Vulnerabilities API - GET vulnerability details

Reference

Lists the details of a specific vulnerability.

The request produces an application/json payload.

GET	SaaS	`https://{your-environment-id}.live.dynatrace.com/api/v2/securityProblems/{id}`
GET	Environment ActiveGateCluster ActiveGate	`https://{your-activegate-domain}:9999/e/{your-environment-id}/api/v2/securityProblems/{id}`

Authentication

To execute this request, you need an access token with securityProblems.read scope.

To learn how to obtain and use it, see Tokens and authentication.

Parameters

Parameter	Type	Description	In	Required
id	string	The ID of the requested security problem.	path	required
fields	string	A list of additional security problem properties you can add to the response. The following properties are available (all other properties are always included and you can't remove them from the response): `riskAssessment`: A risk assessment of the security problem. `managementZones`: The management zone where the security problem occurred. `codeLevelVulnerabilityDetails`: Details of the code-level vulnerability. `globalCounts`: Globally calculated statistics about the security problem. No management zone information is taken into account. `filteredCounts`: Statistics about the security problem, filtered by the management zone and timeframe start ('from') query parameters. `description`: The description of the vulnerability. `remediationDescription`: Description of how to remediate the vulnerability. `events`: The security problem's last 10 events within the last 365 days, sorted from newest to oldest. `vulnerableComponents`: A list of vulnerable components of the security problem within the provided filter range. `affectedEntities`: A list of affected entities of the security problem within the provided filter range. `exposedEntities`: A list of exposed entities of the security problem within the provided filter range. `reachableDataAssets`: A list of data assets reachable by affected entities of the security problem within the provided filter range. `relatedEntities`: A list of related entities of the security problem within the provided filter range. `relatedContainerImages`: A list of related container images of the security problem within the provided filter range. `relatedAttacks`: A list of attacks detected on the exposed security problem. `entryPoints`: A list of entry points and a flag which indicates whether this list was truncated or not. To add properties, specify them in a comma-separated list and prefix each property with a plus (for example, `+riskAssessment,+managementZones`).	query	optional
managementZoneFilter	string	To specify management zones, use one of the options listed below. For each option you can specify multiple comma-separated values. If several values are specified, the OR logic applies. All values are case-sensitive and must be quoted. Management zone ID: ids("mzId-1", "mzId-2"). Management zone names: names("mz-1", "mz-2"). You can specify several comma-separated criteria (for example, `names("myMz"),ids("9130632296508575249")`).	query	optional
from	string	Based on the timeframe start the affected-, related- and vulnerable entities are being calculated. You can use one of the following formats: Timestamp in UTC milliseconds. Human-readable format of `2021-01-25T05:57:01.123+01:00`. If no time zone is specified, UTC is used. You can use a space character instead of the `T`. Seconds and fractions of a second are optional. Relative timeframe, back from now. The format is `now-NU/A`, where `N` is the amount of time, `U` is the unit of time, and `A` is an alignment. The alignment rounds all the smaller values to the nearest zero in the past. For example, `now-1y/w` is one year back, aligned by a week. You can also specify relative timeframe without an alignment: `now-NU`. Supported time units for the relative timeframe are: `m`: minutes `h`: hours `d`: days `w`: weeks `M`: months `y`: years If not set, the default timeframe start of 24 hours in the past is used (`now-24h`). The timeframe start must not be older than 365 days.	query	optional

Response

Response codes

Code	Type	Description
200	SecurityProblemDetails	Success. The response contains parameters of the security problem.
4XX	ErrorEnvelope	Client side error.
5XX	ErrorEnvelope	Server side error.

