DescribeVulList - Security Center - Alibaba Cloud Documentation Center

Queries vulnerabilities by type.

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
Lang	string	No	The language of the content within the request and response. Default value: zh. Valid values: zh: Chinese en: English	zh
Remark	string	No	The remarks for the asset affected by the vulnerability. The value can be the private IP address, public IP address, or name of the asset.	1.2.XX.XX
GroupId	string	No	The ID of the asset group. NoteYou can call the DescribeAllGroups operation to query the IDs of asset groups.	9207613
Type	string	Yes	The type of the vulnerability. Valid values: cve: Linux software vulnerability sys: Windows system vulnerability cms: Web-CMS vulnerability app: application vulnerability that is detected by using web scanner emg: urgent vulnerability sca: application vulnerability that is detected by using software component analysis	cve
Uuids	string	No	The UUIDs of the servers on which you want to query the vulnerabilities. Separate multiple UUIDs with commas (,).	1587bedb-fdb4-48c4-9330-****
Name	string	No	The alias of the vulnerability.	oval:com.redhat.rhsa:def:20172836
AliasName	string	No	The name of the vulnerability.	RHSA-2019:0230-Important: polkit security update
Necessity	string	No	The priority to fix the vulnerability. Separate multiple priorities with commas (,). Valid values: asap: high later: medium nntf: low	asap,later,nntf
Dealed	string	No	Specifies whether the vulnerabilities are fixed. Valid values: y: yes n: no	n
CurrentPage	integer	No	The number of the page to return. Default value: 1.	1
PageSize	integer	No	The number of entries to return on each page. Default value: 10.	20
AttachTypes	string	No	The additional type of the vulnerabilities. You need to specify this parameter when you query application vulnerabilities. Set the value to sca. If you set Type to app, you must specify this parameter. NoteIf you set this parameter to sca, application vulnerabilities and the vulnerabilities that are detected based on software component analysis are queried. If you do not specify this parameter, only application vulnerabilities are queried.	sca
VpcInstanceIds	string	No	The IDs of the virtual private clouds (VPCs) in which the vulnerability is detected. Separate multiple IDs with commas (,).	ins-133**,ins-5414**

