Domain name for API request: cwp.intl.tencentcloudapi.com.
This API is used to obtain vulnerability details with the CVSS version.
A maximum of 20 requests can be initiated per second for this API.
The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.
| Parameter Name | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Common Params. The value used for this API: DescribeVulInfoCvss. |
| Version | Yes | String | Common Params. The value used for this API: 2018-02-28. |
| Region | No | String | Common Params. This parameter is not required. |
| VulId | Yes | Integer | Vulnerability ID |
| Source | No | String | Compatible with application protection vulnerability defense container perspective alerts for vulnerability details. Host perspective is selected by default. Optional fields. Source=tcss indicates container perspective vulnerability details. The backend converts VulId to VulId in host vul_vuls. |
| Parameter Name | Type | Description |
|---|---|---|
| VulId | Integer | Vulnerability ID |
| VulName | String | Vulnerability name |
| VulLevel | Integer | Hazard level: 1-Low-risk; 2-Medium-risk; 3-High-risk; 4-Critical |
| VulType | Integer | Vulnerability Classification: 1: Web-CMS Vulnerability 2: Application Vulnerabilities 4: Linux Software Vulnerabilities 5: Windows System Vulnerabilities |
| Description | String | Vulnerability Description Information |
| RepairPlan | String | Fixing solution |
| CveId | String | Vulnerability CVEID |
| Reference | String | Reference link |
| CVSS | String | CVSS Information |
| PublicDate | String | Release time |
| CvssScore | Integer | CVSS Score |
| CveInfo | String | CVSS Details |
| CvssScoreFloat | Float | CVSS score, floating point type |
| Labels | String | Vulnerability Tags, Separated by Multiple Commas |
| DefenseAttackCount | Integer | Number of Attacks Defended |
| SuccessFixCount | Integer | Total Number of Successful Network Repairs. Returns 0 by default for unsupported auto-repair vulnerabilities. |
| FixSwitch | Integer | Repair support: 0 - Neither Windows nor Linux supports for repair; 1 - Both Windows and Linux support for repair; 2 - Only Linux supports for repair; 3 - Only Windows supports for repair. |
| SupportDefence | Integer | Support defense: 0-no support 1-support |
| RequestId | String | The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem. |
This example shows you how to view details of a vulnerability with the CVSS score.
POST / HTTP/1.1
Host: cwp.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeVulInfoCvss
<Common request parameters>
{
"VulId": "100441"
}
{
"Response": {
"CveId": "1",
"CvssScore": 1,
"Description": "ad",
"Reference": "fs",
"VulName": "Vulnerability 1",
"CveInfo": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CvssScoreFloat": 9.9,
"VulType": 1,
"VulLevel": 2,
"RequestId": "354f4ac3-8546-4516-8c8a-69e3ab73aa8a",
"VulId": 100441,
"RepairPlan": "13412",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"Labels": "tag1,tag2",
"DefenseAttackCount": 1,
"SuccessFixCount": 1,
"FixSwitch": 0,
"PublicDate": "2020-12-30:00:00:00"
}
}
Vulnerability Defense Container Perspective Vulnerability Details
POST / HTTP/1.1
Host: cwp.intl.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeVulInfoCvss
<Common request parameters>
{
"VulId": 396620,
"Source": "tcss"
}
{
"Response": {
"CVSS": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CveId": "CVE-2023-25194",
"CveInfo": "",
"CvssScore": 9,
"CvssScoreFloat": 8.8,
"DefenseAttackCount": 0,
"Description": "Kafka is a distributed, publish/subscribe-based messaging system developed by the Apache Software Foundation, capable of processing all action stream data from consumers on websites. Kafka Connect is a tool for scalable and reliable data transmission between Apache Kafka and other data systems. In Kafka versions 2.3.0 to 3.3.2, an attacker with Kafka Connect worker access privileges who can create or modify Connect can set the sasl.jaas.config attribute of any Kafka client to com.sun.security.auth.module.JndiLoginModule (this operation can be completed via the producer.override.sasl.jaas.config, consumer.override.sasl.jaas.config, or admin.override.sasl.jaas.config attributes). Furthermore, the attacker can set the user.provider.url attribute of Connect to a controllable LDAP server address and use Connect to deserialize a controllable LDAP response, allowing remote execution of malicious code or causing denial of service."
"FixSwitch": 0,
"Labels": "Mandatory vulnerabilities,RemoteExploit"
"PublicDate": "2023-02-08 00:00:00",
"Reference": "https://kafka.apache.org/cve-list,https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz",
"RepairPlan": "Currently, the official Apache has released a version with this vulnerability repair. It is recommended that users upgrade to Apache Kafka 3.4 and above versions as soon as possible. Reference link: https://github.com/apache/kafka/releases/tag/3.4.0. Users who cannot be upgraded temporarily can mitigate this vulnerability by verifying Kafka Connect connector configuration and only allowing trusted JNDI configurations."
"RequestId": "02e1ac7f-5011-4677-8bab-45c5151908d2",
"SuccessFixCount": 0,
"SupportDefence": 1,
"VulId": 102518,
"VulLevel": 3,
"VulName": "Apache Kafka Connect remote code execution vulnerability (CVE-2023-25194)"
"VulType": 2
}
}
TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.
The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.
| Error Code | Description |
|---|---|
| InternalError | Internal error |
| InvalidParameter | Incorrect parameter. |
| InvalidParameter.IllegalRequest | Invalid request. |
| InvalidParameter.InvalidFormat | Incorrect parameter format. |
| InvalidParameter.MissingParameter | Missing parameter. |
| InvalidParameter.ParsingError | Incorrect parameter parsing. |
| InvalidParameterValue | Invalid parameter value. |
| MissingParameter | Missing parameter error. |
Was this page helpful?
You can also Contact sales or Submit a Ticket for help.
Help us improve! Rate your documentation experience in 5 mins.
Feedback