Skip to main content

Qualys VMDR

This Integration is part of the Qualys Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Qualys VMDR lets you create, run, fetch and manage reports, launch and manage vulnerability and compliance scans, and manage the host assets you want to scan for vulnerabilities and compliance. This integration was integrated and tested with version 2.0 of QualysVulnerabilityManagement

Changes compared to V1#

Changes in commands#

  1. qualys-vm-scan-launch command - Added new parameters and outputs.
  2. qualys-ip-add - Added new parameters and outputs.
  3. qualys-ip-update - Added new parameters and changed existing parameters, added new outputs.
  4. qualys-virtual-host-manage - Added new parameters and outputs.
  5. qualys-host-excluded-manage - Changed existing parameters, added new outputs.
  6. qualys-vulnerability-list - Added new parameters, added new outputs.
  7. qualys-vm-scan-fetch - Added new parameters, changed context paths of outputs.
  8. qualys-pc-scan-fetch - Added outputs.
  9. qualys-report-list - Added new parameters, changed context paths of outputs.
  10. qualys-ip-list - Added new parameters, changed context paths of outputs.
  11. qualys-vm-scan-list - Removed context paths.
  12. qualys-scap-scan-list - Added new parameters, changed existing parameters, changed context paths.
  13. qualys-ip-restricted-list - New command.
  14. qualys-host-excluded-list - Added new parameters, added new outputs.
  15. qualys-report-fetch - Added new parameters, added new outputs.
  16. qualys-report-cancel - Added new outputs.
  17. qualys-group-list - Added new parameters, changed existing parameters, changed context paths.
  18. qualys-report-launch-compliance-policy - changed existing parameters.
  19. qualys-report-launch-remediation - changed existing parameters.
  20. qualys-report-launch-patch - changed existing parameters.
  21. qualys-report-launch-compliance - changed existing parameters.
  22. qualys-report-launch-scan-based-findings - changed existing parameters.
  23. qualys-report-launch-host-based-findings - changed existing parameters.
  24. qualys-vm-scan-action - Removed output.
  25. qualys-pc-scan-list - Added new parameters, changed existing parameters, changed outputs.
  26. qualys-pc-scan-launch - changed outputs.
  27. qualys-pc-scan-manage - changed outputs.
  28. qualys-schedule-scan-list - Added new parameters, changed outputs.
  29. qualys-host-list - Added new parameters, changed existing parameters, changed outputs.
  30. qualys-virtual-host-list - Added new parameters, changed outputs.
  31. qualys-scheduled-report-list - Added new parameters, changed existing parameters, changed outputs.
  32. qualys-report-template-list - Added new parameters, changed outputs.
  33. qualys-report-launch-map - Changed existing parameters.
  34. qualys-ip-restricted-manage - New command.
  35. qualys-purge-scan-host-data - New command.

Playbooks#

  1. Vulnerability Management - Qualys (Job) - migrated to work with this new version
  2. New playbook - qualys-pc-scan-launch-and-fetch
  3. New playbook - qualys-report-launch-compliance-and-fetch
  4. New playbook - qualys-vm-scan-launch-and-fetch.yml
  5. New playbook - qualys-report-launch-scan-based-findings-and-fetch.yml
  6. New playbook - qualys-scheduled-report-launch-and-fetch.yml
  7. New playbook - qualys-report-launch-remediation-and-fetch.yml
  8. New playbook - qualys-report-launch-patch-and-fetch.yml
  9. New playbook - qualys-report-launch-map-and-fetch.yml
  10. New playbook - qualys-report-launch-host-based-findings-and-fetch.yml
  11. New playbook - qualys-report-launch-compliance-policy-and-fetch.yml

Configure Qualys VMDR in Cortex#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Qualys VMDR.

  3. Click Add instance to create and configure a new integration instance.

    NameDescriptionRequired
    Server URLWhen using asset-tag commands, the official documentation recommends that the SERVER URL parameter should be in the following format: https://qualysapi.<tenant>.apps.qualys.com/<end-point>.True
    UsernameTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
    Fetch EventsFalse
    Event first fetch timeAvailable on Cortex XSIAM only. If "First event fetch time" is set for a long time ago, it may cause performance issues.False
    Event Fetch LimitAvailable in Cortex XSIAM only. Maximum number of events to fetch per fetch iteration.False
    Events Fetch IntervalAvailable in Cortex XSIAM only.False
    Fetch Assets and VulnerabilitiesAvailable in Cortex XSIAM only. Whether to fetch host list detections (assets) and vulnerabilites.False
    Assets and Vulnerabilities Fetch IntervalAvailable in Cortex XSIAM only. The fetch interval for assets and vulnerabilities. It is recommended to set it to 24 hours. Interval lower then 1 hour is not supported. Default is 1 day.False
    Fetch Vulnerabilities BehaviorAvailable in Cortex XSIAM only. Default is Fetch by last modified date.False
  4. Click Test to validate the URLs, token, and connection.

Notes#

When configuring the integration instance, selecting the "Fetch by last modified date" option in the Fetch Vulnerabilities Behavior dropdown fetches all assets and vulnerabilities from the last 90 days.

