产品概述
Domain name for API request: csip.intl.tencentcloudapi.com.
Security Center Risk Center - List of Vulnerabilities.
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeVULList. |
| Version | Yes | String | Common Params. The value used for this API: 2022-11-21. |
| Region | No | String | Common Params. This parameter is not required. |
| MemberId.N | No | Array of String | Group Account Member ID |
| Filter | No | Filter | Query condition. |
| Parameter Name | Type | Description |
|---|---|---|
| TotalCount | Integer | Total number. |
| Data | Array of VULBaseInfo | Vulnerability list |
| VULTypeLists | Array of FilterDataObject | Vulnerability Type List |
| RiskLevels | Array of FilterDataObject | Risk level list. |
| Tags | Array of FilterDataObject | Tag. |
| ProductSupport | Array of FilterDataObject | Product support. |
| CheckStatus | Array of FilterDataObject | Product support. |
| AttackHeat | Array of FilterDataObject | Attack intensity enumeration. |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
Example 1
POST / HTTP/1.1
Host: csip.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeVULList
<Common request parameters>
{
"Filter": {
"Limit": 3,
"Offset": 0,
"Filters": [
{
"Name": "EMGCVulType",
"Values": [
"1"
]
}
]
}
}{
"Response": {
"AttackHeat": [
{
No Popularity
"Value": "0"
},
{
"Text": "High"
"Value": "3"
},
{
"Text": "Low"
"Value": "1"
},
{
"Text": "Chinese"
"Value": "2"
}
],
"CheckStatus": [
{
Scan complete
"Value": "2"
},
{
"Text": "Not Scanned"
"Value": "0"
}
],
"Data": [
{
"AffectAssetCount": 0,
"AppName": "(vim) vim",
"AttackHeat": 0,
"CVE": "CVE-2008-4101",
"CVSS": 0,
"EMGCVulType": 1,
"LastScanTime": "",
"Level": "high",
"PublishTime": "2008-09-19 01:59:00",
"ScanStatus": 0,
"SupportProduct": "cwp_detect,cwp_fix",
"TaskId": "",
"VULName": "Vim input validation vulnerability"
"VULType": "Input validation"
"VulTag": [
"NETWORK",
"POC",
"SYS",
"APP"
]
},
{
"AffectAssetCount": 0,
"AppName": "(radius_extension_project) radius",
"AttackHeat": 0,
"CVE": "CVE-2013-2220",
"CVSS": 0,
"EMGCVulType": 1,
"LastScanTime": "",
"Level": "high",
"PublishTime": "2013-07-31 21:20:00",
"ScanStatus": 0,
"SupportProduct": "cwp_detect,cwp_fix",
"TaskId": "",
"VULName": "PECL radius 'radius_get_vendor_attr()' Remote Denial of Service (DoS) Vulnerability"
"VULType": "Buffer error",
"VulTag": [
"NETWORK",
"SYS"
]
},
{
"AffectAssetCount": 0,
"AppName": "(apache) activemq",
"AttackHeat": 0,
"CVE": "CVE-2016-3088",
"CVSS": 9.8,
"EMGCVulType": 1,
"LastScanTime": "",
"Level": "high",
"PublishTime": "2016-06-01 16:59:04",
"ScanStatus": 0,
"SupportProduct": "cwp_detect,cwp_defense",
"TaskId": "",
"VULName": "Apache ActiveMQ Fileserver Remote Code Execution Vulnerability (CVE-2016-3088)"
"VULType": "Input validation"
"VulTag": [
"NETWORK",
"EXP",
"POC",
"KNOWN_EXPLOITED",
"SYS",
"APP"
]
}
],
"ProductSupport": [
{
CSC automatic fix
"Value": "cwp_fix"
},
{
Cloud Firewall (CFW) and Web application firewall enable virtual patch.
"Value": "cfw_waf_virtual"
},
{
"Text": "CSC vulnerability detection"
"Value": "cwp_detect"
},
{
"Text": "CSC vulnerability defense"
"Value": "cwp_defense"
}
],
"RequestId": "d2e5b2ba-6ee2-4801-a378-af163d79a052",
"RiskLevels": [
{
"Text": "High risk",
"Value": "high"
},
{
"Text": "Medium risk"
"Value": "middle"
},
{
"Text": "",
"Value": "unknown"
},
{
Low risk
"Value": "low"
}
],
"Tags": [
{
"Text": "Emergency"
"Value": "IS_EMERGENCY"
},
{
compulsory
"Value": "IS_SUGGEST"
},
{
The security vulnerability can be exploited remotely.
"Value": "NETWORK"
},
{
The security vulnerability can be used as application component vulnerability detection.
"Value": "APP"
},
{
"Text": "The vulnerability has an exploit"
"Value": "EXP"
},
{
The vulnerability exists with exploitation in the wild or Wild Attacks.
