As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.
Mark Vulnerability as Exploitable - API
This API endpoint was removed in version 2.8.2, as vulnerabilities can no longer be marked as exploitable within ThreadFix (this status is now determined from the ingested scan's findings).
/rest/{version}/vulnerabilities/{vulnId}/setExploitable
Descriptor | Value |
---|---|
HTTP Method | POST |
Description | Update the specified vulnerability's Exploitable status |
Required Permission | Update Vulnerability Exploitable Status |
Version Introduced | 2.7.2 |
Changes in 2.7.9 | Added a parameter 'exploitable' to control if you set the Exploitable status to True or False. |
Changes in 2.8 | Added vulnerabilityIds parameter to allow for changing of multiple vulnerabilities at once. |
Changes in 2.8.2 | Removed endpoint, as vulnerabilities can no longer be marked as exploitable within ThreadFix (this status is now determined from the ingested scan's findings). |
Request Header Parameters
Parameter | Value | Required | Description |
---|---|---|---|
Accept | String | Yes | A value of ‘application/json’ must be provided. |
Request POST Data Parameters
Parameter | Value | Required | Description |
---|---|---|---|
exploitable | Boolean | No | Provide 'true' to mark the vulnerability as Exploitable. Provide 'false' to mark the vulnerability as Not Exploitable. Defaults to 'true' if not provided. |
vulnerabilityIds | Integer | Yes* | When used in ThreadFix 2.8 and above. Provide a vulnerability ID to change the status for that vulnerability. Adding multiple vulnerabilityIds parameters allows for changing of multiple vulnerabilities at once. |
Sample Calls:
Version 2.7.2 to 2.7.9
curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'exploitable=true' http://localhost:8080/threadfix/rest/latest/vulnerabilities/{vulnerabilityId}/setExploitable
Version 2.8 and higher
curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {apiKey}' -X POST --data 'exploitable=true&vulnerabilityIds=16&vulnerabilityIds=17' http://localhost:8080/threadfix/rest/latest/vulnerabilities/setExploitable
Sample Output:
{ "message": "The vulnerability has been successfully set as Exploitable.", "success": true, "responseCode": -1, "object": 241 }
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.