Response body objects

The `SecurityProblemDetails` object

Parameters of a security problem

Element	Type	Description
affectedEntities	string[]	A list of affected entities of the security problem. An affected entity is an entity where a vulnerable component runs.
codeLevelVulnerabilityDetails	CodeLevelVulnerabilityDetails	The details of a code-level vulnerability.
cveIds	string[]	A list of CVE IDs of the security problem.
description	string	The description of the security problem.
displayId	string	The display ID of the security problem.
entryPoints	EntryPoints	A list of entry points and a flag which indicates whether this list was truncated or not.
events	SecurityProblemEvent[]	An ordered (newest first) list of events of the security problem.
exposedEntities	string[]	A list of exposed entities of the security problem. An exposed entity is an affected entity that is exposed to the internet.
externalVulnerabilityId	string	The external vulnerability ID of the security problem.
filteredCounts	FilteredCountsDto	Statistics about the security problem, filtered by the management zone and timeframe start ('from') query parameters.
firstSeenTimestamp	integer	The timestamp of the first occurrence of the security problem.
globalCounts	GlobalCountsDto	Globally calculated statistics about the security problem. No management zone information is taken into account.
lastOpenedTimestamp	integer	The timestamp when the security problem was last opened.
lastResolvedTimestamp	integer	The timestamp when the security problem was last resolved.
lastUpdatedTimestamp	integer	The timestamp of the most recent security problem change.
managementZones	ManagementZone[]	A list of management zones which the affected entities belong to.
muteStateChangeInProgress	boolean	If `true` a change of the mute state is in progress.
muted	boolean	The security problem is (`true`) or is not (`false`) muted.
packageName	string	The package name of the security problem.
reachableDataAssets	string[]	A list of data assets reachable by affected entities of the security problem. A data asset is a service that has database access.
relatedAttacks	RelatedAttacksList	A list of related attacks of the security problem. Related attacks are attacks on the exposed security problem.
relatedContainerImages	RelatedContainerList	A list of related container images.
relatedEntities	RelatedEntitiesList	A list of related entities of the security problem. A related entity is a monitored entity that is directly or indirectly related to an affected entity (for example, it could be a host where an affected process runs). Each related entity contains a list of corresponding affected entities (for example, an affected process running on this host).
remediationDescription	string	Description of how to remediate the vulnerability.
riskAssessment	RiskAssessmentDetails	Risk assessment of a security problem.
securityProblemId	string	The ID of the security problem.
status	string	The status of the security problem. `OPEN` `RESOLVED`
technology	string	The technology of the security problem. `DOTNET` `GO` `JAVA` `KUBERNETES` `NODE_JS` `PHP` `PYTHON`
title	string	The title of the security problem.
url	string	The URL to the security problem details page.
vulnerabilityType	string	The type of the vulnerability. `CODE_LEVEL` `RUNTIME` `THIRD_PARTY`
vulnerableComponents	VulnerableComponent[]	A list of vulnerable components of the security problem. A vulnerable component is what causes the security problem.

The `CodeLevelVulnerabilityDetails` object

The details of a code-level vulnerability.

Element	Type	Description
processGroupIds	string[]	The list of encoded MEIdentifier of the process groups.
processGroups	string[]	The list of affected process groups.
shortVulnerabilityLocation	string	The code location of the vulnerability without package and parameter.
type	string	The type of code level vulnerability. `CMD_INJECTION` `IMPROPER_INPUT_VALIDATION` `SQL_INJECTION` `SSRF`
vulnerabilityLocation	string	The code location of the vulnerability.
vulnerableFunction	string	The vulnerable function of the vulnerability.
vulnerableFunctionInput	VulnerableFunctionInput	Describes what got passed into the code level vulnerability.

The `VulnerableFunctionInput` object

Describes what got passed into the code level vulnerability.

Element	Type	Description
inputSegments	VulnerableFunctionInputSegment[]	A list of input segments.
type	string	The type of the input. `COMMAND` `HTTP_CLIENT` `JNDI` `SQL_STATEMENT`

The `VulnerableFunctionInputSegment` object

Describes one segment that was passed into a vulnerable function.