To fetch only vulnerabilities by unique QIDs relevant to the assets regardless of the vulnerability modified time, choose the "Fetch by unique QIDs of assets" option.

Asset Tag Commands#

The API endpoints in the Qualys API that can be used depend on the value of the Server URL parameter in the integration instance configuration. When using asset-tag commands, the official documentation recommends that the Server URL parameter be in the following format: https://qualysapi.<tenant>.apps.qualys.com/<end-point>.

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

qualys-ip-list#


View a list of IP addresses in the user account.

Base Command#

qualys-ip-list

Input#

Argument NameDescriptionRequired
ipsShow only certain IP addresses/ranges.Optional
network_idRestrict the request to a certain custom network ID.Optional
tracking_methodShow only IP addresses/ranges which have a certain tracking method. Possible values are: IP, DNS, NETBIOS.Optional
compliance_enabledSpecify 1 to list compliance IP addresses in the user’s account. These hosts are assigned to the policy compliance module. Specify 0 to get host that are not assigned to the policy compliance module. Possible values are: 0, 1.Optional
certview_enabled(Optional) Specify 1 to list IP addresses in the user’s account assigned to the Certificate View module. Specify 0 to list IP addresses that are not assigned to the Certificate View module. Note - This option will be supported when Certificate View GA is released and is enabled for your account. Possible values are: 0, 1.Optional
limitSpecify a positive numeric value to limit the amount of results in the requested list.Optional

Context Output#

PathTypeDescription
Qualys.IP.AddressunknownIP addresses.
Qualys.IP.RangeunknownIP range.

Command Example#

!qualys-ip-list ips=1.1.1.1-1.1.1.5 compliance_enabled=1 certview_enabled=1

Context Example#

{
"Qualys": {
"IP": {
"Address": [
"1.1.1.1",
"1.1.1.3"
]
}
}
}

Human Readable Output#

ip
1.1.1.1
1.1.1.3

qualys-report-list#


Get a list of generated reports in the system

Base Command#

qualys-report-list

Input#

Argument NameDescriptionRequired
idSpecify a report ID of a report that is saved in the Report Share storage space.Optional
stateSpecify reports with a certain state. Possible values are: Running, Finished, Canceled, Errors.Optional
user_loginSpecify a user login ID to get reports launched by the specified user login ID.Optional
expires_before_datetimeSpecify the date and time to get only reports that expire before it. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.Optional
client_id(Optional) Id assigned to the client (Consultant type subscriptions).Optional
client_name(Optional) Name of the client (Consultant type subscriptions). Note, The client_id and client_name parameters are mutually exclusive and cannot be specified together in the same request.Optional
limitSpecify a positive numeric value to limit the amount of results in the requested list.Optional

Context Output#

PathTypeDescription
Qualys.Report.IDStringReport ID.
Qualys.Report.TITLEunknownReport title.
Qualys.Report.TYPEunknownReport type.
Qualys.Report.LAUNCH_DATETIMEunknownDate and time the report launched.
Qualys.Report.OUTPUT_FORMATunknownReport output format.
Qualys.Report.SIZEunknownReport size.
Qualys.Report.STATUS.STATEunknownReport state status.
Qualys.Report.STATUS.MESSAGEunknownReport status message.
Qualys.Report.STATUS.PERCENTunknownReport status percent.
Qualys.Report.EXPIRATION_DATETIMEunknownReport expiration datetime.

Command Example#

!qualys-report-list state=Finished expires_before_datetime=2021-05-01

Human Readable Output#

No items found

qualys-vm-scan-list#


Lists vulnerability scans in the user’s account

Base Command#

qualys-vm-scan-list

Input#

Argument NameDescriptionRequired
scan_refShow only a scan with a certain scan reference code.Optional
stateShow only one or more scan states.Optional
processedSpecify 0 to show only scans that are not processed. Specify 1 to show only scans that have been processed. Possible values are: 0, 1.Optional
typeShow only a certain scan type. Possible values are: On-Demand, Scheduled, API.Optional
targetShow only one or more target IP addresses.Optional
user_loginShow only a certain user login.Optional
launched_after_datetimeShow only scans launched after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.'.Optional
launched_before_datetimeShow only scans launched before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.'.Optional
show_agsSpecify 1 to show asset group information for each scan in the output. Possible values are: 1.Optional
show_opSpecify 1 to show option profile information for each scan in the output. Possible values are: 1.Optional
show_statusSpecify 0 to not show scan status for each scan in the output. Possible values are: 0.Optional
show_lastSpecify 1 to show only the most recent scan (which meets all other search filters in the request) in the output. Possible values are: 1.Optional
scan_id(Optional) Show only a scan with a certain compliance scan ID.Optional
client_id(Optional) Id assigned to the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request.Optional
client_name(Optional) Name of the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request.Optional
pci_only(Optional) Specify 1 to show only external PCI scans in the XML output. External PCI scans are vulnerability scans run with the option profile "Payment Card Industry (PCI) Options". When pci_only=1 is specified, the XML output will not include other types of scans run with other option profiles. Possible values are: 1.Optional
ignore_target(Optional) Specify 1 to hide target information from the scan list. Specify 0 to display the target information. Possible values are: 1, 0.Optional
limitSpecify a positive numeric value to limit the amount of results in the requested list.Optional

