As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Update Vulnerability Severity - API
/rest/{version}/vulnerabilities/{vulnId}/severity/{severityName}
Descriptor | Value |
---|---|
HTTP Method | POST |
Description | Changes the severity of the specified vulnerability to the specified severity. Remember to use the custom severity name if you have it defined. |
Required Permission | Modify Vulnerabilities |
Version Introduced | 2.5.1.1 |
Changes in 2.8.2 | Added remoteProviderEntityID and remoteProviderEntityName fields in response. These fields are present when using any previous REST version as well. |
Request Header Parameters
Parameter | Value | Required | Description |
---|---|---|---|
Accept | String | Yes | A value of ‘application/json’ must be provided. |
Sample Calls:
curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST https://localhost:8443/threadfix/rest/latest/vulnerabilities/509/severity/critical
Sample Output:
Values for openTime are returned as Epoch time in milliseconds.
{
"message": "",
"success": true,
"responseCode": -1,
"object": {
"id": 509,
"defect": null,
"genericVulnerability": {
"id": 78,
"name": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"displayId": 78
},
"genericSeverity": {
"id": 4,
"name": "Critical",
"intValue": 5,
"displayName": "Urgent"
},
"calculatedFilePath": "",
"active": true,
"isFalsePositive": false,
"hidden": false,
"openTime": 1309962639000,
"closeTime": null,
"findings": [
{
"id": 770,
"longDescription": null,
"attackString": null,
"attackRequest": "",
"attackResponse": "",
"nativeId": "7defd04bac3089120e2187d1c28fccb3",
"displayId": null,
"surfaceLocation": {
"id": 770,
"parameter": "fileName",
"path": "/demo/OSCommandInjection2.php"
},
"sourceFileLocation": null,
"dataFlowElements": [],
"calculatedUrlPath": "/OSCommandInjection2.php",
"calculatedFilePath": "",
"dependency": null,
"findingDescription": null,
"findingRecommendation": null,
"vulnerabilityType": "OS commanding vulnerability",
"severity": "High",
"scannerName": "w3af",
"remoteProviderEntityId": null,
"remoteProviderEntityName": null
}
],
"documents": [],
"grcControl": null,
"tags": [],
"path": "/OSCommandInjection2.php",
"parameter": "fileName",
"dynamicFindings": [],
"vulnerabilityComments": [],
"app": {
"id": 1,
"name": "Test",
"url": null,
"applicationCriticality": {
"id": 2,
"name": "Medium"
},
"grcApplication": null
},
"team": {
"id": 1,
"name": "Test"
},
"channelNames": [
"w3af"
],
"vulnId": "509",
"dependency": null,
"staticFindings": []
}
}
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.