Element	Type	Description
type	string	The type of the input segment. `MALICIOUS_INPUT` `REGULAR_INPUT` `TAINTED_INPUT`
value	string	The value of the input segment.

The `EntryPoints` object

A list of entry points and a flag which indicates whether this list was truncated or not.

Element	Type	Description
items	EntryPoint[]	A list of entry points.
truncated	boolean	Indicates whether the list of entry points was truncated or not.

The `EntryPoint` object

Information about an entry point of a code-level vulnerability.

Element	Type	Description
sourceHttpPath	string	Source HTTP path of entry points.
usageSegments	EntryPointUsageSegment[]	List of entry point usage segments.

The `EntryPointUsageSegment` object

Describes one segment that was passed into a usage and the associated source name and type.

Element	Type	Description
segmentType	string	The type of this input segment. `MALICIOUS_INPUT` `REGULAR_INPUT` `TAINTED_INPUT`
segmentValue	string	The value of this input segment.
sourceArgumentName	string	The name used in the source for this segment.
sourceType	string	The type of the HTTP request part that contains the value that was used in this segment. `HTTP_BODY` `HTTP_COOKIE` `HTTP_HEADER_NAME` `HTTP_HEADER_VALUE` `HTTP_OTHER` `HTTP_PARAMETER_NAME` `HTTP_PARAMETER_VALUE` `HTTP_URL` `UNKNOWN`

The `SecurityProblemEvent` object

The event of a security problem.

Element	Type	Description
muteState	MuteState	Metadata of the muted state of a security problem in relation to an event.
reason	string	The reason of the event creation. `ASSESSMENT_CHANGED` `SECURITY_PROBLEM_CREATED` `SECURITY_PROBLEM_MUTED` `SECURITY_PROBLEM_REOPENED` `SECURITY_PROBLEM_RESOLVED` `SECURITY_PROBLEM_UNMUTED`
riskAssessmentSnapshot	RiskAssessmentSnapshot	A snapshot of the risk assessment of a security problem.
timestamp	integer	The timestamp when the event occurred.

The `MuteState` object

Metadata of the muted state of a security problem in relation to an event.

Element	Type	Description
comment	string	A user's comment.
reason	string	The reason for the mute state change. `AFFECTED` `CONFIGURATION_NOT_AFFECTED` `FALSE_POSITIVE` `IGNORE` `INITIAL_STATE` `OTHER` `VULNERABLE_CODE_NOT_IN_USE`
user	string	The user who has muted or unmuted the problem.

The `RiskAssessmentSnapshot` object

A snapshot of the risk assessment of a security problem.

Element	Type	Description
baseRiskScore	number	The risk score (1-10) from the CVSS score.
changes	RiskAssessmentChanges	All changes of the risk assessment.
exposure	string	The level of exposure of affected entities. `NOT_AVAILABLE` `NOT_DETECTED` `PUBLIC_NETWORK`
numberOfAffectedEntities	integer	The number of currently affected entities.
numberOfAffectedNodes	integer	The number of currently affected nodes.
numberOfAffectedProcessGroups	integer	The number of currently affected process groups.
numberOfReachableDataAssets	integer	The number of data assets that are currently reachable by affected entities.
numberOfRelatedAttacks	integer	The number of related attacks.
publicExploit	string	The availability status of public exploits. `AVAILABLE` `NOT_AVAILABLE`
riskLevel	string	The Davis risk level. It is calculated by Dynatrace on the basis of CVSS score. `CRITICAL` `HIGH` `LOW` `MEDIUM` `NONE`
riskScore	number	The Davis risk score (1-10). It is calculated by Dynatrace on the basis of CVSS score.
vulnerableFunctionUsage	string	The state of vulnerable code execution. `IN_USE` `NOT_AVAILABLE` `NOT_IN_USE`

The `RiskAssessmentChanges` object

All changes of the risk assessment.

