cve association

9.2.13 Available from 9.2.13. Use the cve association to retrieve information about Common Vulnerabilities and Exposures (CVEs) that were matched with a particular component through its detailed version as part of other REST API requests.

Association

cve

Applicable REST APIs

You can use the cve association with the following REST API:

Syntax

<URL>?columns[]=cve.<column>&token=<token>

Schema description

To retrieve the list of all columns that are returned by this association together with their descriptions, use the following request. 
GET api/sam/schemas/associations/cve.json?token=<token>

Available columns

Table 1. Columns with information about CVEs
Property Description Type
name A unique identifier of the vulnerability as assigned in the National Vulnerability Database. String
base_severity Severity of the CVE. Possible values:
  • 0 - None
  • 1 - Low
  • 2 - Medium
  • 3 - High
  • 4 - Critical
 Integer
base_score Base score of the CVE that represents innate characteristics of the vulnerability. It maps to the severity of the CVE. For example, base score in range between 0.1 and 3.9 is an equivalent of low severity in CVSS v3.0. For more information, see: Vulnerability Metrics. Float
vector_string Vector string of the CVE in the CVSS system. It is a textual representation of metric values that are used to score the vulnerability. String
exploitability_score Exploitability sub-score of the CVE that represent the ease and technical means by which the vulnerability can be exploited. Float
impact_score Impact sub-score of the CVE that indicates how important will be the consequences if the vulnerability is exploited. Float
source_version Version of CVSS that is used as the source of information about the severity and metrics of the CVE. Possible values:
  • 2 - CVSS v2.0
  • 3 - CVSS v3.0
 Integer
publish_date The date and time when the CVE was published in the National Vulnerability Database. String
modified_date The date and time when the CVE was last modified in the National Vulnerability Database. String
description Description of the CVE details. String

Sorting and filtering

Note: It is not recommended to filter information by more than two CVE properties at a time because of the high consumption of database resources.
  • When you filter REST API responses by any CVE property, the filter shows all components that meet the specified criteria by searching through the full list of CVEs of each reported component.
  • CVEs that are returned for a single component are sorted by the base_score value.
  • REST API responses cannot be sorted by columns from the cve association because the association returns multiple CVEs for each component.