Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
246 lines (208 sloc) 8.28 KB

CVE ID Object

Field Description Values
ID The ID of the CVE string in the format
"CVE-YYYY-XXXXXX",
Status The assignment/publication status of the CVE ID String
"Free|Rejected|Disputed|Populated|Published|Public|Reserved|Obsolete"
Requestor ID & name representing the logged in user JSON
Organization ID & name representing the organization associated with the logged in user JSON
History A log of the changes of this CVE ID TBD
{
    "cve_id":"CVE-YYYY-XXXXXX",
    "status":"Free|Rejected|Disputed|Populated|Published|Public|Reserved|Obsolete"
    "Requestor":
    {
        "user_id":"USER ID"
        "user_name":"NAME"
    }
    Organization:
    {
        "org_id":"USER ID"
        "org_name":"NAME"
    }
    History:TBD
}

CVE Actions:

Get CVE Info:

Use this method to get status and/or the related metadata about the CVEs that have been allocated to the requestor. Information can be requested for a single CVE ID, all CVE IDs, a subset of CVE IDs as specified by a filter.

Note: Caller must be authenticated, authorized CVE AIS user.

Example

GET https://.../Get-CVEInfo?ID={ID}

URI Parameters

Parameter Description Values
ID Optional:
The ID of the CVE (or CVEs) the caller wants information about
Comma separated string
Filter Optional:
A filter to limit the results returned by this call based on some criteria (e.g. Status, Creation Date, etc.)
oData filter

Response:

A collection of one or more CVE ID Objects. Note: If the caller specifies an ID that they are not authorized to view the system will return an error (i.e. HTTP 500).

[

    {
        "cve_id":"CVE-YYYY-XXXXXX",
        "status":"Free|Rejected|Disputed|Populated|Published|Public|Reserved|Obsolete"
        "Requestor":
        {
            "user_id":"USER ID"
            "user_name":"NAME"
        }
        Organization:
        {
            "org_id":"USER ID"
            "org_name":"NAME"
        }
        History:TBD
    },
    {
        "cve_id":"CVE-YYYY-XXXXXX",
        "status":"Free|Rejected|Disputed|Populated|Published|Public|Reserved|Obsolete"
        "Requestor":
        {
            "user_id":"USER ID"
            "user_name":"NAME"
        }
        Organization:
        {
            "org_id":"USER ID"
            "org_name":"NAME"
        }
        History:TBD
    },
    ...
]

Request CVE ID

This method will allocate and assign one or more non-sequential CVE IDs to the requestor. The backend database will be updated to reflect the allocated CVE IDs, status (i.e. "Reserved"), and requestors identity & associated CNA (as provided by the CVE Authentication and Authorization Services).

Note: the number of CVE IDs are limited based on the specified quota.

Example

POST https://.../Request-CVEId?ID={ID}

URI Parameters

Parameter Description Values
Count Optional:
The number of CVE IDs being requested
number
Status Optional:
The status to be set for the specified CVE (overrides the default, "Reserved" status)
String
"Free|Rejected|Disputed|Populated|Published|Public|Reserved|Obsolete"
Year Optional:
The year prefix of the CVE ID
number
Seq Optional:
Request sequential CVE IDs
One of the following values:
- 1: Request that CVEs be returned in sequence best effort.
- 0 [default]: Call will randomize CVE IDs.
Force Optional:
This flag suppresses the error that would occur if the caller requests a number of CVE IDs greater than the available quota, and causes the call to return the maximum number of CVE IDs permitted by the quota
One of the following values:
- 1: Force the call and return as many CVE IDs as permitted by the quota.
- 0 [default]: Call will error if exceeds quota.

Response:

A collection of one or more CVE ID Objects. Note: If the number of request CVE IDs exceeds the quota the system will return an error (i.e. HTTP 500).

[

    {
        "cve_id":"CVE-YYYY-XXXXXX",
        "status":"Free|Rejected|Disputed|Populated|Published|Public|Reserved|Obsolete"
        "Requestor":
        {
            "user_id":"USER ID"
            "user_name":"NAME"
        }
        Organization:
        {
            "org_id":"USER ID"
            "org_name":"NAME"
        }
        History:TBD
    },
    {
        "cve_id":"CVE-YYYY-XXXXXX",
        "status":"Free|Rejected|Disputed|Populated|Published|Public|Reserved|Obsolete"
        "Requestor":
        {
            "user_id":"USER ID"
            "user_name":"NAME"
        }
        Organization:
        {
            "org_id":"USER ID"
            "org_name":"NAME"
        }
        History:TBD
    },
    ...
]

Get Quota Info

Use this method to get the hard and soft quota limits set for the callers CNA, as well as the count of remaining CVE IDs for each of the respective limits.

Example

GET https://.../Get-QuotaInfo

URI Parameters

Parameter Description Values
QuotaType Optional:
Specifies the type of limit being queried.
One of the following values:
- 2: Return information about soft limits only.
- 1: Return information about hard limits only.
- 0 [default]: Both hard and soft limits.

Response:

JSON blob representing the quota limits and remaining available CVE IDs

{
	"Hard Quota":
		{
			"limit":100,
			"available":90
		},
	"Soft Quota":
		{
			"limit":50,
			"available":40
		}
}

Available_ids = limit - reserved_but_not_populated_id_count

Set CVE ID Status:

Use this method to update the status of assigned CVE IDs in the backend database.

Example

POST https://.../Set-CVEId?id={ID}&status={status}

Parameter Description Values
ID Required:
The ID of the CVE (or CVEs) the caller wants information about
Comma separated string
Status Required:
The new status to be set for the specified CVE
String
"Free|Rejected|Disputed|Populated|Published|Public|Reserved|Obsolete"

Response:

A collection of one or more CVE ID Objects. Note: If the caller specifies an ID that they are not authorized to view the system will return an error.

[

    {
        "cve_id":"CVE-YYYY-XXXXXX",
        "status":"Free|Rejected|Disputed|Populated|Published|Public|Reserved|Obsolete"
        "Requestor":
        {
            "user_id":"USER ID"
            "user_name":"NAME"
        }
        Organization:
        {
            "org_id":"USER ID"
            "org_name":"NAME"
        }
        History:TBD
    },
    {
        "cve_id":"CVE-YYYY-XXXXXX",
        "status":"Free|Rejected|Disputed|Populated|Published|Public|Reserved|Obsolete"
        "Requestor":
        {
            "user_id":"USER ID"
            "user_name":"NAME"
        }
        Organization:
        {
            "org_id":"USER ID"
            "org_name":"NAME"
        }
        History:TBD
    },
    ...
]
You can’t perform that action at this time.