Element	Type	Description
deltaBaseRiskScore	number	The delta of the risk score.
deltaNumberOfAffectedNodes	integer	The delta of the number of currently affected nodes.
deltaNumberOfAffectedProcessGroups	integer	The delta of the number of currently affected process groups.
deltaNumberOfReachableDataAssets	integer	The delta of the number of data assets that are currently reachable by affected entities.
deltaNumberOfRelatedAttacks	integer	The delta of the number of related attacks.
deltaRiskScore	number	The delta of the Davis risk score.
previousExposure	string	The previous level of exposure of affected entities. `NOT_AVAILABLE` `NOT_DETECTED` `PUBLIC_NETWORK`
previousPublicExploit	string	The previous availability status of public exploits. `AVAILABLE` `NOT_AVAILABLE`
previousVulnerableFunctionUsage	string	The previous state of vulnerable code execution. `IN_USE` `NOT_AVAILABLE` `NOT_IN_USE`

The `FilteredCountsDto` object

Statistics about the security problem, filtered by the management zone and timeframe start ('from') query parameters.

Element	Type	Description
affectedNodes	integer	Number of affected nodes
affectedProcessGroupInstances	integer	Number of affected processes
affectedProcessGroups	integer	Number of affected process groups
exposedProcessGroups	integer	Number of exposed process groups
reachableDataAssets	integer	Number of reachable data assets
relatedApplications	integer	Number of related applications
relatedAttacks	integer	Number of related attacks
relatedDatabases	integer	Number of related databases
relatedHosts	integer	Number of related hosts
relatedKubernetesClusters	integer	Number of related Kubernetes clusters
relatedKubernetesWorkloads	integer	Number of related Kubernetes workloads
relatedServices	integer	Number of related services
vulnerableComponents	integer	Number of vulnerable components

The `GlobalCountsDto` object

Globally calculated statistics about the security problem. No management zone information is taken into account.

Element	Type	Description
affectedNodes	integer	Number of affected nodes
affectedProcessGroupInstances	integer	Number of affected process group instances
affectedProcessGroups	integer	Number of affected process groups
exposedProcessGroups	integer	Number of exposed process groups
reachableDataAssets	integer	Number of reachable data assets exposed
relatedApplications	integer	Number of related applications
relatedAttacks	integer	Number of attacks on the exposed security problem
relatedHosts	integer	Number of related hosts
relatedKubernetesClusters	integer	Number of related kubernetes cluster
relatedKubernetesWorkloads	integer	Number of related kubernetes workloads
relatedServices	integer	Number of related services
vulnerableComponents	integer	Number of vulnerable components

The `ManagementZone` object

A short representation of a management zone.

Element	Type	Description
id	string	The ID of the management zone.
name	string	The name of the management zone.

The `RelatedAttacksList` object

A list of related attacks of the security problem.

Related attacks are attacks on the exposed security problem.

Element	Type	Description
attacks	string[]	A list of related attack ids.

The `RelatedContainerList` object

A list of related container images.

Element	Type	Description
containerImages	RelatedContainerImage[]	A list of related container images.

The `RelatedContainerImage` object

Related container image of a security problem.

Element	Type	Description
affectedEntities	string[]	A list of affected entities.
imageId	string	The image ID of the related container image.
imageName	string	The image name of the related container image.
numberOfAffectedEntities	integer	The number of affected entities.

The `RelatedEntitiesList` object

A list of related entities of the security problem.

A related entity is a monitored entity that is directly or indirectly related to an affected entity (for example, it could be a host where an affected process runs).

Each related entity contains a list of corresponding affected entities (for example, an affected process running on this host).

Element	Type	Description
applications	RelatedEntity[]	A list of related applications.
databases	string[]	A list of related databases.
hosts	RelatedEntity[]	A list of related hosts.
kubernetesClusters	RelatedEntity[]	A list of related Kubernetes clusters.
kubernetesWorkloads	RelatedEntity[]	A list of related Kubernetes workloads.
services	RelatedService[]	A list of related services.

