DescribeVulList - Security Center

Queries vulnerabilities by type.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
yundun-sas:DescribeVulList	get	All Resources *	none	none

Request parameters

Parameter	Type	Required	Description	Example
Lang	string	No	The language of the content within the request and response. Default value: zh. Valid values: zh: Chinese en: English	zh
Ids	string	No	The IDs of vulnerabilities. You can specify up to 50 IDs. Separate multiple IDs with commas (,).	282,281,283
Remark	string	No	The remarks for the asset affected by the vulnerability. The value can be the private IP address, public IP address, or name of the asset.	1.2.XX.XX
GroupId	string	No	The ID of the asset group. Note You can call the DescribeAllGroups operation to query the IDs of asset groups.	9207613
Type	string	Yes	The type of the vulnerability. Valid values: cve: Linux software vulnerability sys: Windows system vulnerability cms: Web-CMS vulnerability. app: application vulnerability that is detected by using web scanner emg: urgent vulnerability. sca: application vulnerability that is detected by using software component analysis	cve
Uuids	string	No	The UUIDs of the servers on which you want to query the vulnerabilities. Separate multiple UUIDs with commas (,). Note You can call the DescribeCloudCenterInstances operation to obtain the UUIDs.	1587bedb-fdb4-48c4-9330-****
Name	string	No	The alias of the vulnerability.	oval:com.redhat.rhsa:def:20172836
AliasName	string	No	The name of the vulnerability.	RHSA-2019:0230-Important: polkit security update
StatusList	string	No	The status of the vulnerability. Separate multiple statuses with commas (,). Valid values: 1: unfixed 2: fix failed 3: rollback failed 4: being fixed 5: being rolled back 6: being verified 7: fixed 8: fixed and to be restarted 9: rolled back 10: ignored 11: rolled back and to be restarted 12: not found 20: expired	1,2,3
Necessity	string	No	The priority to fix the vulnerability. Separate multiple priorities with commas (,). Valid values: asap: high later: medium nntf: low	asap,later,nntf
Dealed	string	No	Specifies whether the vulnerabilities are fixed. Valid values: y: yes n: no	n
CurrentPage	integer	No	The number of the page to return. Default value: 1.	1
PageSize	integer	No	The number of entries per page. Default value: 10.	20
AttachTypes	string	No	The additional type of the vulnerabilities. You need to specify this parameter when you query application vulnerabilities. Set the value to sca. If you set Type to app, you must specify this parameter. Note If you set this parameter to sca, application vulnerabilities and the vulnerabilities that are detected based on software component analysis are queried. If you do not specify this parameter, only application vulnerabilities are queried.	sca
VpcInstanceIds	string	No	The ID of the virtual private cloud (VPC) in which the vulnerabilities are detected. Separate multiple IDs with commas (,).	ins-133**,ins-5414**
ResourceDirectoryAccountId	long	No	The Alibaba Cloud account ID of the member in the resource directory. Note You can call the DescribeMonitorAccounts operation to obtain the IDs.	1232428423234****
UseNextToken	boolean	No	Specifies whether to use NextToken to query the data of vulnerabilities. If you set UseNextToken to true, the value of TotalCount is not returned. Valid values: true false	false
NextToken	string	No	The pagination token that is used in the next request to retrieve a new page of results. You must specify the token that is obtained from the previous query as the value of NextToken. You do not need to specify this parameter for the first request.	E17B501887A2D3AA5E8360A6EFA3B***

