ManageEngine Vulnerability Manager Plus API - Systems' Vulnerability Detailed Information

Systems' Vulnerability Detailed Information

This API returns each vulnerability information in relation to a computer in a detailed format. In other words, every JSON object of the data array will have a computer information and vulnerability information together.

Note: This API is used to fetch large amount of data. This API is supported on Endpoint Central (for both OP and Cloud) and Vulnerability Manager Plus build versions 11.3.2430.01 and above. It is not supported for Endpoint Central MSP.

Functionality
Retrieves each vulnerability alongside its corresponding affected computer

HTTP Method
GET

API URI
/dcapi/threats/detailedinfo/vulnerabilities

Scope (On Premises)
VulnerabilityMgmt_Read

Scope (Cloud)
DesktopCentralCloud.VulnerabilityMgmt.READ

Filters
updatedTime (Case sensitive)

PageLimit
5000 (Default)

Pagination Handling
Pagination is handled by using 'cursor' and 'isNextPageAvailable' values returned in each API Hit. Depending on these values, data from next page can be fetched if there is any

Step:1 Sample API and Response

First hit: /dcapi/threats/detailedinfo/vulnerabilities

Sample Request Body: No request body in the first hit

First Response Data

{
    "message_response": {
        "data": [
            {
                "severity": "Critical",
                "cvss_2_score": "--",
                "patch_description": "Security Update for SQL Server 2022 RTM (KB5046861)",
                "reference_links": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21528,https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21529",
                "exploitscount": 0,
                "ip_address": "172.23.192.1,172.19.176.1,172.21.239.42",
                "vulnerability_status": "open",
                "fqdn_name": "PURRY-031.DOMAIN.COM",
                "updatedtime": 1733906647275,
                "patchid": 40226,
                "vulnerabilityid": 174340,
                "vulnerabilityname": "Microsoft SQL Server Remote Code Execution Vulnerability for SQL Server 2022 RTM GDR (KB5021522)",
                "cveids": "CVE-2023-21528,CVE-2023-21568,CVE-2023-21704,CVE-2023-21705,CVE-2023-21713,CVE-2023-21718,CVE-2023-23384",
                "resource_id": 301,
                "resource_name": "PURRY-031",
                "cvss_3_score": 9.8
            }
        ]
    },
    "metadata": {
        "cursor": "cmVzb3VyY2VfaWQ9NjAxO3Z1bG5lcmFiaWxpdHlpZD0yOTk1MDc7",
        "pageLimit": 1,
        "totalRecords": 1,
        "isNextPageAvailable": true
    }
}

Since in the above response, 'isNextPageAvailable' is 'true', we have to hit the same API with 'cursor' in the payload. -> In every API Hit you'll receive 'cursor' and 'isNextPageAvailable' values. If 'isNextPageAvailable' is 'true' in an API response, then we hit the API again with 'cursor' value in payload until, 'isNextPageAvailable' value is 'false'

Step:2 Second API hit

Second hit: /dcapi/threats/detailedinfo/vulnerabilities

Sample Request Body: In second hit we need to add cursor in the request body to get next set of data.

{
    "cursor": "cmVzb3VyY2VfaWQ9NjAxO3Z1bG5lcmFiaWxpdHlpZD0yOTk1MDc7"
}

If you need to get data greater than updatedTime, then modify the request body as,

{
    "cursor": "cmVzb3VyY2VfaWQ9NjAxO3Z1bG5lcmFiaWxpdHlpZD0yOTk1MDc7",
    "updatedTime": "12345678910"
}

Second Response Data

{
    "message_response": {
        "data": [
            {
                "severity": "Important",
                "cvss_2_score": "--",
                "patch_description": "Security Update for SQL Server 2022 RTM CU (KB5046862)",
                "reference_links": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-29349",
                "exploitscount": 0,
                "ip_address": "172.23.192.1,172.19.176.1,172.21.239.42",
                "vulnerability_status": "open",
                "fqdn_name": "PURRY-031.DOMAIN.COM",
                "updatedtime": 1733906647275,
                "patchid": 40226,
                "vulnerabilityid": 181871,
                "vulnerabilityname": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability for SQL Server 2022 - KB5026806",
                "cveids": "CVE-2023-29349,CVE-2023-29356,CVE-2023-32025,CVE-2023-32026,CVE-2023-32027,CVE-2023-32028,CVE-2023-38169",
                "resource_id": 301,
                "resource_name": "PURRY-031",
                "cvss_3_score": 7.7
            }
        ]
    },
    "metadata": {
        "cursor": "cmVzb3VyY2VfaWQ9NjAxO3Z1bG5lcmFiaWxpdHlpZD0yOTk1MDc7",
        "pageLimit": 1,
        "totalRecords": 1,
        "isNextPageAvailable": false
    }
}

In the second request, you'll receive a cursor; however, since 'isNextPageAvailable' is 'false', there's no need to call the API again, as it indicates there is no more data available.