The `RelatedEntity` object

An entity related to a security problem.

Element	Type	Description
affectedEntities	string[]	A list of affected entities related to the entity.
id	string	The Dynatrace entity ID of the entity.
numberOfAffectedEntities	integer	The number of affected entities related to the entity.

The `RelatedService` object

A service related to a security problem.

Element	Type	Description
affectedEntities	string[]	A list of affected entities related to the entity.
exposure	string	The level of exposure of the service. `NOT_AVAILABLE` `NOT_DETECTED` `PUBLIC_NETWORK`
id	string	The Dynatrace entity ID of the entity.
numberOfAffectedEntities	integer	The number of affected entities related to the entity.

The `RiskAssessmentDetails` object

Risk assessment of a security problem.

Element	Type	Description
assessmentAccuracy	string	The accuracy of the assessment. `FULL` `NOT_AVAILABLE` `REDUCED`
assessmentAccuracyDetails	AssessmentAccuracyDetails	The assessment accuracy details.
baseRiskLevel	string	The risk level from the CVSS score. `CRITICAL` `HIGH` `LOW` `MEDIUM` `NONE`
baseRiskScore	number	The risk score (1-10) from the CVSS score.
baseRiskVector	string	The original attack vector of the CVSS assessment.
dataAssets	string	The reachability of related data assets by affected entities. `NOT_AVAILABLE` `NOT_DETECTED` `REACHABLE`
exposure	string	The level of exposure of affected entities. `NOT_AVAILABLE` `NOT_DETECTED` `PUBLIC_NETWORK`
publicExploit	string	The availability status of public exploits. `AVAILABLE` `NOT_AVAILABLE`
riskLevel	string	The Davis risk level. It is calculated by Dynatrace on the basis of CVSS score. `CRITICAL` `HIGH` `LOW` `MEDIUM` `NONE`
riskScore	number	The Davis risk score (1-10). It is calculated by Dynatrace on the basis of CVSS score.
riskVector	string	The attack vector calculated by Dynatrace based on the CVSS attack vector.
vulnerableFunctionRestartRequired	boolean	Whether a restart is required for new vulnerable function data.
vulnerableFunctionUsage	string	The state of vulnerable code execution. `IN_USE` `NOT_AVAILABLE` `NOT_IN_USE`

The `AssessmentAccuracyDetails` object

The assessment accuracy details.

Element	Type	Description
reducedReasons	string[]	The reason for a reduced accuracy of the assessment. `LIMITED_AGENT_SUPPORT` `LIMITED_BY_CONFIGURATION`

The `VulnerableComponent` object

Vulnerable component of a security problem.

Element	Type	Description
affectedEntities	string[]	A list of affected entities.
displayName	string	The display name of the vulnerable component.
fileName	string	The file name of the vulnerable component.
id	string	The Dynatrace entity ID of the vulnerable component.
numberOfAffectedEntities	integer	The number of affected entities.
shortName	string	The short, component-only name of the vulnerable component.