Response parameters

Parameter	Type	Description	Example
	object
CurrentPage	integer	The page number of the returned page.	1
RequestId	string	The ID of the request, which is used to locate and troubleshoot issues.	2F26AB2A-1075-488F-8472-40E5DB486ACC
PageSize	integer	The number of entries per page.	20
TotalCount	integer	The total number of vulnerabilities returned.	2
VulRecords	array<object>	The information about the vulnerability.
VulRecord	object
Status	integer	The status of the vulnerability. Valid values: 1: unfixed. 2: fix failed. 3: rollback failed. 4: being fixed. 5: being rolled back. 6: being verified. 7: fixed. 8: fixed and to be restarted. 9: rolled back. 10: ignored. 11: rolled back and to be restarted. 12: not found. 20: expired.	1
RaspDefend	integer	Indicates whether the application protection feature is supported. Valid values: 0: no. 1: yes. Note If this parameter is not returned, the application protection feature is not supported.	1
RaspStatus	integer	The protection mode of the application protection feature. Valid values: 0: unprotected. 1: the Monitor mode. 2: the Block mode. 3: disabled.	1
Type	string	The type of the vulnerability. Valid values: cve: Linux software vulnerability. sys: Windows system vulnerability. cms: Web-CMS vulnerability. emg: urgent vulnerability. app: application vulnerability. sca: application vulnerability that is detected by using software component analysis.	cve
ModifyTs	long	The timestamp when the vulnerability status was modified. Unit: milliseconds.	1620404763000
InternetIp	string	The public IP address of the asset.	1.2.XX.XX
PrimaryId	long	The ID of the vulnerability.	101162078
Tag	string	The tag that is added to the vulnerability.	oval
K8sClusterId	string	The ID of the cluster.	c863dc93bed3843de9934d4346dc4****
K8sNodeId	string	The ID of the node.	i-bp1ifm6suw9mnbsr****
InstanceName	string	The name of the asset.	testInstance
Online	boolean	Indicates whether the Security Center agent on the asset is online. Valid values: true false	true
OsVersion	string	The name of the operating system for your asset.	linux
Name	string	The name of the vulnerability.	oval:com.redhat.rhsa:def:20170574
ResultCode	string	The code that indicates the vulnerability fixing result.	0
InstanceId	string	The ID of the asset.	i-bp18t***
Related	string	The Common Vulnerabilities and Exposures (CVE) IDs related to the vulnerability. Multiple CVE IDs are separated by commas (,).	CVE-2017-7518,CVE-2017-12188
IntranetIp	string	The private IP address of the asset.	1.2.XX.XX
LastTs	long	The timestamp when the vulnerability was last detected. Unit: milliseconds.	1620404763000
FirstTs	long	The timestamp when the vulnerability was first detected. Unit: milliseconds.	1554189334000
RegionId	string	The region ID of the asset.	cn-hangzhou
Necessity	string	The priority to fix the vulnerability. Valid values: asap: high. later: medium. nntf: low. Note We recommend that you fix high-risk vulnerabilities at the earliest opportunity.	asap
RepairTs	long	The timestamp when the vulnerability was fixed. Unit: milliseconds. This parameter is returned only if you fix vulnerabilities in the Security Center console.	1541207563000
Uuid	string	The UUID of the asset.	04c56617-23fc-43a5-ab9b-****
K8sPodName	string	The name of the pod.	deployment-riskai-7b67d68975-m****
GroupId	integer	The ID of the asset group.	281801
ResultMessage	string	The message that indicates the vulnerability fixing result.	timeout
K8sNamespace	string	The namespace.	default
AliasName	string	The name of the vulnerability.	RHSA-2019:0230-Important: polkit security update
K8sNodeName	string	The name of the node.	deployment-riskai-7b67d68975-m****
ExtendContentJson	object	The extended information about the vulnerability.
Status	string	The status of the vulnerability. Valid values: 1: unfixed. 2: fix failed. 3: rollback failed. 4: being fixed. 5: being rolled back. 6: being verified. 7: fixed. 8: fixed and to be restarted. 9: rolled back. 10: ignored. 11: rolled back and to be restarted. 12: not found. 20: expired.	1
