Creates or edits a vulnerability in the vulnerability catalogue in the Knoweledge module.
URL
{RMUrl}/api/knowledge/vulnerabilities
REQUEST METHOD
POST
URL PARAMETERS
This feature does not have parameters.
FORM CONTENT
Source (Required): Source of the vulnerability to be created. The source represents the name of the vulnerability scanner. Limit of 100 characters.
VulnerabilityID (Required): Unique identifier of the vulnerability to be created. This field accepts alphanumeric and special characters. Limit of 100 characters.
Name (Required): Name of the vulnerability to be created. Limit of 100 characters.
Category (Required): Category that indicates the group or classification of the vulnerability.
Type (Required): Type of the vulnerability to be created. Valid values: Integers between 0 and 2, with 0 (Information Gathered), 1 (Potential Vulnerability), and 2 (Vulnerability).
Level (Required): Severity level of the vulnerability to be created. Valid values: Integers between 1 and 5, with 1 (Very low), 2 (Low), 3 (Medium), 4 (High) and 5 (Very High).
Description (Optional): Description of the vulnerability to be created.
Impact (Optional): Description of the impact that the vulnerability may have on the organization. This field accepts free text.
Solution (Optional): Possible solutions for the vulnerability to be created.
CvssScore (Optional): CVSS (Common Vulnerability Scoring System) metric that determines the urgency, priority and severity of the vulnerability to be created. Valid values: Positive real numbers from 0 to 10.
BugtraqIds (Optional): Unique identifier of the Bugtraq ID associated with the vulnerability to be created. Identifiers must be separated by a semicolon.
CveIds (Optional): CVE IDs associated with the vulnerability to be created. This field accepts multiple identifiers.
References (Optional): References that can provide further information on the vulnerability to be created. This field is an array of strings containing a text description and a URL.
VendorLastUpdate (Optional): Date when the information on the vulnerability was last updated at the source.
Note: If a vulnerability is already registered in the vulnerability catalogue and a request is submitted to create or edit it, its information will be edited with the latest information only if the VendorLastUpdate field shows a more recent date.
FORM CONTENT EXAMPLE
{
"Source": "NVD",
"VulnerabilityID": "CVE-2006-2230",
"Name": "SUSE Security Announcements cross referenced",
"Category": "Common Vulnerabilities and Exposures",
"Type": 2,
"Level": 3,
"Description": "Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.",
"Impact": "None",
"Solution": "Vulnerability management should be a standard component of the information security management and regulatory framework within every organization. To learn how to get the most out of your vulnerability management solution, watch my on-demand webinar.",
"CvssScore": 9.3,
"BugtraqIds": ["42500","72616","90512"],
"CveIds": ["CVE-2016-2755"],
"References": [{"Reference": "BID:17769", "Url": "http://www.securityfocus.com/bid/17769"}, {"Reference": "DEBIAN:DSA-1093", "Url": "http://www.debian.org/security/2006/dsa-1093"}],
"VendorLastUpdate":"2018-10-18"
}
SUCCESS RESPONSE
HTTP status code 201: Created and returns the identifier of the created vulnerability.