Response body JSON model

{
  "affectedEntities": [
    "string"
  ],
  "codeLevelVulnerabilityDetails": {
    "processGroupIds": [
      "string"
    ],
    "processGroups": [
      "string"
    ],
    "shortVulnerabilityLocation": "string",
    "type": "CMD_INJECTION",
    "vulnerabilityLocation": "string",
    "vulnerableFunction": "string",
    "vulnerableFunctionInput": {
      "inputSegments": [
        {
          "type": "MALICIOUS_INPUT",
          "value": "string"
        }
      ],
      "type": "COMMAND"
    }
  },
  "cveIds": [
    "string"
  ],
  "description": "string",
  "displayId": "string",
  "entryPoints": {
    "items": [
      {
        "sourceHttpPath": "string",
        "usageSegments": [
          {
            "segmentType": "MALICIOUS_INPUT",
            "segmentValue": "string",
            "sourceArgumentName": "string",
            "sourceType": "HTTP_BODY"
          }
        ]
      }
    ],
    "truncated": true
  },
  "events": [
    {
      "muteState": {
        "comment": "string",
        "reason": "AFFECTED",
        "user": "string"
      },
      "reason": "ASSESSMENT_CHANGED",
      "riskAssessmentSnapshot": {
        "baseRiskScore": 1,
        "changes": {
          "deltaBaseRiskScore": 1,
          "deltaNumberOfAffectedNodes": 1,
          "deltaNumberOfAffectedProcessGroups": 1,
          "deltaNumberOfReachableDataAssets": 1,
          "deltaNumberOfRelatedAttacks": 1,
          "deltaRiskScore": 1,
          "previousExposure": "NOT_AVAILABLE",
          "previousPublicExploit": "AVAILABLE",
          "previousVulnerableFunctionUsage": "IN_USE"
        },
        "exposure": "NOT_AVAILABLE",
        "numberOfAffectedEntities": 1,
        "numberOfAffectedNodes": 1,
        "numberOfAffectedProcessGroups": 1,
        "numberOfReachableDataAssets": 1,
        "numberOfRelatedAttacks": 1,
        "publicExploit": "AVAILABLE",
        "riskLevel": "CRITICAL",
        "riskScore": 1,
        "vulnerableFunctionUsage": "IN_USE"
      },
      "timestamp": 1
    }
  ],
  "exposedEntities": [
    "string"
  ],
  "externalVulnerabilityId": "string",
  "filteredCounts": {
    "affectedNodes": 1,
    "affectedProcessGroupInstances": 1,
    "affectedProcessGroups": 1,
    "exposedProcessGroups": 1,
    "reachableDataAssets": 1,
    "relatedApplications": 1,
    "relatedAttacks": 1,
    "relatedDatabases": 1,
    "relatedHosts": 1,
    "relatedKubernetesClusters": 1,
    "relatedKubernetesWorkloads": 1,
    "relatedServices": 1,
    "vulnerableComponents": 1
  },
  "firstSeenTimestamp": 1,
  "globalCounts": {
    "affectedNodes": 1,
    "affectedProcessGroupInstances": 1,
    "affectedProcessGroups": 1,
    "exposedProcessGroups": 1,
    "reachableDataAssets": 1,
    "relatedApplications": 1,
    "relatedAttacks": 1,
    "relatedHosts": 1,
    "relatedKubernetesClusters": 1,
    "relatedKubernetesWorkloads": 1,
    "relatedServices": 1,
    "vulnerableComponents": 1
  },
  "lastOpenedTimestamp": 1,
  "lastResolvedTimestamp": 1,
  "lastUpdatedTimestamp": 1,
  "managementZones": [
    {
      "id": "string",
      "name": "string"
    }
  ],
  "muteStateChangeInProgress": true,
  "muted": true,
  "packageName": "string",
  "reachableDataAssets": [
    "string"
  ],
  "relatedAttacks": {
    "attacks": [
      "string"
    ]
  },
  "relatedContainerImages": {
    "containerImages": [
      {
        "affectedEntities": [
          "string"
        ],
        "imageId": "string",
        "imageName": "string",
        "numberOfAffectedEntities": 1
      }
    ]
  },
  "relatedEntities": {
    "applications": [
      {
        "affectedEntities": [
          "string"
        ],
        "id": "string",
        "numberOfAffectedEntities": 1
      }
    ],
    "databases": [
      "string"
    ],
    "hosts": [
      {}
    ],
    "kubernetesClusters": [
      {}
    ],
    "kubernetesWorkloads": [
      {}
    ],
    "services": [
      {
        "affectedEntities": [
          "string"
        ],
        "exposure": "NOT_AVAILABLE",
        "id": "string",
        "numberOfAffectedEntities": 1
      }
    ]
  },
  "remediationDescription": "string",
  "riskAssessment": {
    "assessmentAccuracy": "FULL",
    "assessmentAccuracyDetails": {
      "reducedReasons": [
        "LIMITED_AGENT_SUPPORT"
      ]
    },
    "baseRiskLevel": "CRITICAL",
    "baseRiskScore": 1,
    "baseRiskVector": "string",
    "dataAssets": "NOT_AVAILABLE",
    "exposure": "NOT_AVAILABLE",
    "publicExploit": "AVAILABLE",
    "riskLevel": "CRITICAL",
    "riskScore": 1,
    "riskVector": "string",
    "vulnerableFunctionRestartRequired": true,
    "vulnerableFunctionUsage": "IN_USE"
  },
  "securityProblemId": "string",
  "status": "OPEN",
  "technology": "DOTNET",
  "title": "string",
  "url": "string",
  "vulnerabilityType": "CODE_LEVEL",
  "vulnerableComponents": [
    {
      "affectedEntities": [
        "string"
      ],
      "displayName": "string",
      "fileName": "string",
      "id": "string",
      "numberOfAffectedEntities": 1,
      "shortName": "string"
    }
  ]
}

