Security-Database API Reference : vDNACvss
The vDNACvss API consists of individual requests and responses, as shown below.
Endpoint WSDL/XSD
API Production (Live) Endpoint |
---|
https://www.security-database.com/get_vdna_soapserver_cvss.php?wsdl |
SOAP Service Endpoints Limitations
Production Web Services API Services Endpoints Queries Limitations | ||
---|---|---|
Free and Business | Enterprise | |
getVDNACvss() | Unlimited queries / day | Unlimited queries / day |
vDNACvss API Overview
vDNACvss API Overview by Name
API | Purpose |
---|---|
get_cvssscore_withenumeration | Retreive a full CVSS v2 vector score with separate Entries |
get_cvssscore_withvector | Retreive a full CVSS v2 vector score with vector input |
vDNACvss API Overview by Name and Function
API Overview by Name and Function and Service Endpoint
SOAP Name | SOAP Request / Response |
---|---|
get_cvssscore_withenumeration | get_cvssscore_withenumerationIn get_cvssscore_withenumerationOut |
get_cvssscore_withvector | get_cvssscore_withvectorIn get_cvssscore_withvectorOut |
get_cvssscore_withenumeration
get_cvssscore_withenumerationIn is your request to retreive the CVSS v2 Scores with enumeration input
get_cvssscore_withenumerationIn
All informations about Allowable value of the CVSS requirement are available on the CVSS calculator page
vDNACvss API Overview by Field
Element | Description | Data Type | Allowable Values | Required |
---|---|---|---|---|
login | This is your Security-Database User Login | xsd:string | See Description | Yes |
apikey | This is your API Key that you can found in your Security-Database User Panel (menu vDNA API) | xsd:string | 32 single-byte characters | Yes |
modulekey | This is your Module id that you can found in your Security-Database User Panel (menu vDNA API -> modules) | xsd:string | 32 single-byte characters | Yes |
access_vector | This metric reflects how the vulnerability is exploited. The more remote an attacker can be to attack a host, the greater the vulnerability score. | tns:Access_vector | L | A | N | Yes |
access_complexity | This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system. | tns:Access_complexity | H | M | L | Yes |
authentication | This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. | tns:Authentification | N | S | M | Yes |
confidentiality | This metric measures the impact on confidentiality of a successfully exploited vulnerability. | tns:NPC | N | P | C | Yes |
integrity | This metric measures the impact to integrity of a successfully exploited vulnerability. | tns:NPC | N | P | C | Yes |
availability | This metric measures the impact to availability of a successfully exploited vulnerability. | tns:NPC | N | P | C | Yes |
remediation_level | The remediation level of a vulnerability is an important factor for prioritization. | tns:Remediation_level | OF | TF | W | U | ND | No |
report_confidence | This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details. | tns:Report_confidence | UC | UR | C | ND | No |
exploitability | This metric measures the current state of exploit techniques or code availability. | tns:Exploitability | U | POC | F | H | ND | No |
collateral_damage_potential | This metric measures the potential for loss of life or physical assets through damage or theft of property or equipment. | tns:Collateral_damage_potential | N | L | LM | MH | H | ND | No |
target_distribution | This metric measures the proportion of vulnerable systems. | tns:Target_distribution | N | L | M | H | ND | No |
confidentiality_requirement | These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a users organization. | tns:SR | L | M | H ND | No |
integrity_requirement | These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a users organization. | tns:SR | L | M | H ND | No |
availability_requirement | These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a users organization. | tns:SR | L | M | H ND | No |
Example of get_cvssscore_withenumerationIn
Example with only mandatory value
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:get="https://www.security-database.com/get_vdna_soapserver_cvss.php"> <soapenv:Header/> <soapenv:Body> <get:get_cvssscore_withenumeration soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <login xsi:type="xsd:string">testlogin</login> <apikey xsi:type="xsd:string">quJzDo7J5VDAouuNFuVvlDu6dAhlvfxS</apikey> <modulekey xsi:type="xsd:string">9J4rdVutHFmed7a3Kp5JzUZq02W6cQDj</modulekey> <access_vector xsi:type="xsd:string">N</access_vector> <access_complexity xsi:type="xsd:string">L</access_complexity> <authentification xsi:type="xsd:string">N</authentification> <confidentiality xsi:type="xsd:string">C</confidentiality> <integrity xsi:type="xsd:string">C</integrity> <availability xsi:type="xsd:string">C</availability> </get:get_cvssscore_withenumeration> </soapenv:Body> </soapenv:Envelope>