Context Output#

PathTypeDescription
Qualys.Scan.REFunknownScan REF.
Qualys.Scan.TYPEunknownScan type.
Qualys.Scan.TITLEunknownScan title.
Qualys.Scan.LAUNCH_DATETIMEunknownDate and time the scan launched.
Qualys.Scan.DURATIONunknownScan Duration.
Qualys.Scan.PROCESSING_PRIORITYunknownScan Processing Priority.
Qualys.Scan.PROCESSEDunknownScan Processed.
Qualys.Scan.STATUS.STATEunknownScan status state.
Qualys.Scan.STATUS.SUB_STATEunknownScan status sub state.
Qualys.Scan.SCHEDULEunknownScan Schedule.
Qualys.Scan.TARGETunknownScan Target.
Qualys.Scan.ASSET_GROUP_TITLEunknownTarget Asset Group Title.
Qualys.Scan.DEFAULT_FLAGunknownScan Default Flag.
Qualys.Scan.USER_LOGINunknownThe user that created the scan.

Command Example#

!qualys-vm-scan-list launched_before_datetime=2021-04-20 type=API processed=1 state=Finished

Context Example#

{
"Qualys": {
"Scan": [
{
"DURATION": "00:25:18",
"LAUNCH_DATETIME": "2021-04-11T12:54:19Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1618145659.78157",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:25:18",
"LAUNCH_DATETIME": "2021-04-11T12:53:44Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1618145624.78156",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:25:36",
"LAUNCH_DATETIME": "2021-04-11T12:52:40Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1618145560.78154",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:24:49",
"LAUNCH_DATETIME": "2021-04-11T12:43:03Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1618144983.78115",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:25:01",
"LAUNCH_DATETIME": "2021-04-11T12:42:22Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1618144942.78113",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:25:56",
"LAUNCH_DATETIME": "2021-04-11T12:41:31Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1618144892.78108",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:26:41",
"LAUNCH_DATETIME": "2021-04-11T12:41:22Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1618144883.78106",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:25:20",
"LAUNCH_DATETIME": "2021-04-11T12:40:11Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1618144811.78099",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:25:03",
"LAUNCH_DATETIME": "2021-04-11T12:39:05Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1618144745.78096",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:24:54",
"LAUNCH_DATETIME": "2021-04-11T12:33:36Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1618144416.78068",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:37:29",
"LAUNCH_DATETIME": "2021-03-16T10:19:09Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1615889949.37940",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:24:23",
"LAUNCH_DATETIME": "2021-03-16T10:08:20Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1615889300.37888",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:22:17",
"LAUNCH_DATETIME": "2021-03-16T10:06:17Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1615889177.37862",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:21:29",
"LAUNCH_DATETIME": "2021-03-16T10:02:28Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1615888948.37811",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "01:00:13",
"LAUNCH_DATETIME": "2021-03-16T10:01:37Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1615888897.37791",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:21:33",
"LAUNCH_DATETIME": "2021-03-16T10:01:09Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1615888869.37785",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:21:29",
"LAUNCH_DATETIME": "2021-03-16T09:59:40Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1615888780.37762",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:22:04",
"LAUNCH_DATETIME": "2021-03-16T09:27:32Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1615886852.37638",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:22:14",
"LAUNCH_DATETIME": "2021-03-16T09:26:31Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1615886791.37632",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:21:28",
"LAUNCH_DATETIME": "2021-03-16T09:22:38Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1615886558.37620",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
},
{
"DURATION": "00:19:55",
"LAUNCH_DATETIME": "2021-03-16T09:18:53Z",
"PROCESSED": "1",
"PROCESSING_PRIORITY": "0 - No Priority",
"REF": "scan/1615886333.37610",
"STATUS": {
"STATE": "Finished"
},
"TARGET": "1.1.1.1",
"TITLE": "N/A",
"TYPE": "API",
"USER_LOGIN": "demst2nr"
}
]
}
}