"Value": "KNOWN_EXPLOITED"
},
{
The vulnerability has a poc
"Value": "POC"
},
{
The vulnerability can only be exploited locally.
"Value": "LOCAL"
},
{
The vulnerability can be used as a system component vulnerability to detect.
"Value": "SYS"
}
],
"TotalCount": 208,
"VULTypeLists": [
{
"Text": "Input Validation"
"Value": "3"
},
{
Buffer error
"Value": "12"
},
{
Race condition
"Value": "9"
},
{
Permission license and access control
"Value": "24"
},
{
Batch assignment of vulnerabilities
"Value": "52"
},
{
"Text": "Code injection"
"Value": "18"
},
{
"Text": "File upload",
"Value": "35"
},
{
Deserialize
"Value": "16"
},
{
"Text": "Path traversal"
"Value": "21"
},
{
Trust Management
"Value": "32"
},
{
Authorization issue
"Value": "4"
},
{
"Text": "Code execution",
"Value": "45"
},
{
Input verification error
"Value": "42"
},
{
"Text": "SQL injection"
"Value": "37"
},
{
"Text": "Unauthorized access"
"Value": "53"
},
{
Infinite loop vulnerability
"Value": "22"
},
{
Resource management error
"Value": "6"
},
{
Command execution
"Value": "41"
},
{
"Text": "Other",
"Value": "0"
},
{
Operating system command injection
"Value": "36"
},
{
"Text": "Inject"
"Value": "11"
},
{
Improper permission management
"Value": "20"
},
{
"Text": "null pointer reference"
"Value": "10"
},
{
"Text": "integer overflow"
"Value": "25"
},
{
Code issue
"Value": "23"
},
{
"Text": "Out-of-bounds write"
"Value": "5"
},
{
"Text": "Access control error"
"Value": "30"
},
{
"Text": "Component Vulnerability"
"Value": "56"
},
{
server-side request forgery
"Value": "57"
},
{
Cross-site request forgery
"Value": "15"
},
{
Incorrect currency numbers
"Value": "28"
},
{
DoS
"Value": "40"
},
{
buffer overflow
"Value": "14"
},
{
"Text": "Out-of-bounds read"
"Value": "1"
},
{
Configuration error
"Value": "8"
},
{
Bypass security mode
"Value": "61"
},
{
"Text": "Permission escalation",
"Value": "54"
},
{
"Text": "Arbitrary file read"
"Value": "71"
},
{
information leakage
"Value": "2"
},
{
login bypass
"Value": "60"
},
{
information leakage
"Value": "43"
},
{
Parsing error
"Value": "63"
},
{
"Text": "Xml injection",
"Value": "78"
},
{
Permission and access control issues
"Value": "13"
},
{
"Text": "XML external entity (XXE) injection"
"Value": "29"
},
{
Cross-site scripting
"Value": "44"
},
{
Command injection
"Value": "34"
},
{
Split http request
"Value": "59"
},
{
Security feature issue
"Value": "48"
},
{
Material shortage
"Value": "33"
},
{
Double Free vulnerability
"Value": "17"
},
{
Encryption issue
"Value": "7"
},
{
url redirection
"Value": "49"
},
{
"Text": "Weak password",
"Value": "62"
},
{
Trust management issues
"Value": "46"
},
{
"Text": "Post link",
"Value": "19"
},
{
Design error
"Value": "38"
},
{
CRLF injection
"Value": "31"
},
{
Data reliability not fully verified
"Value": "51"
},
{
"Text": "Local file inclusion"
"Value": "50"
},
{
Race condition issue
"Value": "58"
},
{
"Text": "Access control",
"Value": "26"
},
{
"Text": "Path traversal"
"Value": "27"
},
{
"Text": "Invalid pointer reference"
"Value": "55"
},
{
LDAP injection vulnerability
"Value": "47"
},
{
"Text": "Format string"
"Value": "67"
},
{
"Text": "Session fixed",
"Value": "69"
},
{
ldap injection
"Value": "70"
},
{
man-in-the-middle attack
"Value": "72"
},
{
http request forgery
"Value": "73"
},
{
http response spoofing
"Value": "64"
},
{
"Text": "Boundary condition error"
"Value": "68"
},
{
"Text": "Unknown",
"Value": "66"
},
{
Access verification error
"Value": "65"
},
{
remote overflow
"Value": "75"
},
{
backdoor
"Value": "76"
},
{
Local overflow
"Value": "77"
},
{
Arbitrary file download
"Value": "80"
},
{
Obfuscation proxy
"Value": "79"
},
{
Directory traversal
"Value": "81"
},
{
Permission verification insufficient
"Value": "82"
},
{
Processing logic error
"Value": "83"
},
{
Xpath injection
"Value": "84"
},
{
"Text": "Path leakage"
"Value": "86"
}
]
}
}TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
There is no error code related to the API business logic. For other error codes, please see Common Error Codes.
文档反馈