1. 接口描述
接口请求域名: csip.tencentcloudapi.com 。
获取漏洞视角的漏洞风险列表
默认接口请求频率限制:20次/秒。
推荐使用 API Explorer
点击调试
API Explorer 提供了在线调用、签名验证、SDK 代码生成和快速检索接口等能力。您可查看每次调用的请求内容和返回结果以及自动生成 SDK 调用示例。
2. 输入参数
以下请求参数列表仅列出了接口请求参数和部分公共参数,完整公共参数列表见 公共请求参数。
参数名称 | 必选 | 类型 | 描述 |
---|---|---|---|
Action | 是 | String | 公共参数,本接口取值:DescribeVulViewVulRiskList。 |
Version | 是 | String | 公共参数,本接口取值:2022-11-21。 |
Region | 否 | String | 公共参数,此参数为可选参数。 |
MemberId.N | 否 | Array of String | 集团账号的成员id 示例值:[]{"mem-6wfo0fzks3","mem-85fo0fzks4"} |
Filter | 否 | Filter | 过滤内容 |
Tags.N | 否 | Array of AssetTag | 资产标签 |
3. 输出参数
参数名称 | 类型 | 描述 |
---|---|---|
TotalCount | Integer | 总条数 示例值:10 |
Data | Array of VULViewVULRiskData | 漏洞产视角的漏洞风险列表 注意:此字段可能返回 null,表示取不到有效值。 |
LevelLists | Array of FilterDataObject | 危险等级列表 |
FromLists | Array of FilterDataObject | 来源列表 |
VULTypeLists | Array of FilterDataObject | 漏洞类型列表 |
Tags | Array of FilterDataObject | tag枚举 注意:此字段可能返回 null,表示取不到有效值。 |
RequestId | String | 唯一请求 ID,由服务端生成,每次请求都会返回(若请求因其他原因未能抵达服务端,则该次请求不会获得 RequestId)。定位问题时需要提供该次请求的 RequestId。 |
4. 示例
示例1 success1
success1
输入示例
POST / HTTP/1.1
Host: csip.tencentcloudapi.com
Content-Type: application/json
X-TC-Action: DescribeVulViewVulRiskList
<公共请求参数>
{}
输出示例
{
"Response": {
"Data": [
{
"AffectAssetCount": 1,
"AppId": "1300448058",
"AppName": "-",
"AppVersion": "-",
"CVE": "CVE-2019-25032",
"Component": "-",
"EMGCVulType": 0,
"FirstTime": "2023-10-30 15:02:23",
"From": "主机检测",
"Index": "04c52dbf64c927a11b15840089e8f1d3",
"Level": "high",
"Nick": "",
"NoHandleCount": 0,
"PCMGRId": "",
"Payload": "",
"Port": "-",
"RecentTime": "2023-11-29 14:43:07",
"RiskId": "04c52dbf64c927a11b15840089e8f1d3",
"Uin": "",
"VULName": "Unbound 输入验证错误漏洞 (CVE-2019-25032)",
"VULType": "处理逻辑错误",
"VULURL": ""
},
{
"AffectAssetCount": 1,
"AppId": "1300448058",
"AppName": "-",
"AppVersion": "-",
"CVE": "CVE-2018-25009",
"Component": "-",
"EMGCVulType": 0,
"FirstTime": "2023-12-07 17:22:17",
"From": "主机检测",
"Index": "07c7249d578bb771121cdf5b6e7c6e54",
"Level": "high",
"Nick": "",
"NoHandleCount": 0,
"PCMGRId": "",
"Payload": "",
"Port": "-",
"RecentTime": "2023-12-07 17:22:17",
"RiskId": "07c7249d578bb771121cdf5b6e7c6e54",
"Uin": "",
"VULName": "libwebp 缓冲区错误漏洞(CVE-2018-25009)",
"VULType": "缓冲区溢出",
"VULURL": ""
},
{
"AffectAssetCount": 1,
"AppId": "1300448058",
"AppName": "-",
"AppVersion": "-",
"CVE": "CVE-2021-20231",
"Component": "-",
"EMGCVulType": 0,
"FirstTime": "2023-12-07 17:22:17",
"From": "主机检测",
"Index": "0dddd68a2edcb52ee7c6ee7641a0fffa",
"Level": "high",
"Nick": "",
"NoHandleCount": 0,
"PCMGRId": "",
"Payload": "",
"Port": "-",
"RecentTime": "2023-12-07 17:22:17",
"RiskId": "0dddd68a2edcb52ee7c6ee7641a0fffa",
"Uin": "",
"VULName": "GnuTLS 资源管理错误漏洞(CVE-2021-20231)",
"VULType": "其他",
"VULURL": ""
},
{
"AffectAssetCount": 1,
"AppId": "1300448058",