EmgProof	string	The returned message that indicates the urgent vulnerability.	com.xxl.rpc.util.XxlRpcException: xxl-rpc request data is empty.\n\tat com.xxl.rpc.remoting.net.impl.servlet.serve"
Ip	string	The public IP address of the asset that is associated with the vulnerability.	1.2.XX.XX
PrimaryId	long	The ID of the vulnerability.	111
Os	string	The name of the operating system.	centos
Tag	string	The tag that is added to the vulnerability.	oval
LastTs	long	The timestamp when the vulnerability was last detected. Unit: milliseconds.	1620404763000
Description	string	The description of the vulnerability.	kernel version:5.10.84-10.2.al8.x86_64
OsRelease	string	The information about the operating system version.	7
AliasName	string	The name of the vulnerability.	RHSA-2019:0230-Important: polkit security update
Target	string	The URL of the vulnerability.	http://39.99.XX.XX:30005/toLogin
AbsolutePath	string	The path to the package of the software that has the vulnerability.	/roo/www/web
RpmEntityList	array<object>	The information about RPM Package Manager (RPM) packages.
RpmEntity	object
FullVersion	string	The complete version number.	3.10.0-693.2.2.el7
Version	string	The version number of the package of the software that has the vulnerability.	3.10.0
MatchDetail	string	The reason why the vulnerability is detected.	python-perf version less than 0:3.10.0-693.21.1.el7
ImageName	string	The name of the image.	registry_387ytb_xxx
Path	string	The path to the software that has the vulnerability.	/usr/lib64/python2.7/site-packages
ContainerName	string	The name of the container.	k8s_67895c4_xxx
Name	string	The name of the RPM package.	python-perf
UpdateCmd	string	The command that is used to fix the vulnerability.	*** update python-perf
MatchList	array	The rules that are used to detect the vulnerability.
Match	string	The rule that is used to detect the vulnerability.	fastjson(jar) extendField.safemode equals false
Pid	string	The process ID.	8664
ExtendField	string	The extended information about the software package that has the vulnerability.	{"msg_no_lookups_configured_CVE_2021_44228": "false", "jndi_class_not_exist": "false"}
cveList	array	The CVE list.
Cve	string	The CVE.	CVE-2016-8610
Necessity	object	Indicates whether the vulnerability needs to be fixed.
Status	string	The status of the vulnerability priority score. Valid values: none: No score is generated. pending: The score is pending calculation. normal: The calculation is normal.	normal
Time_factor	string	The time score.	1.0
Enviroment_factor	string	The environment score.	1.0
Is_calc	string	Indicates whether the vulnerability priority score is calculated. Valid values: 0: no. 1: yes.	1
Total_score	string	The vulnerability priority score. The following list describes scores and related fixing suggestions: If the score is from 13.5 to 15, the vulnerability is a high-risk vulnerability. You must fix the vulnerability at the earliest opportunity. If the score is greater than or equal to 7 but less than 13.5, the vulnerability is a medium-risk vulnerability. You can fix the vulnerability at your convenience. If the score is less than 7, the vulnerability is a low-risk vulnerability. You can ignore the vulnerability.	7.8
Cvss_factor	string	The Common Vulnerability Scoring System (CVSS) score.	7.8
Assets_factor	string	The asset importance score. Valid values: 2: important asset. 1: common asset. 0: test asset.	1
Bind	boolean	Indicates whether Security Center is authorized to scan the asset. Valid values: true false	true
OsName	string	The name of the operating system for your asset.	CentOS 7.2 64-bit
AuthVersion	string	The edition of Security Center that is authorized to scan the asset. Valid values: 1: Basic. 6: Anti-virus. 5: Advanced. 3: Enterprise. 7: Ultimate. 10: Value-added Plan.	3
RealRisk	boolean	Indicates whether the vulnerability is easily exploited. Valid values: true false	true
NextToken	string	The value of NextToken that is returned when the NextToken method is used.	E17B501887A2D3AA5E8360A6EFA3B***