Example

Query the details and risk assessment of a specific vulnerability.

Required filter: fields=%2BriskAssessment.

Curl

curl -X 'GET' 'https://mySampleEnv.live.dynatrace.com/api/v2/securityProblems/7412525767433554374?fields=%2BriskAssessment' \
-H 'accept: application/json; charset=utf-8' \
-H 'Authorization: Api-Token [your_token]'

Request URL

https://mySampleEnv.live.dynatracelabs.com/api/v2/securityProblems/7412525767433554374?fields=%2BriskAssessment

Response body

{
  "securityProblemId": "7412525767433554374",
  "displayId": "S-4073",
  "status": "OPEN",
  "muted": false,
  "externalVulnerabilityId": "SNYK-JS-MINIMATCH-3050818",
  "vulnerabilityType": "THIRD_PARTY",
  "title": "Regular Expression Denial of Service (ReDoS)",
  "packageName": "minimatch",
  "url": "https://demo.dev.dynatracelabs.com/ui/security/problem/7412525767433554374",
  "technology": "NODE_JS",
  "firstSeenTimestamp": 1666080124915,
  "lastUpdatedTimestamp": 1727156677302,
  "lastOpenedTimestamp": 1726497786003,
  "riskAssessment": {
    "riskLevel": "MEDIUM",
    "riskScore": 5.3,
    "riskVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/MC:N/MI:N",
    "baseRiskLevel": "MEDIUM",
    "baseRiskScore": 5.3,
    "baseRiskVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "exposure": "PUBLIC_NETWORK",
    "dataAssets": "REACHABLE",
    "publicExploit": "NOT_AVAILABLE",
    "vulnerableFunctionUsage": "NOT_AVAILABLE",
    "assessmentAccuracy": "FULL",
    "assessmentAccuracyDetails": {
      "reducedReasons": []
    },
    "vulnerableFunctionRestartRequired": false
  },
  "cveIds": [
    "CVE-2022-3517"
  ],
  "muteStateChangeInProgress": false
}

Vulnerabilities API - GET vulnerability details

Authentication

Parameters

Response

Response codes

Response body objects

The SecurityProblemDetails object

The CodeLevelVulnerabilityDetails object

The VulnerableFunctionInput object

The VulnerableFunctionInputSegment object

The EntryPoints object

The EntryPoint object

The EntryPointUsageSegment object

The SecurityProblemEvent object

The MuteState object

The RiskAssessmentSnapshot object

The RiskAssessmentChanges object

The FilteredCountsDto object

The GlobalCountsDto object

The ManagementZone object

The RelatedAttacksList object

The RelatedContainerList object

The RelatedContainerImage object

The RelatedEntitiesList object

The RelatedEntity object

The RelatedService object

The RiskAssessmentDetails object

The AssessmentAccuracyDetails object

The VulnerableComponent object