage>1</CurrentPage>
        <Vuls>
              <ModuleID>98</ModuleID>
              <Classification>SQL Injection</Classification>
              <Index>1</Index>
              <Severity>High</Severity>
              <Count>7</Count>
              <Name>SQL Injection Vulnerability</Name>
        </Vuls>
        <Vuls>
              <ModuleID>2308</ModuleID>
              <Classification>SQL Injection</Classification>
              <Index>2</Index>
              <Severity>High</Severity>
              <Count>1</Count>
              <Name>Error-based SQL Injection</Name>
        </Vuls>
        <Vuls>
              <ModuleID>116</ModuleID>
              <Classification>Sensitive Information Leakage</Classification>
              <Index>3</Index>
              <Severity>High</Severity>
              <Count>1</Count>
              <Name>Backup File Package Download</Name>
        </Vuls>
        <Vuls>
              <ModuleID>2045</ModuleID>
              <Classification></Classification>
              <Index>4</Index>
              <Severity>High</Severity>
              <Count>1</Count>
              <Name>Source Code Leakage Due to Improper Configuration of Web Application</Name>
        </Vuls>
        <Vuls>
              <ModuleID>894</ModuleID>
              <Classification>Server-side Request Forgery</Classification>
              <Index>5</Index>
              <Severity>High</Severity>
              <Count>1</Count>
              <Name>Server-side Request Forgery</Name>
        </Vuls>
        <Vuls>
              <ModuleID>2068</ModuleID>
              <Classification></Classification>
              <Index>6</Index>
              <Severity>High</Severity>
              <Count>1</Count>
              <Name>Macromedia Dreamweaver Remote Database Script</Name>
        </Vuls>
        <Vuls>
              <ModuleID>2311</ModuleID>
              <Classification>Reflected XSS</Classification>
              <Index>7</Index>
              <Severity>Medium</Severity>
              <Count>7</Count>
              <Name>XSS Vulnerability</Name>
        </Vuls>
        <Vuls>
              <ModuleID>1074</ModuleID>
              <Classification>Sensitive Information Leakage</Classification>
              <Index>8</Index>
              <Severity>Medium</Severity>
              <Count>7</Count>
              <Name>Directory Open and Accessible</Name>
        </Vuls>
        <Vuls>
              <ModuleID>2019</ModuleID>
              <Classification></Classification>
              <Index>9</Index>
              <Severity>Medium</Severity>
              <Count>1</Count>
              <Name>Nginx SPDY Heap Buffer Overflow Vulnerability CVE-2014-0133</Name>
        </Vuls>
        <Vuls>
              <ModuleID>118</ModuleID>
              <Classification>Sensitive Information Leakage</Classification>
              <Index>10</Index>
              <Severity>Medium</Severity>
              <Count>1</Count>
              <Name>Leakage of Server Information in the phpinfo File</Name>
        </Vuls>
   </data>
   <requestId>14B0B62A-72C5-44E0-866D-55817A31353A</requestId>
   <success>true</success>
</ListOrgVulFacetsResponse>

JSON format

{
    "code": 200,
    "data": {
        "TotalCount": 17,
        "PageSize": 10,
        "CurrentPage": 1,
        "Vuls": [
            {
                "ModuleID": 98,
                "Classification": "SQL Injection",
                "Index": 1,
                "Severity": "High",
                "Count": 7,
                "Name": "SQL Injection Vulnerability"
            },
            {
                "ModuleID": 2308,
                "Classification": "SQL Injection",
                "Index": 2,
                "Severity": "High",
                "Count": 1,
                "Name": "Error-based SQL Injection"
            },
            {
                "ModuleID": 116,
                "Classification": "Sensitive Information Leakage",
                "Index": 3,
                "Severity": "High",
                "Count": 1,
                "Name": "Backup File Package Download"
            },
            {
                "ModuleID": 2045,
                "Classification": "",
                "Index": 4,
                "Severity": "High",
                "Count": 1,
                "Name": "Source Code Leakage Due to Improper Configuration of Web Application"
            },
            {
                "ModuleID": 894,
                "Classification": "Server-side Request Forgery",
                "Index": 5,
                "Severity": "High",
                "Count": 1,
                "Name": "Server-side Request Forgery"
            },
            {
                "ModuleID": 2068,
                "Classification": "",
                "Index": 6,
                "Severity": "High",
                "Count": 1,
                "Name": "Macromedia Dreamweaver Remote Database Script"
            },
            {
                "ModuleID": 2311,
                "Classification": "Reflected XSS",
                "Index": 7,
                "Severity": "Medium",
                "Count": 7,
                "Name": "XSS Vulnerability"
            },
            {
                "ModuleID": 1074,
                "Classification": "Sensitive Information Leakage",
                "Index": 8,
                "Severity": "Medium",
                "Count": 7,
                "Name": "Directory Open and Accessible"
            },
            {
                "ModuleID": 2019,
                "Classification": "",
                "Index": 9,
                "Severity": "Medium",
                "Count": 1,
                "Name": "Nginx SPDY Heap Buffer Overflow Vulnerability CVE-2014-0133"
            },
            {
                "ModuleID": 118,
                "Classification": "Sensitive Information Leakage",
                "Index": 10,
                "Severity": "Medium",
                "Count": 1,
                "Name": "Leakage of Server Information in the phpinfo File"
            }
        ]
    },
    "requestId": "14B0B62A-72C5-44E0-866D-55817A31353A",
    "success": true
}

Error codes

For a list of error codes, visit the API Error Center.