"AppName": "-",
"AppVersion": "-",
"CVE": "CVE-2020-36331",
"Component": "-",
"EMGCVulType": 0,
"FirstTime": "2023-12-07 17:22:17",
"From": "主机检测",
"Index": "0f256323945289d6d94372a23c639064",
"Level": "high",
"Nick": "",
"NoHandleCount": 0,
"PCMGRId": "",
"Payload": "",
"Port": "-",
"RecentTime": "2023-12-07 17:22:17",
"RiskId": "0f256323945289d6d94372a23c639064",
"Uin": "",
"VULName": "libwebp 缓冲区错误漏洞(CVE-2020-36331)",
"VULType": "缓冲区溢出",
"VULURL": ""
},
{
"AffectAssetCount": 3,
"AppId": "1300448058",
"AppName": "OpenSSH",
"AppVersion": "-",
"CVE": "CVE-2020-15778",
"Component": "OpenSSH",
"EMGCVulType": 0,
"FirstTime": "2023-09-26 16:34:50",
"From": "云安全中心",
"Index": "1498f23a853529b3be8cf554629e4533",
"Level": "high",
"Nick": "",
"NoHandleCount": 0,
"PCMGRId": "",
"Payload": "OpenSSH/7.4,OpenSSH/8.0",
"Port": "22",
"RecentTime": "2023-09-27 11:49:10",
"RiskId": "1498f23a853529b3be8cf554629e4533",
"Uin": "",
"VULName": "OpenSSH 命令注入漏洞(CVE-2020-15778)",
"VULType": "命令注入",
"VULURL": ""
},
{
"AffectAssetCount": 2,
"AppId": "1300448058",
"AppName": "-",
"AppVersion": "-",
"CVE": "CVE-2021-3520",
"Component": "-",
"EMGCVulType": 0,
"FirstTime": "2023-10-27 10:28:30",
"From": "主机检测",
"Index": "16f4ce6bfc81bf53176ef3a6351099ed",
"Level": "high",
"Nick": "",
"NoHandleCount": 0,
"PCMGRId": "",
"Payload": "",
"Port": "-",
"RecentTime": "2023-12-07 17:22:18",
"RiskId": "16f4ce6bfc81bf53176ef3a6351099ed",
"Uin": "",
"VULName": "LZ4 安全漏洞 (CVE-2021-3520)",
"VULType": "其他",
"VULURL": ""
},
{
"AffectAssetCount": 2,
"AppId": "1300448058",
"AppName": "-",
"AppVersion": "-",
"CVE": "CVE-2020-9895",
"Component": "-",
"EMGCVulType": 0,
"FirstTime": "2023-10-27 10:28:30",
"From": "主机检测",
"Index": "18321f689397785f8cb79c60c6aabae8",
"Level": "high",
"Nick": "",
"NoHandleCount": 0,
"PCMGRId": "",
"Payload": "",
"Port": "-",
"RecentTime": "2023-12-07 17:22:18",
"RiskId": "18321f689397785f8cb79c60c6aabae8",
"Uin": "",
"VULName": "WebKit组件安全漏洞 (CVE-2020-9895)",
"VULType": "其他",
"VULURL": ""
},
{
"AffectAssetCount": 2,
"AppId": "1300448058",
"AppName": "-",
"AppVersion": "-",
"CVE": "CVE-2019-3822",
"Component": "-",
"EMGCVulType": 0,
"FirstTime": "2023-10-27 10:28:30",
"From": "主机检测",
"Index": "1de2ea2fdeba33f60237e63ba1796a7a",
"Level": "high",
"Nick": "",
"NoHandleCount": 0,
"PCMGRId": "",
"Payload": "",
"Port": "-",
"RecentTime": "2023-12-07 17:22:18",
"RiskId": "1de2ea2fdeba33f60237e63ba1796a7a",
"Uin": "",
"VULName": "Haxx libcurl 缓冲区错误漏洞 (CVE-2019-3822)",
"VULType": "缓冲区溢出",
"VULURL": ""
},
{
"AffectAssetCount": 1,
"AppId": "1300448058",
"AppName": "-",
"AppVersion": "-",
"CVE": "CVE-2019-25042",
"Component": "-",
"EMGCVulType": 0,
"FirstTime": "2023-10-30 15:02:23",
"From": "主机检测",
"Index": "21ecf9ac58582f15794dab5ee37bcef1",
"Level": "high",
"Nick": "",
"NoHandleCount": 0,
"PCMGRId": "",
"Payload": "",
"Port": "-",
"RecentTime": "2023-11-29 14:43:07",
"RiskId": "21ecf9ac58582f15794dab5ee37bcef1",
"Uin": "",
"VULName": "Unbound 缓冲区错误漏洞 (CVE-2019-25042)",
"VULType": "缓冲区溢出",
"VULURL": ""
},
{
"AffectAssetCount": 2,
"AppId": "1300448058",
"AppName": "Nginx",
"AppVersion": "-",
"CVE": "CVE-2019-9511",
"Component": "Nginx",
"EMGCVulType": 0,
"FirstTime": "2023-09-26 16:34:50",
"From": "云安全中心",
"Index": "28d5b79163e64cd046e6537131ea9e08",
"Level": "high",
"Nick": "",
"NoHandleCount": 0,
"PCMGRId": "",
"Payload": "nginx/1.14.1",
"Port": "80",
"RecentTime": "2023-09-27 11:49:10",
"RiskId": "28d5b79163e64cd046e6537131ea9e08",
"Uin": "",
"VULName": "nginx 安全漏洞(CVE-2019-9511)",
"VULType": "其他",
"VULURL": ""
}
],
"FromLists": [
{
"Text": "云安全中心",
"Value": "0"
},
{
"Text": "主机检测",
"Value": "1"
},
{
"Text": "容器检测",
"Value": "5"
}
],
"LevelLists": [
{
"Text": "中危",
"Value": "middle"
},
{
"Text": "低危",
"Value": "low"
},
{
"Text": "提示",
"Value": "info"
},
{
"Text": "严重",
"Value": "extreme"
},
{
"Text": "高危",
"Value": "high"
}
],
"RequestId": "470926c1-52bf-46fb-bc00-be5d1b8cba9f",
"Tags": [
{
"Text": "该漏洞有poc",
"Value": "POC"
},
{
"Text": "必修",
"Value": "IS_SUGGEST"
},
{
"Text": "该漏洞有exp",
"Value": "EXP"
},
{
"Text": "该漏洞存在在野利用或在野攻击",
"Value": "KNOWN_EXPLOITED"
},
{
"Text": "该漏洞仅能本地利用",
"Value": "LOCAL"
},
{
"Text": "该漏洞可作为系统组件漏洞检出",
"Value": "SYS"
},
{
"Text": "该漏洞可作为应用组件漏洞检出",
"Value": "APP"
},
{
"Text": "应急",
"Value": "IS_EMERGENCY"
},
{
"Text": "该漏洞可以远程利用",
"Value": "NETWORK"
}
],
"TotalCount": 672,
"VULTypeLists": [
{
"Text": "处理逻辑错误",
"Value": "处理逻辑错误"
}
]
}
}
5. 开发者资源
腾讯云 API 平台
腾讯云 API 平台 是综合 API 文档、错误码、API Explorer 及 SDK 等资源的统一查询平台,方便您从同一入口查询及使用腾讯云提供的所有 API 服务。
API Inspector
用户可通过 API Inspector 查看控制台每一步操作关联的 API 调用情况,并自动生成各语言版本的 API 代码,也可前往 API Explorer 进行在线调试。
SDK
云 API 3.0 提供了配套的开发工具集(SDK),支持多种编程语言,能更方便的调用 API。
- Tencent Cloud SDK 3.0 for Python: GitHub Gitee
- Tencent Cloud SDK 3.0 for Java: GitHub Gitee
- Tencent Cloud SDK 3.0 for PHP: GitHub Gitee
- Tencent Cloud SDK 3.0 for Go: GitHub Gitee
- Tencent Cloud SDK 3.0 for Node.js: GitHub Gitee
- Tencent Cloud SDK 3.0 for .NET: GitHub Gitee
- Tencent Cloud SDK 3.0 for C++: GitHub Gitee
- Tencent Cloud SDK 3.0 for Ruby: GitHub Gitee
命令行工具
6. 错误码
以下仅列出了接口业务逻辑相关的错误码,其他错误码详见 公共错误码。
错误码 | 描述 |
---|---|
AuthFailure | CAM签名/鉴权错误。 |
DryRunOperation | DryRun 操作,代表请求将会是成功的,只是多传了 DryRun 参数。 |
FailedOperation | 操作失败。 |
InternalError | 内部错误。 |
InvalidParameter | 参数错误。 |
InvalidParameterValue | 参数取值错误。 |
LimitExceeded | 超过配额限制。 |
MissingParameter | 缺少参数错误。 |
OperationDenied | 操作被拒绝。 |
RequestLimitExceeded | 请求的次数超过了频率限制。 |
ResourceInUse | 资源被占用。 |
ResourceInsufficient | 资源不足。 |
ResourceNotFound | 资源不存在。 |
ResourceUnavailable | 资源不可用。 |
ResourcesSoldOut | 资源售罄。 |
UnauthorizedOperation | 未授权操作。 |
UnknownParameter | 未知参数错误。 |
UnsupportedOperation | 操作不支持。 |