Security-Database API Reference : vDNACvss

The vDNACvss API consists of individual requests and responses, as shown below.

Endpoint WSDL/XSD

API Production (Live) Endpoint
https://www.security-database.com/get_vdna_soapserver_cvss.php?wsdl

SOAP Service Endpoints Limitations

Production Web Services API Services Endpoints Queries Limitations
  Free and Business Enterprise
getVDNACvss() Unlimited queries / day Unlimited queries / day

vDNACvss API Overview

vDNACvss API Overview by Name

API Purpose
get_cvssscore_withenumeration Retreive a full CVSS v2 vector score with separate Entries
get_cvssscore_withvector Retreive a full CVSS v2 vector score with vector input

vDNACvss API Overview by Name and Function

API Overview by Name and Function and Service Endpoint

SOAP Name SOAP Request / Response
get_cvssscore_withenumeration get_cvssscore_withenumerationIn
get_cvssscore_withenumerationOut
get_cvssscore_withvector get_cvssscore_withvectorIn
get_cvssscore_withvectorOut

get_cvssscore_withenumeration

get_cvssscore_withenumerationIn is your request to retreive the CVSS v2 Scores with enumeration input

get_cvssscore_withenumerationIn

All informations about Allowable value of the CVSS requirement are available on the CVSS calculator page

vDNACvss API Overview by Field

Element Description Data Type Allowable Values Required
login This is your Security-Database User Login xsd:string See Description Yes
apikey This is your API Key that you can found in your Security-Database User Panel (menu vDNA API) xsd:string 32 single-byte characters Yes
modulekey This is your Module id that you can found in your Security-Database User Panel (menu vDNA API -> modules) xsd:string 32 single-byte characters Yes
access_vector This metric reflects how the vulnerability is exploited. The more remote an attacker can be to attack a host, the greater the vulnerability score. tns:Access_vector L | A | N Yes
access_complexity This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system. tns:Access_complexity H | M | L Yes
authentication This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. tns:Authentification N | S | M Yes
confidentiality This metric measures the impact on confidentiality of a successfully exploited vulnerability. tns:NPC N | P | C Yes
integrity This metric measures the impact to integrity of a successfully exploited vulnerability. tns:NPC N | P | C Yes
availability This metric measures the impact to availability of a successfully exploited vulnerability. tns:NPC N | P | C Yes
remediation_level The remediation level of a vulnerability is an important factor for prioritization. tns:Remediation_level OF | TF | W | U | ND No
report_confidence This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details. tns:Report_confidence UC | UR | C | ND No
exploitability This metric measures the current state of exploit techniques or code availability. tns:Exploitability U | POC | F | H | ND No
collateral_damage_potential This metric measures the potential for loss of life or physical assets through damage or theft of property or equipment. tns:Collateral_damage_potential N | L | LM | MH | H | ND No
target_distribution This metric measures the proportion of vulnerable systems. tns:Target_distribution N | L | M | H | ND No
confidentiality_requirement These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a users organization. tns:SR L | M | H ND No
integrity_requirement These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a users organization. tns:SR L | M | H ND No
availability_requirement These metrics enable the analyst to customize the CVSS score depending on the importance of the affected IT asset to a users organization. tns:SR L | M | H ND No

Example of get_cvssscore_withenumerationIn

Example with only mandatory value

<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                  xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
                  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
                  xmlns:get="https://www.security-database.com/get_vdna_soapserver_cvss.php">
    <soapenv:Header/>
    <soapenv:Body>
        <get:get_cvssscore_withenumeration soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
            <login xsi:type="xsd:string">testlogin</login>
            <apikey xsi:type="xsd:string">quJzDo7J5VDAouuNFuVvlDu6dAhlvfxS</apikey>
            <modulekey xsi:type="xsd:string">9J4rdVutHFmed7a3Kp5JzUZq02W6cQDj</modulekey>
            <access_vector xsi:type="xsd:string">N</access_vector>
            <access_complexity xsi:type="xsd:string">L</access_complexity>
            <authentification xsi:type="xsd:string">N</authentification>
            <confidentiality xsi:type="xsd:string">C</confidentiality>
            <integrity xsi:type="xsd:string">C</integrity>
            <availability xsi:type="xsd:string">C</availability>
        </get:get_cvssscore_withenumeration>
    </soapenv:Body>
</soapenv:Envelope>

get_cvssscore_withenumerationOut

vDNACvss API Overview by Field

Element Description Data Type Possible Values
return return a complex XML (validation with schema) tns:Cvss_scores See description

