As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Update Vulnerability Severity - API

Owned by David Harrison (Unlicensed)
Last updated: Dec 23, 2020 by Daniel Colon
3 min read

/rest/{version}/vulnerabilities/{vulnId}/severity/{severityName}

Descriptor

Value

Descriptor

Value

HTTP Method

POST

Description

Changes the severity of the specified vulnerability to the specified severity.

Remember to use the custom severity name if you have it defined.

Required Permission

Modify Vulnerabilities

Version Introduced

2.5.1.1

Changes in 2.8.2

Added remoteProviderEntityID and remoteProviderEntityName fields in response. These fields are present when using any previous REST version as well.

Request Header Parameters

Parameter

Value

Required

Description

Parameter

Value

Required

Description

Accept

String

Yes

A value of ‘application/json’ must be provided.

Sample Calls: 

curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST https://localhost:8443/threadfix/rest/latest/vulnerabilities/509/severity/critical

Sample Output:

Values for openTime are returned as Epoch time in milliseconds.

{ "message": "", "success": true, "responseCode": -1, "object": { "id": 509, "defect": null, "genericVulnerability": { "id": 78, "name": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "displayId": 78 }, "genericSeverity": { "id": 4, "name": "Critical", "intValue": 5, "displayName": "Urgent" }, "calculatedFilePath": "", "active": true, "isFalsePositive": false, "hidden": false, "openTime": 1309962639000, "closeTime": null, "findings": [ { "id": 770, "longDescription": null, "attackString": null, "attackRequest": "", "attackResponse": "", "nativeId": "7defd04bac3089120e2187d1c28fccb3", "displayId": null, "surfaceLocation": { "id": 770, "parameter": "fileName", "path": "/demo/OSCommandInjection2.php" }, "sourceFileLocation": null, "dataFlowElements": [], "calculatedUrlPath": "/OSCommandInjection2.php", "calculatedFilePath": "", "dependency": null, "findingDescription": null, "findingRecommendation": null, "vulnerabilityType": "OS commanding vulnerability", "severity": "High", "scannerName": "w3af", "remoteProviderEntityId": null, "remoteProviderEntityName": null } ], "documents": [], "grcControl": null, "tags": [], "path": "/OSCommandInjection2.php", "parameter": "fileName", "dynamicFindings": [], "vulnerabilityComments": [], "app": { "id": 1, "name": "Test", "url": null, "applicationCriticality": { "id": 2, "name": "Medium" }, "grcApplication": null }, "team": { "id": 1, "name": "Test" }, "channelNames": [ "w3af" ], "vulnId": "509", "dependency": null, "staticFindings": [] } }

 

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.