Response parameters

Parameter	Type	Description	Example
	object
CurrentPage	integer	The page number of the returned page.	1
RequestId	string	The ID of the request, which is used to locate and troubleshoot issues.	2F26AB2A-1075-488F-8472-40E5DB486ACC
PageSize	integer	The number of entries returned per page.	20
TotalCount	integer	The total number of vulnerabilities returned.	2
VulRecords	array	An array that consists of the details about the vulnerability.
	object
Status	integer	The status of the vulnerability. Valid values: 1: unfixed 2: fix failed 3: rollback failed 4: fixing 5: being rolled back 6: being verified 7: fixed 8: fixed and to be restarted 9: rolled back 10: ignored 11: rolled back and to be restarted 12: not found 20: expired	1
Type	string	The type of the vulnerability. Valid values: cve: Linux software vulnerability sys: Windows system vulnerability cms: Web-CMS vulnerability emg: urgent vulnerability app: application vulnerability sca: application vulnerability that is detected by using software component analysis	cve
ModifyTs	long	The timestamp when the vulnerability status was modified. Unit: milliseconds.	1620404763000
InternetIp	string	The public IP address of the asset.	1.2.XX.XX
PrimaryId	long	The ID of the vulnerability.	101162078
Tag	string	The tag that is added to the vulnerability.	oval
InstanceName	string	The name of the asset.	testInstance
Online	boolean	Indicates whether the Security Center agent on the asset is online. Valid values: true: yes false: no	true
OsVersion	string	The name of the operating system for your asset.	linux
Name	string	The name of the vulnerability.	oval:com.redhat.rhsa:def:20170574
ResultCode	string	The code that indicates the vulnerability fixing result.	0
InstanceId	string	The instance ID of the asset.	i-bp18t***
Related	string	The Common Vulnerabilities and Exposures (CVE) IDs related to the vulnerability. Multiple CVE IDs are separated by commas (,).	CVE-2017-7518,CVE-2017-12188
IntranetIp	string	The private IP address of the asset.	1.2.XX.XX
LastTs	long	The timestamp when the vulnerability was last detected. Unit: milliseconds.	1620404763000
FirstTs	long	The timestamp when the vulnerability was first detected. Unit: milliseconds.	1554189334000
RegionId	string	The ID of the region in which the server resides.	cn-hangzhou
Necessity	string	The priority to fix the vulnerability. Valid values: asap: high later: medium nntf: low NoteWe recommend that you fix the vulnerabilities that have the high priority at the earliest opportunity.	asap
RepairTs	long	The timestamp when the vulnerability was fixed. Unit: milliseconds.	1541207563000
Uuid	string	The UUID of the asset.	04c56617-23fc-43a5-ab9b-****
GroupId	integer	The ID of the asset group.	281801
ResultMessage	string	The message that indicates the vulnerability fixing result.	timeout
AliasName	string	The name of the vulnerability.	RHSA-2019:0230-Important: polkit security update
ExtendContentJson	object	The extended information about the vulnerability.
Status	string	The status of the vulnerability. Valid values: 1: unfixed 2: fix failed 3: rollback failed 4: fixing 5: being rolled back 6: being verified 7: fixed 8: fixed and to be restarted 9: rolled back 10: ignored 11: rolled back and to be restarted 12: not found 20: expired	1
Ip	string	The public IP address of the asset that is associated with the vulnerability.	1.2.XX.XX
PrimaryId	long	The ID of the vulnerability.	111
Os	string	The name of the operating system.	centos
Tag	string	The tag that is added to the vulnerability.	oval
LastTs	long	The timestamp when the vulnerability was last detected. Unit: milliseconds.	1620404763000
Description	string	The description of the vulnerability.	kernel version:5.10.84-10.2.al8.x86_64
OsRelease	string	The release of the operating system.	7
AliasName	string	The alias of the vulnerability.	RHSA-2019:0230-Important: polkit security update
AbsolutePath	string	The package path of the software that has the vulnerability.	/roo/www/web
RpmEntityList	array	The RPM Package Manager (RPM) packages.
	object
FullVersion	string	The complete version number.	3.10.0-693.2.2.el7
Version	string	The package version number of the software that has the vulnerability.	3.10.0
MatchDetail	string	The reason why the vulnerability is detected.	python-perf version less than 0:3.10.0-693.21.1.el7
ImageName	string	The name of the image.	registry_387ytb_xxx
Path	string	The path of the software that has the vulnerability.	/usr/lib64/python2.7/site-packages
ContainerName	string	The name of the container.	k8s_67895c4_xxx
Name	string	The name of the RPM package.	python-perf
UpdateCmd	string	The command that is used to fix the vulnerability.	*** update python-perf
MatchList	array	The rule that is used to detect the vulnerability.
	string	The rule that is used to detect the vulnerability.	fastjson(jar) extendField.safemode equals false
Pid	string	The process ID.	8664
cveList	array	The CVE list.
	string	The CVE list.	CVE-2016-8610
Necessity	object	Indicates whether the vulnerability needs to be fixed.
Status	string	The status of the score of urgency to fix a vulnerability. Valid values: none: No score is generated. pending: The score is pending calculation. normal: The calculation is normal.	normal
Time_factor	string	The time score.	1.0
Enviroment_factor	string	The environment score.	1.0
Is_calc	string	Indicates whether the score of urgency to fix a vulnerability is calculated. Valid values: 0: no 1: yes	1
Total_score	string	The score of urgency to fix a vulnerability. The following list describes scores and related fixing suggestions: If the score is from 13.5 to 15, the vulnerability is a high-risk vulnerability. You must fix the vulnerability at the earliest opportunity. If the score is greater than or equal to 7 but less than 13.5, the vulnerability is a medium-risk vulnerability. You can fix the vulnerability at your convenience. If the score is less than 7, the vulnerability is a low-risk vulnerability. You can ignore the vulnerability.	7.8
Cvss_factor	string	The Common Vulnerability Scoring System (CVSS) score.	7.8
Assets_factor	string	The asset importance score. Valid values: 2: an important asset 1: a common asset 0: a test asset	1
Bind	boolean	Indicates whether Security Center is authorized to protect the asset. Valid values: true: yes false: no	true
OsName	string	The name of the operating system for your asset.	CentOS 7.2 64-bit
AuthVersion	string	The edition of Security Center that is authorized to protect the asset. Valid values: 1: Basic edition 6: Anti-virus edition 5: Advanced edition 3: Enterprise edition 7: Ultimate edition 10: Value-added Plan edition	3