Human Readable Output#

Scan List#

REFTITLESTATUSPROCESSEDTYPETARGETPROCESSING_PRIORITYLAUNCH_DATETIMEDURATIONUSER_LOGIN
scan/1618145659.78157N/ASTATE: Finished1API1.1.1.10 - No Priority2021-04-11T12:54:19Z00:25:18demst2nr
scan/1618145624.78156N/ASTATE: Finished1API1.1.1.10 - No Priority2021-04-11T12:53:44Z00:25:18demst2nr
scan/1618145560.78154N/ASTATE: Finished1API1.1.1.10 - No Priority2021-04-11T12:52:40Z00:25:36demst2nr
scan/1618144983.78115N/ASTATE: Finished1API1.1.1.10 - No Priority2021-04-11T12:43:03Z00:24:49demst2nr
scan/1618144942.78113N/ASTATE: Finished1API1.1.1.10 - No Priority2021-04-11T12:42:22Z00:25:01demst2nr
scan/1618144892.78108N/ASTATE: Finished1API1.1.1.10 - No Priority2021-04-11T12:41:31Z00:25:56demst2nr
scan/1618144883.78106N/ASTATE: Finished1API1.1.1.10 - No Priority2021-04-11T12:41:22Z00:26:41demst2nr
scan/1618144811.78099N/ASTATE: Finished1API1.1.1.10 - No Priority2021-04-11T12:40:11Z00:25:20demst2nr
scan/1618144745.78096N/ASTATE: Finished1API1.1.1.10 - No Priority2021-04-11T12:39:05Z00:25:03demst2nr
scan/1618144416.78068N/ASTATE: Finished1API1.1.1.10 - No Priority2021-04-11T12:33:36Z00:24:54demst2nr
scan/1615889949.37940N/ASTATE: Finished1API1.1.1.10 - No Priority2021-03-16T10:19:09Z00:37:29demst2nr
scan/1615889300.37888N/ASTATE: Finished1API1.1.1.10 - No Priority2021-03-16T10:08:20Z00:24:23demst2nr
scan/1615889177.37862N/ASTATE: Finished1API1.1.1.10 - No Priority2021-03-16T10:06:17Z00:22:17demst2nr
scan/1615888948.37811N/ASTATE: Finished1API1.1.1.10 - No Priority2021-03-16T10:02:28Z00:21:29demst2nr
scan/1615888897.37791N/ASTATE: Finished1API1.1.1.10 - No Priority2021-03-16T10:01:37Z01:00:13demst2nr
scan/1615888869.37785N/ASTATE: Finished1API1.1.1.10 - No Priority2021-03-16T10:01:09Z00:21:33demst2nr
scan/1615888780.37762N/ASTATE: Finished1API1.1.1.10 - No Priority2021-03-16T09:59:40Z00:21:29demst2nr
scan/1615886852.37638N/ASTATE: Finished1API1.1.1.10 - No Priority2021-03-16T09:27:32Z00:22:04demst2nr
scan/1615886791.37632N/ASTATE: Finished1API1.1.1.10 - No Priority2021-03-16T09:26:31Z00:22:14demst2nr
scan/1615886558.37620N/ASTATE: Finished1API1.1.1.10 - No Priority2021-03-16T09:22:38Z00:21:28demst2nr
scan/1615886333.37610N/ASTATE: Finished1API1.1.1.10 - No Priority2021-03-16T09:18:53Z00:19:55demst2nr

qualys-scap-scan-list#


Gives you a list of SCAP scans in your account

Base Command#

qualys-scap-scan-list

Input#

Argument NameDescriptionRequired
scan_refShow only a scan with a certain scan reference code.Optional
stateShow only one or more scan states.Optional
processedSpecify 0 to show only scans that are not processed. Specify 1 to show only scans that have been processed. Possible values are: 0, 1.Optional
typeShow only a certain scan type. Possible values are: On-Demand, Scheduled, API.Optional
targetShow only one or more target IP addresses.Optional
user_loginShow only a certain user login.Optional
launched_after_datetimeShow only scans launched after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.'.Optional
launched_before_datetimeShow only scans launched before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.'.Optional
show_agsSpecify 1 to show asset group information for each scan in the output. Possible values are: 1.Optional
show_opSpecify 1 to show option profile information for each scan in the output. Possible values are: 1.Optional
show_statusSpecify 0 to not show scan status for each scan in the output. Possible values are: 0.Optional
show_lastSpecify 1 to show only the most recent scan (which meets all other search filters in the request) in the output. Possible values are: 1.Optional
scan_id(Optional) Show only a scan with a certain compliance scan ID.Optional
client_id(Optional) Id assigned to the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request.Optional
client_name(Optional) Name of the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request.Optional
pci_only(Optional) Specify 1 to show only external PCI scans in the XML output. External PCI scans are vulnerability scans run with the option profile "Payment Card Industry (PCI) Options". When pci_only=1 is specified, the XML output will not include other types of scans run with other option profiles. Possible values are: 1.Optional
ignore_target(Optional) Specify 1 to hide target information from the scan list. Specify 0 to display the target information. Possible values are: 1, 0.Optional
limitSpecify a positive numeric value to limit the amount of results in the requested list.Optional

Context Output#

PathTypeDescription
Qualys.SCAP.Scan.IDunknownScan ID.
Qualys.SCAP.Scan.ReferenceunknownScan ref.
Qualys.SCAP.Scan.REFunknownScan REF.
Qualys.SCAP.Scan.TypeunknownScan type.
Qualys.SCAP.Scan.TitleunknownScan title.
Qualys.SCAP.Scan.LaunchDatetimeunknownDate and time the scan launched.
Qualys.SCAP.Scan.DurationunknownScan Duration.
Qualys.SCAP.Scan.ProcessingPriorityunknownScan Processing Priority.
Qualys.SCAP.Scan.ProcessedunknownScan Processed.
Qualys.SCAP.Scan.Status.StateunknownScan status state.
Qualys.SCAP.Scan.Status.SubStateunknownScan status sub state.
Qualys.SCAP.Scan.ScheduleunknownScan Schedule.
Qualys.SCAP.Scan.TargetunknownScan Target.
Qualys.SCAP.Scan.AssetGroupTitleunknownTarget Asset Group Title.
Qualys.SCAP.Scan.DeafualtFlagunknownScan Default Flag.
Qualys.SCAP.Scan.UserLoginunknownThe user that created the scan.

