Domain name for API request: csip.intl.tencentcloudapi.com.
This API is used to query the advanced configuration of vulnerability scan.
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeVULRiskAdvanceCFGList. |
| Version | Yes | String | Common Params. The value used for this API: 2022-11-21. |
| Region | No | String | Common Params. This parameter is not required. |
| MemberId.N | No | Array of String | Group Account Member ID |
| TaskId | No | String | Task ID |
| Filter | No | Filter | Filter conditions. |
| Parameter Name | Type | Description |
|---|---|---|
| Data | Array of VULRiskAdvanceCFGList | Configuration item list |
| TotalCount | Integer | Total number of results |
| RiskLevelLists | Array of FilterDataObject | Risk Level Filter List |
| VULTypeLists | Array of FilterDataObject | Vulnerability Type Filter List |
| CheckFromLists | Array of FilterDataObject | Recognition Source Filter List |
| VulTagList | Array of FilterDataObject | Vulnerability tag list. |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
Query Vulnerability Risk Advanced Configuration
POST / HTTP/1.1
Host: csip.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeVULRiskAdvanceCFGList
<Common request parameters>
{
"MemberId": [
"mem-68b8087a65268000"
],
"Filter": {
"Limit": 1,
"Offset": 0
}
}
{
"Response": {
"CheckFromLists": [
{
"Text": "CSC",
"Value": "0"
},
{
"Text": "Host detection"
"Value": "1"
}
],
"Data": [
{
"AttackHeat": "0",
"CVE": "CVE-2024-45507",
"CVSS": "9.8",
"CheckFrom": "cpe",
"EMGCVulType": 1,
"Enable": 0,
"FixMethod": [
It is recommended to update the current system or software to the latest version.
],
"ImpactComponent": "(apache) ofbiz",
"ImpactVersion": "version<18.12.16",
"RecentScanTime": "2024-10-11 00:00:00",
"References": "https://ofbiz.apache.org/download.html,https://ofbiz.apache.org/security.html,https://issues.apache.org/jira/browse/OFBIZ-13132,https://lists.apache.org/thread/o90dd9lbk1hh3t2557t2y2qvrh92p7wy",
"ReleaseTime": "2024-09-04 17:15:00",
"RiskId": "4c57121fa47a0d493ca934f6fa1bda31",
"RiskLevel": "extreme",
"ServiceSupport": [
{
"IsSupport": true,
"ServiceName": "cfw",
"SupportHandledCount": 0,
"SupportTotalCount": 0
},
{
"IsSupport": true,
"ServiceName": "cwp_detect",
"SupportHandledCount": 0,
"SupportTotalCount": 0
},
{
"IsSupport": true,
"ServiceName": "vss",
"SupportHandledCount": 0,
"SupportTotalCount": 0
}
],
"VULDescribe": "Apache OFBiz is an enterprise resource plan (ERP) system provided by the American Apache Foundation. The system provides a whole set of Web application components and tools based on Java. Previous versions of Apache OFBiz before 18.12.16 have a vulnerability stemming from coding issues, which stems from being vulnerable to server-side request forgery and code injection attacks."
"VULName": "Apache OFBiz SSRF to Remote Code Execution Vulnerability (CVE-2024-45507)"
"VULTag": [
The security vulnerability can be exploited remotely.
Vulnerability with poc
The vulnerability can be used as application component vulnerability detection
],
"VULType": "Code injection"
}
],
"RequestId": "b6826e70-03cf-4a5c-8796-1f943a5a76ab",
"RiskLevelLists": [
{
"Text": "Prompt"
"Value": "info"
},
{
severe
"Value": "extreme"
},
{
High-risk
"Value": "high"
},
{
Medium risk
"Value": "middle"
},
{
"Text": "Low risk"
"Value": "low"
}
],
"TotalCount": 10,
"VULTypeLists": [
{
"Text": "Out-of-bounds read"
"Value": "Out-of-bounds read"
},
{
Race condition
"Value": "Race condition"
},
{
"Text": "Code injection",
"Value": "Code injection"
},
{
Directory traversal
"Value": "directory traversal"
}
],
"VulTagList": [
{
The vulnerability can be exploited remotely.
"Value": "The security vulnerability can be exploited remotely"
},
{
"Text": "This vulnerability has an exploit"
"Value": "The vulnerability has an exp"
},
{
"Text": "The vulnerability can only be exploited locally"
"Value": "The vulnerability can only be exploited locally"
},
{
The security vulnerability can be used as a system component vulnerability detect.
"Value": "The vulnerability can be used as a system component vulnerability to detect"
},
{
The vulnerability can be used as application component vulnerability detection
"Value": "The vulnerability can be used as a component vulnerability to detect"
},
{
"Text": "Emergency",
"Value": "Emergency"
},
{
compulsory
"Value": "Compulsory"
},
{
The vulnerability exists with exploitation in the wild or Wild Attacks.
"Value": "The vulnerability exists with exploitation in the wild or Wild Attacks"
},
{
The vulnerability has a poc
"Value": "The vulnerability has a poc"
}
]
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| AuthFailure | CAM signature/authentication error. |
| DryRunOperation | The request would have succeeded, but the DryRun parameter was used. |
| FailedOperation | Operation failed. |
| InternalError | An internal error occurs. |
| InvalidParameter | The parameter is incorrect. |
| InvalidParameterValue | Invalid parameter value. |
| LimitExceeded | The quota limit is reached. |
| MissingParameter | Missing parameters. |
| OperationDenied | Operation denied. |
| RequestLimitExceeded | Too many requests. |
| ResourceInUse | Occupied resource |
| ResourceInsufficient | Resources are insufficient. |
| ResourceNotFound | The resource doesn't exist. |
| ResourceUnavailable | The resource is unavailable |
| ResourcesSoldOut | The resources have been sold out. |
| UnauthorizedOperation | The operation is unauthorized. |
| UnknownParameter | The parameter is unknown. |
| UnsupportedOperation | The operation is not supported. |
文档反馈