As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.
Update Vulnerability Severity 3.0 - API
- Daniel Colon
/rest/{version}/vulnerabilities/{vulnId}/severity/{severityName}
Descriptor | Value |
|---|---|
HTTP Method | POST |
Description | Changes the severity of the specified vulnerability to the specified severity. Remember to use the custom severity name if it has been defined. |
Required Permission | Modify Vulnerabilities |
Version Introduced | 2.5.1.1 |
Changes in 2.8.2 | Added remoteProviderEntityID and remoteProviderEntityName fields in response. These fields are present when using any previous REST version as well. |
Request Header Parameters
Parameter | Value | Required | Description |
|---|---|---|---|
Accept | String | Yes | A value of ‘application/json’ must be provided. |
Sample Calls:Â
curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST https://localhost:8443/threadfix/rest/latest/vulnerabilities/509/severity/criticalSample Output:
Values for openTime are returned as Epoch time in milliseconds.
{
"message": "",
"success": true,
"responseCode": -1,
"object": {
"id": 509,
"defect": null,
"genericVulnerability": {
"id": 78,
"name": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"displayId": 78
},
"genericSeverity": {
"id": 4,
"name": "Critical",
"intValue": 5,
"displayName": "Urgent"
},
"calculatedFilePath": "",
"active": true,
"isFalsePositive": false,
"hidden": false,
"openTime": 1309962639000,
"closeTime": null,
"findings": [
{
"id": 770,
"longDescription": null,
"attackString": null,
"attackRequest": "",
"attackResponse": "",
"nativeId": "7defd04bac3089120e2187d1c28fccb3",
"displayId": null,
"surfaceLocation": {
"id": 770,
"parameter": "fileName",
"path": "/demo/OSCommandInjection2.php"
},
"sourceFileLocation": null,
"dataFlowElements": [],
"calculatedUrlPath": "/OSCommandInjection2.php",
"calculatedFilePath": "",
"dependency": null,
"findingDescription": null,
"findingRecommendation": null,
"vulnerabilityType": "OS commanding vulnerability",
"severity": "High",
"scannerName": "w3af",
"remoteProviderEntityId": null,
"remoteProviderEntityName": null
}
],
"documents": [],
"grcControl": null,
"tags": [],
"path": "/OSCommandInjection2.php",
"parameter": "fileName",
"dynamicFindings": [],
"vulnerabilityComments": [],
"app": {
"id": 1,
"name": "Test",
"url": null,
"applicationCriticality": {
"id": 2,
"name": "Medium"
},
"grcApplication": null
},
"team": {
"id": 1,
"name": "Test"
},
"channelNames": [
"w3af"
],
"vulnId": "509",
"dependency": null,
"staticFindings": []
}
}
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.