Command Example#

!qualys-scap-scan-list action=list

Human Readable Output#

qualys-pc-scan-list#


Get a list of compliance scans in your account.

Base Command#

qualys-pc-scan-list

Input#

Argument NameDescriptionRequired
scan_idScan id.Optional
scan_refScan reference.Optional
stateShow only one or more scan states.Optional
processedSpecify 0 to show only scans that are not processed. Specify 1 to show only scans that have been processed. Possible values are: 0, 1.Optional
typeShow only a certain scan type.Optional
targetShow only one or more target IP addresses.Optional
user_loginShow only a certain user login.Optional
launched_after_datetimeShow only scans launched after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.'.Optional
launched_before_datetimeShow only scans launched before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.'.Optional
show_agsSpecify 1 to show asset group information for each scan in the output. Possible values are: 1.Optional
show_opSpecify 1 to show option profile information for each scan in the output. Possible values are: 1.Optional
show_statusSpecify 0 to not show scan status for each scan in the output. Possible values are: 0.Optional
show_lastSpecify 1 to show only the most recent scan (which meets all other search filters in the request) in the output. Possible values are: 1.Optional
pci_onlySpecify 1 to show only external PCI scans in the XML output. External PCI scans are vulnerability scans run with the option profile "Payment Card Industry (PCI) Options". When pci_only=1 is specified, the XML output will not include other types of scans run with other option profiles. Possible values are: 1, 0.Optional
ignore_targetSpecify 1 to hide target information from the scan list. Specify 0 to display the target information. Possible values are: 1, 0.Optional
client_id(Optional) Id assigned to the client (Consultant type subscriptions).Optional
client_name(Optional) Name of the client (Consultant type subscriptions). Note, The client_id and client_name parameters are mutually exclusive and cannot be specified together in the same request.Optional
limitSpecify a positive numeric value to limit the amount of results in the requested list.Optional

Context Output#

PathTypeDescription
Qualys.Scan.REFunknownScan REF.
Qualys.Scan.TYPEunknownScan type.
Qualys.Scan.TITLEunknownScan title.
Qualys.Scan.LAUNCH_DATETIMEunknownDate and time the scan launched.
Qualys.Scan.DURATIONunknownScan Duration.
Qualys.Scan.PROCESSING_PRIORITYunknownScan Processing Priority.
Qualys.Scan.PROCESSEDunknownScan Processed.
Qualys.Scan.STATUS.STATEunknownScan status state.
Qualys.Scan.STATUS.SUB_STATEunknownScan status sub state.
Qualys.Scan.SCHEDULEunknownScan Schedule.
Qualys.Scan.TARGETunknownScan Target.
Qualys.Scan.ASSET_GROUP_TITLEunknownTarget Asset Group Title.
Qualys.Scan.DEFAULT_FLAGunknownScan Default Flag.
Qualys.Scan.USER_LOGINunknownThe user that created the scan.

Command Example#

!qualys-pc-scan-list scan_ref=compliance/1619018638.71779 processed=1 state=Finished

Human Readable Output#

No items found

qualys-schedule-scan-list#


Shows schedule scans

Base Command#

qualys-schedule-scan-list

Input#

Argument NameDescriptionRequired
idThe ID of the scan schedule you want to display.Optional
activeSpecify 1 for active schedules only, or 0 for deactivated schedules only. Possible values are: 0, 1.Optional
show_notifications(Optional) Specify 1 to include the notification settings for each schedule in the XML output.Optional
scan_type(Optional) Launch a scan with a certain type. Possible values are: certview, perimeter.Optional
fqdn(Optional) The target FQDN for a vulnerability scan. You must specify at least one target i.e. IPs, asset groups or FQDNs. Multiple values are comma separated.Optional
show_cloud_details(Optional) Set to 1 to display the cloud details (Provider, Connector, Scan Type and Cloud Target) in the XML output. Otherwise the details are not displayed in the output. The cloud details will show scan type "Cloud Perimeter" for cloud perimeter scans.Optional
client_id(Optional) Id assigned to the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request.Optional
client_name(Optional) Name of the client (Consultant type subscription only). Parameter client_id or client_name may be specified for the same request.Optional
limitSpecify a positive numeric value to limit the amount of results in the requested list.Optional

Context Output#

PathTypeDescription
Qualys.Scan.IDunknownScan ID.
Qualys.Scan.REFunknownScan REF.
Qualys.Scan.TYPEunknownScan type.
Qualys.Scan.TITLEunknownScan title.
Qualys.Scan.LAUNCH_DATETIMEunknownDate and time the scan launched.
Qualys.Scan.DURATIONunknownScan Duration.
Qualys.Scan.PROCESSING_PRIORITYunknownScan Processing Priority.
Qualys.Scan.PROCESSEDunknownScan Processed.
Qualys.Scan.STATUS.STATEunknownScan status state.
Qualys.Scan.STATUS.SUB_STATEunknownScan status sub state.
Qualys.Scan.TARGETunknownScan Target.
Qualys.Scan.ASSET_GROUP_TITLEunknownTarget Asset Group Title.
Qualys.Scan.DEFAULT_FLAGunknownScan Default Flag.
Qualys.Scan.USER_LOGINunknownThe user that created the scan.
Qualys.Scan.ACTIVEunknownScheduled scan active.
Qualys.Scan.USER_ENTERED_IPS.RANGE.STARTunknownIP range requested start.
Qualys.Scan.USER_ENTERED_IPS.RANGE.ENDunknownIP range requested end.
Qualys.Scan.ISCANNER_NAMEunknownIscanner name used in the scan.
Qualys.Scan.SCHEDULE.DAILY.@frequency_daysunknownFrequency of usage of the scan.
Qualys.Scan.SCHEDULE.START_DATE_UTCunknownStart date of the scheduled scan in UTC format.
Qualys.Scan.SCHEDULE.START_HOURunknownStart hour of the scheduled scan.
Qualys.Scan.SCHEDULE.START_MINUTEunknownStart minute of the scheduled scan.
Qualys.Scan.SCHEDULE.TIME_ZONE.TIME_ZONE_CODEunknownTime zone code of the time for the scheduled scan.
Qualys.Scan.SCHEDULE.TIME_ZONE.TIME_ZONE_DETAILSunknownTime zone details of the time for the scheduled scan.
Qualys.Scan.OPTION_PROFILE.DEFAULT_FLAGunknownDefault flag of the option profile.
Qualys.Scan.OPTION_PROFILE.TITLEunknownTitle of the option profile.
Qualys.Scan.EC2_INSTANCE.CONNECTOR_UUIDunknownConnector UUID of EC2 instance.
Qualys.Scan.EC2_INSTANCE.EC2_ENDPOINTunknownEndpoint of EC2 instance.
Qualys.Scan.EC2_INSTANCE.EC2_ONLY_CLASSICunknownEC2 only classic.

Command Example#

!qualys-schedule-scan-list active=0 id=130694

Context Example#

{
"Qualys": {
"Scan": {
"ACTIVE": "0",
"ID": "130694",
"ISCANNER_NAME": "External Scanner",
"OPTION_PROFILE": {
"DEFAULT_FLAG": "1",
"TITLE": "Initial Options"
},
"PROCESSING_PRIORITY": "0 - No Priority",
"SCHEDULE": {
"DAILY": {
"@frequency_days": "1"
},
"DST_SELECTED": "0",
"START_DATE_UTC": "2017-06-07T22:00:00Z",
"START_HOUR": "0",
"START_MINUTE": "0",
"TIME_ZONE": {
"TIME_ZONE_CODE": "BG",
"TIME_ZONE_DETAILS": "(GMT+0200) Bulgaria: Europe/Sofia"
}
},
"TARGET": "23.96.25.100",
"TITLE": "MyScan01",
"USER_ENTERED_IPS": {
"RANGE": {
"END": "23.96.25.100",
"START": "23.96.25.100"
}
},
"USER_LOGIN": "demst2nr"
}
}
}

Human Readable Output#

Schedule Scan List#

ACTIVEIDISCANNER_NAMEOPTION_PROFILEPROCESSING_PRIORITYSCHEDULETARGETTITLEUSER_ENTERED_IPSUSER_LOGIN
0130694External ScannerTITLE: Initial Options
DEFAULT_FLAG: 1
0 - No PriorityDAILY: {"@frequency_days": "1"}
START_DATE_UTC: 2017-06-07T22:00:00Z
START_HOUR: 0
START_MINUTE: 0
TIME_ZONE: {"TIME_ZONE_CODE": "BG", "TIME_ZONE_DETAILS": "(GMT+0200) Bulgaria: Europe/Sofia"}
DST_SELECTED: 0
23.96.25.100MyScan01RANGE: {"START": "23.96.25.100", "END": "23.96.25.100"}demst2nr

qualys-host-list#


View a list of scanned hosts in the user account.

Base Command#

qualys-host-list

Input#

Argument NameDescriptionRequired
os_patternShow only hosts which have an operating system matching a certain regular expression. An empty value cannot be specified. Use β€œ%5E%24” to match empty string.Optional
truncation_limitSpecify the maximum number of host records processed per request. When not specified, the truncation limit is set to 1000 host records. You may specify a value less than the default (1-999) or greater than the default (1001-1000000).Optional
ipsShow only certain IP addresses/ranges. One or more IPs/ranges may be specified. Multiple entries are comma separated. An IP range is specified with a hyphen (for example, 10.10.10.1-10.10.10.100).Optional
ag_titlesShow only hosts belonging to asset groups with certain strings in the asset group title. One or more asset group titles may be specified. Multiple entries are comma separated (for example, My+First+Asset+Group,Another+Asset+Group).Optional
idsShow only certain host IDs/ranges. One or more host IDs/ranges may be specified. Multiple entries are comma separated. A host ID range is specified with a hyphen (for example, 190-400).Valid host IDs are required.Optional
network_ids(Optional, and valid only when the Network Support feature is enabled for the user’s account) Restrict the request to certain custom network IDs. Multiple network IDs are comma separated.Optional
no_vm_scan_sinceShow hosts not scanned since a certain date and time (optional). use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week. Permissions: An Auditor cannot specify this parameter.Optional
vm_scan_sinceShow hosts that were last scanned for vulnerabilities since a certain date and time (optional). Hosts that were the target of a vulnerability scan since the date/time will be shown. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week. Permissions: An Auditor cannot specify this parameter.Optional
no_compliance_scan_since(Optional) Show compliance hosts not scanned since a certain date and time (optional). This parameter is invalid for an Express Lite user. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.Optional
use_tagsSpecify 0 (the default) if you want to select hosts based on IP addresses/ranges and/or asset groups. Specify 1 if you want to select hosts based on asset tags. Possible values are: 0, 1.Optional
tag_set_by(Optional when use_tags=1) Specify β€œid” (the default) to select a tag set by providing tag IDs. Specify β€œname” to select a tag set by providing tag names. Possible values are: id, name.Optional
tag_include_selector(Optional when use_tags=1) Select β€œany” (the default) to include hosts that match at least one of the selected tags. Select β€œall” to include hosts that match all of the selected tags. Possible values are: any, all.Optional
tag_exclude_selector(Optional when use_tags=1) Select β€œany” (the default) to exclude hosts that match at least one of the selected tags. Select β€œall” to exclude hosts that match all of the selected tags. Possible values are: any, all.Optional
tag_set_include(Optional when use_tags=1) Specify a tag set to include. Hosts that match these tags will be included. You identify the tag set by providing tag names or IDs. Multiple entries are comma separated.Optional
tag_set_exclude(Optional when use_tags=1) Specify a tag set to exclude. Hosts that match these tags will be excluded. You identify the tag set by providing tag names or IDs. Multiple entries are comma separated.Optional
show_tags(Optional) Specify 1 to display asset tags associated with each host in the XML output. Possible values are: 0, 1.Optional
host_metadataSpecify the name of the cloud provider to show the assets managed by the cloud provider. Valid values: ec2, google, azure.Optional
host_metadata_fields(Optional when host_metadata is specified) Specify metadata fields to only return data for certain attributes.Optional
show_cloud_tags(Optional) Specify 1 to display cloud provider tags for each scanned host asset in the output. The default value of the parameter is set to 0. When set to 0, we will not show the cloud provider tags for the scanned assets. Possible values are: 0, 1.Optional
cloud_tag_fields(Optional when show_cloud_tags is specified) Specify cloud tags or cloud tag and name combinations to only return information for specified cloud tags. A cloud tag name and value combination is specified with a colon (for example:SomeTag6:AY_ec2). For each cloud tag, we show the cloud tag’s name, its value, and last success date (the tag last success date/time, fetched from instance). If this parameter is not specified and "show_cloud_tags" is set to 1, we will show all the cloud provider tags for the assets.Optional
limitSpecify a positive numeric value to limit the amount of results in the requested list.Optional
details(Optional) Show the requested amount of host information for each host. A valid value is: Basic, Basic/AGs, All, All/AGs, or None.Optional

Context Output#

PathTypeDescription
Qualys.Endpoint.IDunknownEndpoint ID.
Qualys.Endpoint.IPunknownIP.
Qualys.Endpoint.CLOUD_PROVIDERunknownHost's cloud provider.
Qualys.Endpoint.DNSunknownDNS.
Qualys.Endpoint.EC2_INSTANCE_IDunknownEC2 instance ID.
Qualys.Endpoint.QG_HOSTIDunknownQG host ID.
Qualys.Endpoint.CLOUD_SERVICEunknownCloud service of the endpoint.
Qualys.Endpoint.TRACKING_METHODunknownTracking method of the endpoint.
Qualys.Endpoint.CLOUD_RESOURCE_IDunknownCloud resource ID of the endpoint.
Qualys.Endpoint.DNS_DATA.DOMAINunknownDomain of the endpoint.
Qualys.Endpoint.DNS_DATA.HOSTNAMEunknownHost name of the endpoint.
Qualys.Endpoint.NETBIOSunknownNETBIOS.
Qualys.Endpoint.OSunknownEndpoint operating system.

Command Example#

!qualys-host-list show_tags=1 vm_scan_since=2021-04-01

Context Example#

{
"Qualys": {
"Endpoint": [
{
"DNS": "one.one.one.one",
"DNS_DATA": {
"DOMAIN": "one.one.one",
"FQDN": "one.one.one.one",
"HOSTNAME": "one"
},
"ID": "143444841",
"IP": "1.1.1.1",
"OS": "Linux 3.13",
"TAGS": {
"TAG": {
"NAME": "Internet Facing Assets",
"TAG_ID": "31029217"
}
},
"TRACKING_METHOD": "IP"
},
{
"ID": "299167859",
"IP": "1.1.1.1",
"OS": "Linux 2.x",
"TAGS": {
"TAG": {
"NAME": "Internet Facing Assets",
"TAG_ID": "31029217"
}
},
"TRACKING_METHOD": "IP"
}
]
}
}

Human Readable Output#

Host List#

DNSDNS_DATAIDIPOSTAGSTRACKING_METHOD
one.one.one.oneHOSTNAME: one
DOMAIN: one.one.one
FQDN: one.one.one.one
1434448411.1.1.1Linux 3.13TAG: {"TAG_ID": "31029217", "NAME": "Internet Facing Assets"}IP
2991678591.1.1.1Linux 2.xTAG: {"TAG_ID": "31029217", "NAME": "Internet Facing Assets"}IP

qualys-virtual-host-list#


View a list of virtual hosts in the user account.