Examples

Sample success responses

JSONformat

{
  "CurrentPage": 1,
  "RequestId": "2F26AB2A-1075-488F-8472-40E5DB486ACC",
  "PageSize": 20,
  "TotalCount": 2,
  "VulRecords": [
    {
      "Status": 1,
      "RaspDefend": 1,
      "RaspStatus": 1,
      "Type": "cve",
      "ModifyTs": 1620404763000,
      "InternetIp": "1.2.XX.XX",
      "PrimaryId": 101162078,
      "Tag": "oval",
      "K8sClusterId": "c863dc93bed3843de9934d4346dc4****",
      "K8sNodeId": "i-bp1ifm6suw9mnbsr****",
      "InstanceName": "testInstance",
      "Online": true,
      "OsVersion": "linux",
      "Name": "oval:com.redhat.rhsa:def:20170574",
      "ResultCode": "0",
      "InstanceId": "i-bp18t***",
      "Related": "CVE-2017-7518,CVE-2017-12188",
      "IntranetIp": "1.2.XX.XX",
      "LastTs": 1620404763000,
      "FirstTs": 1554189334000,
      "RegionId": "cn-hangzhou",
      "Necessity": "asap",
      "RepairTs": 1541207563000,
      "Uuid": "04c56617-23fc-43a5-ab9b-****",
      "K8sPodName": "deployment-riskai-7b67d68975-m****",
      "GroupId": 281801,
      "ResultMessage": "timeout",
      "K8sNamespace": "default",
      "AliasName": "RHSA-2019:0230-Important: polkit security update",
      "K8sNodeName": "deployment-riskai-7b67d68975-m****",
      "ExtendContentJson": {
        "Status": "1",
        "EmgProof": "com.xxl.rpc.util.XxlRpcException: xxl-rpc request data is empty.\\n\\tat com.xxl.rpc.remoting.net.impl.servlet.serve\"",
        "Ip": "1.2.XX.XX",
        "PrimaryId": 111,
        "Os": "centos",
        "Tag": "oval",
        "LastTs": 1620404763000,
        "Description": "kernel version:5.10.84-10.2.al8.x86_64",
        "OsRelease": "7",
        "AliasName": "RHSA-2019:0230-Important: polkit security update",
        "Target": "http://39.99.XX.XX:30005/toLogin",
        "AbsolutePath": "/roo/www/web",
        "RpmEntityList": [
          {
            "FullVersion": "3.10.0-693.2.2.el7",
            "Version": "3.10.0",
            "MatchDetail": "python-perf version less than 0:3.10.0-693.21.1.el7",
            "ImageName": "registry_387ytb_xxx",
            "Path": "/usr/lib64/python2.7/site-packages",
            "ContainerName": "k8s_67895c4_xxx",
            "Name": "python-perf",
            "UpdateCmd": "*** update python-perf",
            "MatchList": [
              "fastjson(jar) extendField.safemode equals false"
            ],
            "Pid": "8664",
            "ExtendField": "{\"msg_no_lookups_configured_CVE_2021_44228\": \"false\", \"jndi_class_not_exist\": \"false\"}"
          }
        ],
        "cveList": [
          "CVE-2016-8610"
        ],
        "Necessity": {
          "Status": "normal",
          "Time_factor": "1.0",
          "Enviroment_factor": "1.0",
          "Is_calc": "1",
          "Total_score": "7.8",
          "Cvss_factor": "7.8",
          "Assets_factor": "1"
        }
      },
      "Bind": true,
      "OsName": "CentOS 7.2 64-bit\n",
      "AuthVersion": "3",
      "RealRisk": true
    }
  ],
  "NextToken": "E17B501887A2D3AA5E8360A6EFA3B***"
}

Error codes

HTTP status code	Error code	Error message	Description
400	NoPermission	no permission	-
400	InnerError	InnerError	-
400	IllegalParam	Illegal param	-
400	DataNotExists	%s data not exist	-
400	RdCheckNoPermission	Resource directory account verification has no permission.	-
403	NoPermission	caller has no permission	You are not authorized to do this operation.
500	RdCheckInnerError	Resource directory account service internal error.	-
500	ServerError	ServerError	-

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2024-09-25	The Error code has changed	View Change Details
2024-08-05	The Error code has changed. The response structure of the API has changed	View Change Details
2024-04-12	The Error code has changed. The request parameters of the API has changed	View Change Details
2024-03-27	The Error code has changed. The response structure of the API has changed	View Change Details
2023-11-22	The Error code has changed. The response structure of the API has changed	View Change Details
2023-09-26	The Error code has changed. The response structure of the API has changed	View Change Details
2023-09-08	The Error code has changed. The response structure of the API has changed	View Change Details
2023-09-07	The Error code has changed. The request parameters of the API has changed	View Change Details
2023-08-23	The Error code has changed. The request parameters of the API has changed	View Change Details
2023-07-20	The Error code has changed. The request parameters of the API has changed	View Change Details
2023-03-21	The Error code has changed. The response structure of the API has changed	View Change Details
2022-06-20	The Error code has changed. The request parameters of the API has changed	View Change Details