get_cvssscore_withenumerationOut
vDNACvss API Overview by Field
Element | Description | Data Type | Possible Values |
---|---|---|---|
return | return a complex XML (validation with schema) | tns:Cvss_scores | See description |
Example of get_cvssscore_withenumerationOut
Example of SOAP return. Schema available here : http://www.security-database.com/schemas/vdnacvss.xsd
<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="https://www.security-database.com/get_vdna_soapserver_cvss.php" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <ns1:get_cvssscore_withenumerationResponse> <return xsi:type="ns1:Cvss_scores"> <Vector xsi:type="xsd:string">(AV:N/AC:L/AU:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND)</Vector> <Overall xsi:nil="true"/> <Base xsi:type="xsd:float">10</Base> <Impact xsi:type="xsd:float">10</Impact> <Exploitability xsi:type="xsd:float">10</Exploitability> <Temporal xsi:nil="true"/> <Environmental xsi:nil="true"/> <AdjustedImpact xsi:nil="true"/> <AdjustedBase xsi:nil="true"/> <AdjustedTemporal xsi:nil="true"/> </return> </ns1:get_cvssscore_withenumerationResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
get_cvssscore_withvector
get_cvssscore_withvectorIn is your request to retreive the CVSS v2 Scores with enumeration input
get_cvssscore_withvectorIn
All informations about Allowable value of the CVSS requirement are available on the CVSS calculator page
vDNACvss API Overview by Field
Element | Description | Data Type | Allowable Values | Required |
---|---|---|---|---|
login | This is your Security-Database User Login | xsd:string | See Description | Yes |
apikey | This is your API Key that you can found in your Security-Database User Panel (menu vDNA API) | xsd:string | 32 single-byte characters | Yes |
modulekey | This is your Module id that you can found in your Security-Database User Panel (menu vDNA API -> modules) | xsd:string | 32 single-byte characters | Yes |
vector | A fully compliant CVSS v2 Vector. Your can find example here. It must be under () Short Example : (AV:N/AC:L/Au:N/C:C/I:C/A:C) Long Example : (AV:N/AC:L/Au:N/C:C/I:C/A:C /E:ND/RL:ND/RC:ND/CDP:ND/TD:ND /CR:ND/IR:ND/AR:ND) | xsd:string | See description | Yes |
Example of get_cvssscore_withvectorIn
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:get="https://www.security-database.com/get_vdna_soapserver_cvss.php"> <soapenv:Header/> <soapenv:Body> <get:get_cvssscore_withvector soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <login xsi:type="xsd:string">testlogin</login> <apikey xsi:type="xsd:string">65de86d2ababdh7D91c42f4f66885d2c</apikey> <modulekey xsi:type="xsd:string">65de86d1ksn10odj1u42f4f66885d211</modulekey> <vector xsi:type="xsd:string">(AV:N/AC:L/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND)</vector> </get:get_cvssscore_withvector> </soapenv:Body> </soapenv:Envelope>
get_cvssscore_withvectorOut
vDNACvss API Overview by Field
Element | Description | Data Type | Possible Values |
---|---|---|---|
return | return a complex XML (validation with schema) | tns:Cvss_scores | See description |
Example of get_cvssscore_withvectorOut
Example of SOAP return. Schema available here : http://www.security-database.com/schemas/vdnacvss.xsd
<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="https://www.security-database.com/get_vdna_soapserver_cvss.php" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <ns1:get_cvssscore_withenumerationResponse> <return xsi:type="ns1:Cvss_scores"> <Vector xsi:type="xsd:string">(AV:N/AC:L/AU:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND)</Vector> <Overall xsi:nil="true"/> <Base xsi:type="xsd:float">10</Base> <Impact xsi:type="xsd:float">10</Impact> <Exploitability xsi:type="xsd:float">10</Exploitability> <Temporal xsi:nil="true"/> <Environmental xsi:nil="true"/> <AdjustedImpact xsi:nil="true"/> <AdjustedBase xsi:nil="true"/> <AdjustedTemporal xsi:nil="true"/> </return> </ns1:get_cvssscore_withenumerationResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope>