List Vulnerabilities

6 min

description retrieve a comprehensive list of vulnerabilities identified by microsoft defender for proactive threat mitigation endpoint url /api/vulnerabilities method get inputs parameters (object) $filter (string) filter the vulnerabilities using id, name, description, cvssv3, publishedon, severity, and updatedon properties $top (number) the number of items in the queried collection to be included in the response max value of 8,000 $skip (number) the number of items in the queried collection that are to be skipped and not included in the response output example \[ { "status code" 200, "response headers" { "date" "tue, 30 jul 2024 05 38 55 gmt", "content type" "application/json; odata metadata=minimal; odata streaming=true; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "content encoding" "deflate", "vary" "accept encoding", "odata version" "4 0", "strict transport security" "max age=31536000; includesubdomains" }, "reason" "ok", "json body" { "@odata context" "https //api securitycenter microsoft com/api/$metadata#vulnerabilities", "@odata count" 8000, "value" \[ { "id" "tvm 2020 0002", "name" "tvm 2020 0002", "description" "summary the vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (dos) condition on the affected system the issue is due to improper input validation of user supplied data, which can be exploited to execute arbitrary commands or crash the system attackers can exploit this vulnerability by sending specially crafted requests to the targeted system impact successful exploitation of this vulnerability could result in remote code execution, allowing attackers to gain unauthorized access to the affected system, execute arbitrary commands, and potentially take control of the system additionally, a successful attack could cause a denial of service condition, rendering the system unavailable to legitimate users remediation apply the latest patches and updates provided by the respective vendors generated by ai", "severity" "critical", "cvssv3" 9 4, "cvssvector" "", "exposedmachines" 0, "publishedon" "2020 12 16t00 00 00z", "updatedon" "2020 12 16t00 00 00z", "firstdetected" null, "publicexploit" false, "exploitverified" false, "exploitinkit" false, "exploittypes" \[], "exploituris" \[], "cvesupportability" "supported", "tags" \[], "epss" null }, { "id" "cve 2024 7163", "name" "cve 2024 7163", "description" "summary seacms 12 9 is vulnerable to cross site scripting (xss) due to improper handling of the 'color/vid/url' argument in the '/js/player/dmplayer/player/index php' file this allows remote attackers to inject malicious scripts into web pages viewed by users the vulnerability has been publicly disclosed and may be actively exploited impact if successfully exploited, this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser this could lead to various consequences, including theft of sensitive information, session hijacking, defacement of web pages, or the delivery of malware to users remediation upgrade seacms seacms to any version besides 12 9 additionalinformation the vulnerability has been assigned the identifier vdb 272577 generated by ai", "severity" "low", "cvssv3" 3 5, "cvssvector" "cvss 3 1/av\ n/ac\ l/pr\ l/ui\ r/s\ u/c\ n/i\ l/a\ n", "exposedmachines" 0, "publishedon" "2024 07 28t17 15 09 797z", "updatedon" "2024 07 29t14 12 08 783z", "firstdetected" null, "publicexploit" false, "exploitverified" false, "exploitinkit" false, "exploittypes" \[], "exploituris" \[], "cvesupportability" "notsupported", "tags" \[], "epss" 0 00045 } ], "@odata nextlink" "https //api securitycenter microsoft com/api/vulnerabilities?$skip=8000" } } ] output parameters status code (number) reason (string) json body (object) @odata context (string) @odata count (number) value (array) id (string) name (string) description (string) severity (string) cvssv3 (number) cvssvector (string) exposedmachines (number) publishedon (string) updatedon (string) firstdetected (object) publicexploit (boolean) exploitverified (boolean) exploitinkit (boolean) exploittypes (array) file name (string) – required file (string) – required exploituris (array) file name (string) – required file (string) – required cvesupportability (string) tags (array) file name (string) – required file (string) – required epss (number) @odata nextlink (string) response headers header type date string content type string transfer encoding string connection string content encoding string vary string odata version string strict transport security string