Versions Compared

Old Version 4

changes.mady.by.user Daniel Colon

Saved on

compared with

New Version 5

changes.mady.by.user Daniel Colon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

/rest/{version}/vulnerabilities/{vulnId}/severity/{severityName}

Descriptor

Value

HTTP Method

POST

Description

Changes the severity of the specified vulnerability to the specified severity. Remember to use the custom severity name if it has been defined.

Required Permission

Modify Vulnerabilities

Version Introduced

2.5.1.1

Changes in 2.8.2

Added remoteProviderEntityID and remoteProviderEntityName fields in response. These fields are present when using any previous REST version as well.

Request Header Parameters

Parameter

Value

Required

Description

Accept

String

Yes

A value of ‘application/json’ must be provided.

Sample Calls: 

Code Block
curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST https://localhost:8443/threadfix/rest/latest/vulnerabilities/509/severity/critical

Sample Output:

Values for openTime are returned as Epoch time in milliseconds.

Code Block
{
  "message": "",
  "success": true,
  "responseCode": -1,
  "object": {
    "id": 509,
    "defect": null,
    "genericVulnerability": {
      "id": 78,
      "name": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
      "displayId": 78
    },
    "genericSeverity": {
      "id": 4,
      "name": "Critical",
      "intValue": 5,
      "displayName": "Urgent"
    },
    "calculatedFilePath": "",
    "active": true,
    "isFalsePositive": false,
    "hidden": false,
    "openTime": 1309962639000,
    "closeTime": null,
    "findings": [
      {
        "id": 770,
        "longDescription": null,
        "attackString": null,
        "attackRequest": "",
        "attackResponse": "",
        "nativeId": "7defd04bac3089120e2187d1c28fccb3",
        "displayId": null,
        "surfaceLocation": {
          "id": 770,
          "parameter": "fileName",
          "path": "/demo/OSCommandInjection2.php"
        },
        "sourceFileLocation": null,
        "dataFlowElements": [],
        "calculatedUrlPath": "/OSCommandInjection2.php",
        "calculatedFilePath": "",
        "dependency": null,
        "findingDescription": null,
        "findingRecommendation": null,
        "vulnerabilityType": "OS commanding vulnerability",
        "severity": "High",
        "scannerName": "w3af",
        "remoteProviderEntityId": null,
        "remoteProviderEntityName": null
      }
    ],
    "documents": [],
    "grcControl": null,
	"tags": [],
    "path": "/OSCommandInjection2.php",
    "parameter": "fileName",
    "dynamicFindings": [],
    "vulnerabilityComments": [],
    "app": {
      "id": 1,
      "name": "Test",
      "url": null,
      "applicationCriticality": {
        "id": 2,
        "name": "Medium"
      },
      "grcApplication": null
    },
    "team": {
      "id": 1,
      "name": "Test"
    },
    "channelNames": [
      "w3af"
    ],
    "vulnId": "509",
    "dependency": null,
    "staticFindings": []
  }
}

Page Tree
rootVulnerabilities 3.0 API