Examples

Sample success responses

JSONformat

{
  "CurrentPage": 1,
  "RequestId": "2F26AB2A-1075-488F-8472-40E5DB486ACC",
  "PageSize": 20,
  "TotalCount": 2,
  "VulRecords": [
    {
      "Status": 1,
      "Type": "cve",
      "ModifyTs": 1620404763000,
      "InternetIp": "1.2.XX.XX",
      "PrimaryId": 101162078,
      "Tag": "oval",
      "InstanceName": "testInstance",
      "Online": true,
      "OsVersion": "linux",
      "Name": "oval:com.redhat.rhsa:def:20170574",
      "ResultCode": "0",
      "InstanceId": "i-bp18t***",
      "Related": "CVE-2017-7518,CVE-2017-12188",
      "IntranetIp": "1.2.XX.XX",
      "LastTs": 1620404763000,
      "FirstTs": 1554189334000,
      "RegionId": "cn-hangzhou",
      "Necessity": "asap",
      "RepairTs": 1541207563000,
      "Uuid": "04c56617-23fc-43a5-ab9b-****",
      "GroupId": 281801,
      "ResultMessage": "timeout",
      "AliasName": "RHSA-2019:0230-Important: polkit security update",
      "ExtendContentJson": {
        "Status": "1",
        "Ip": "1.2.XX.XX",
        "PrimaryId": 111,
        "Os": "centos",
        "Tag": "oval",
        "LastTs": 1620404763000,
        "Description": "kernel version:5.10.84-10.2.al8.x86_64",
        "OsRelease": "7",
        "AliasName": "RHSA-2019:0230-Important: polkit security update",
        "AbsolutePath": "/roo/www/web",
        "RpmEntityList": [
          {
            "FullVersion": "3.10.0-693.2.2.el7",
            "Version": "3.10.0",
            "MatchDetail": "python-perf version less than 0:3.10.0-693.21.1.el7",
            "ImageName": "registry_387ytb_xxx",
            "Path": "/usr/lib64/python2.7/site-packages",
            "ContainerName": "k8s_67895c4_xxx",
            "Name": "python-perf",
            "UpdateCmd": "*** update python-perf",
            "MatchList": [
              "fastjson(jar) extendField.safemode equals false"
            ],
            "Pid": "8664"
          }
        ],
        "cveList": [
          "CVE-2016-8610"
        ],
        "Necessity": {
          "Status": "normal",
          "Time_factor": "1.0",
          "Enviroment_factor": "1.0",
          "Is_calc": "1",
          "Total_score": "7.8",
          "Cvss_factor": "7.8",
          "Assets_factor": "1"
        }
      },
      "Bind": true,
      "OsName": "CentOS 7.2 64-bit\n",
      "AuthVersion": "3"
    }
  ]
}

Error codes

HTTP status code	Error code	Error message	Description
400	NoPermission	no permission	-
400	InnerError	InnerError	-
400	IllegalParam	Illegal param	-
400	DataNotExists	%s data not exist	-
403	NoPermission	caller has no permission	You are not authorized to do this operation.
500	ServerError	ServerError	-

For a list of error codes, visit the Service error codes.

Change history

Change time

Summary of changes

Operation

2022-06-20

The error codes of the API operation change.,The input parameters of the API operation change.

Change item	Change content
Error Codes	The error codes of the API operation change.
	delete Error Codes: 400
Input Parameters	The input parameters of the API operation change.
	Added Input Parameters: Name