Example of get_cvssscore_withenumerationOut

Example of SOAP return. Schema available here : http://www.security-database.com/schemas/vdnacvss.xsd

<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" 
                   xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
                   xmlns:ns1="https://www.security-database.com/get_vdna_soapserver_cvss.php" 
                   xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                   xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/">
    <SOAP-ENV:Body>
        <ns1:get_cvssscore_withenumerationResponse>
            <return xsi:type="ns1:Cvss_scores">
                <Vector xsi:type="xsd:string">(AV:N/AC:L/AU:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND)</Vector>
                <Overall xsi:nil="true"/>
                <Base xsi:type="xsd:float">10</Base>
                <Impact xsi:type="xsd:float">10</Impact>
                <Exploitability xsi:type="xsd:float">10</Exploitability>
                <Temporal xsi:nil="true"/>
                <Environmental xsi:nil="true"/>
                <AdjustedImpact xsi:nil="true"/>
                <AdjustedBase xsi:nil="true"/>
                <AdjustedTemporal xsi:nil="true"/>
            </return>
        </ns1:get_cvssscore_withenumerationResponse>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

get_cvssscore_withvector

get_cvssscore_withvectorIn is your request to retreive the CVSS v2 Scores with enumeration input

get_cvssscore_withvectorIn

All informations about Allowable value of the CVSS requirement are available on the CVSS calculator page

vDNACvss API Overview by Field

Element Description Data Type Allowable Values Required
login This is your Security-Database User Login xsd:string See Description Yes
apikey This is your API Key that you can found in your Security-Database User Panel (menu vDNA API) xsd:string 32 single-byte characters Yes
modulekey This is your Module id that you can found in your Security-Database User Panel (menu vDNA API -> modules) xsd:string 32 single-byte characters Yes
vector A fully compliant CVSS v2 Vector. Your can find example here. It must be under ()

Short Example :
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Long Example :
(AV:N/AC:L/Au:N/C:C/I:C/A:C /E:ND/RL:ND/RC:ND/CDP:ND/TD:ND /CR:ND/IR:ND/AR:ND)
xsd:string See description Yes

Example of get_cvssscore_withvectorIn

<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                  xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
                  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" 
                  xmlns:get="https://www.security-database.com/get_vdna_soapserver_cvss.php">
    <soapenv:Header/>
    <soapenv:Body>
        <get:get_cvssscore_withvector soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
            <login xsi:type="xsd:string">testlogin</login>
            <apikey xsi:type="xsd:string">65de86d2ababdh7D91c42f4f66885d2c</apikey>
            <modulekey xsi:type="xsd:string">65de86d1ksn10odj1u42f4f66885d211</modulekey>
            <vector xsi:type="xsd:string">(AV:N/AC:L/Au:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND)</vector>
        </get:get_cvssscore_withvector>
    </soapenv:Body>
</soapenv:Envelope>

get_cvssscore_withvectorOut

vDNACvss API Overview by Field

Element Description Data Type Possible Values
return return a complex XML (validation with schema) tns:Cvss_scores See description

Example of get_cvssscore_withvectorOut

Example of SOAP return. Schema available here : http://www.security-database.com/schemas/vdnacvss.xsd

<SOAP-ENV:Envelope SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" 
                   xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" 
                   xmlns:ns1="https://www.security-database.com/get_vdna_soapserver_cvss.php" 
                   xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                   xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/">
    <SOAP-ENV:Body>
        <ns1:get_cvssscore_withenumerationResponse>
            <return xsi:type="ns1:Cvss_scores">
                <Vector xsi:type="xsd:string">(AV:N/AC:L/AU:N/C:C/I:C/A:C/E:ND/RL:ND/RC:ND/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND)</Vector>
                <Overall xsi:nil="true"/>
                <Base xsi:type="xsd:float">10</Base>
                <Impact xsi:type="xsd:float">10</Impact>
                <Exploitability xsi:type="xsd:float">10</Exploitability>
                <Temporal xsi:nil="true"/>
                <Environmental xsi:nil="true"/>
                <AdjustedImpact xsi:nil="true"/>
                <AdjustedBase xsi:nil="true"/>
                <AdjustedTemporal xsi:nil="true"/>
            </return>
        </ns1:get_cvssscore_withenumerationResponse>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>