As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Mark Vulnerability as Exploitable - API

Owned by Robert Shofner (Unlicensed)
Last updated: Sept 25, 2020 by Hector Ruiz (Unlicensed)
1 min read

This API endpoint was removed in version 2.8.2, as vulnerabilities can no longer be marked as exploitable within ThreadFix (this status is now determined from the ingested scan's findings).

/rest/{version}/vulnerabilities/{vulnId}/setExploitable

Descriptor

Value

HTTP Method

POST

Description

Update the specified vulnerability's Exploitable status

Required Permission

Update Vulnerability Exploitable Status

Version Introduced2.7.2
Changes in 2.7.9Added a parameter 'exploitable' to control if you set the Exploitable status to True or False.
Changes in 2.8Added vulnerabilityIds parameter to allow for changing of multiple vulnerabilities at once.
Changes in 2.8.2Removed endpoint, as vulnerabilities can no longer be marked as exploitable within ThreadFix (this status is now determined from the ingested scan's findings).


Request Header Parameters

Parameter

Value

Required

Description

Accept

String

Yes

A value of ‘application/json’ must be provided.

Request POST Data Parameters

Parameter

Value

Required

Description

exploitable

Boolean

No

Provide 'true' to mark the vulnerability as Exploitable.  Provide 'false' to mark the vulnerability as Not Exploitable.

Defaults to 'true' if not provided.

vulnerabilityIdsIntegerYes*When used in ThreadFix 2.8 and above.
Provide a vulnerability ID to change the status for that vulnerability. Adding multiple vulnerabilityIds parameters allows
for changing of multiple vulnerabilities at once. 

Sample Calls: 

Version 2.7.2 to 2.7.9

curl --insecure -H 'Accept: application/json' -H "Authorization: APIKEY {apiKey}" -X POST --data 'exploitable=true' http://localhost:8080/threadfix/rest/latest/vulnerabilities/{vulnerabilityId}/setExploitable

Version 2.8 and higher

curl --insecure -H 'content-type: application/x-www-form-urlencoded' -H 'accept: application/json' -H 'Authorization: APIKEY {apiKey}' -X POST --data 'exploitable=true&vulnerabilityIds=16&vulnerabilityIds=17' http://localhost:8080/threadfix/rest/latest/vulnerabilities/setExploitable

Sample Output:


{
    "message": "The vulnerability has been successfully set as Exploitable.",
    "success": true,
    "responseCode": -1,
    "object": 241
}

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.