Base Command#

qualys-virtual-host-list

Input#

Argument NameDescriptionRequired
ipShow only virtual hosts that have a certain IP address.Optional
portShow only virtual hosts that have a certain port.Optional
limitSpecify a positive numeric value to limit the amount of results in the requested list.Optional

Context Output#

PathTypeDescription
Qualys.VirtualEndpoint.IPunknownIP.
Qualys.VirtualEndpoint.PORTunknownPort.
Qualys.VirtualEndpoint.FQDNunknownFully qualified domain name.

Command Example#

!qualys-virtual-host-list ip=1.1.1.1 port=1231

Context Example#

{
"Qualys": {
"VirtualEndpoint": {
"FQDN": "panw.raz.com",
"IP": "1.1.1.1",
"PORT": "1231"
}
}
}

Human Readable Output#

Virtual Host List#

FQDNIPPORT
panw.raz.com1.1.1.11231

qualys-virtual-host-manage#


View a list of virtual hosts in the user account.

Base Command#

qualys-virtual-host-manage

Input#

Argument NameDescriptionRequired
actionVirtual host action to perform. Possible values are: create, update, delete, add_fqdn, delete_fqdn.Required
ipAn IP address for the virtual host configuration.Required
portA port number for the virtual host configuration.Required
network_idNetwork support must be enabled to specify the network_id. If network support is enabled and you do not provide a network_id, then the Default Global Network is considered. You can specify only one network_id.Optional
fqdn(Required for all actions except β€œdelete”. Invalid for β€œdelete”.) One or more fully-qualified domain names (FQDNs) for the virtual host configuration. Multiple entries are comma separated.Optional

Context Output#

PathTypeDescription
Qualys.VirtualEndpoint.DATETIMEunknownDate and time of the executed manage action.
Qualys.VirtualEndpoint.TEXTunknownResult message of the executed action.

Command Example#

!qualys-virtual-host-manage action=create ip=1.1.1.1 port=1291 fqdn=qualys-test.com

Context Example#

{
"Qualys": {
"VirtualEndpoint": {
"DATETIME": "2021-05-30T08:48:03Z",
"TEXT": "Virtual host successfully created."
}
}
}

Human Readable Output#

DATETIMETEXT
2021-05-30T08:48:03ZVirtual host successfully created.

qualys-host-excluded-list#


Show the excluded host list for the user's account. Hosts in your excluded host list will not be scanned.

Base Command#

qualys-host-excluded-list

Input#

Argument NameDescriptionRequired
ipsGet list of excluded hosts or addresses range.Optional
network_id(Optional, and valid only when the Network Support feature is enabled for the user’s account) Restrict the request to a certain custom network ID.Optional
ag_ids(Optional) Show excluded hosts belonging to asset groups with certain IDs. One or more asset group IDs and/or ranges may be specified. Multiple entries are comma separated. A range is specified with a dash (for example, 386941-386945). Valid asset group IDs are required.Optional
ag_titles(Optional) Show excluded hosts belonging to asset groups with certain strings in the asset group title. One or more asset group titles may be specified. Multiple entries are comma separated (for example, My+First+Asset+Group,Another+Asset+Group).Optional
use_tags(Optional) Specify 0 (the default) if you want to select hosts based on IP addresses/ranges and/or asset groups. Specify 1 if you want to select hosts based on asset tags. Possible values are: 0, 1.Optional
tag_include_selector(Optional when use_tags=1) Specify "any" (the default) to include excluded hosts that match at least one of the selected tags. Specify "all" to include excluded hosts that match all of the selected tags. Possible values are: any, all.Optional
tag_exclude_selector(Optional when use_tags=1) Specify "any" (the default) to ignore excluded hosts that match at least one of the selected tags. Specify "all" to ignore excluded hosts that match all of the selected tags. Possible values are: any, all.Optional
tag_set_by(Optional when use_tags=1) Specify "id" (the default) to select a tag set by providing tag IDs. Specify "name" to select a tag set by providing tag names. Possible values are: id, name.Optional
tag_set_include(Optional when use_tags=1) Specify a tag set to include. Excluded hosts that match these tags will be included. You identify the tag set by providing tag names or IDs. Multiple entries are comma separated.Optional
tag_set_exclude(Optional when use_tags=1) Specify a tag set to exclude. Excluded hosts that match these tags will be ignored. You identify the tag set by providing tag names or IDs. Multiple entries are comma separated.Optional
limitSpecify a positive numeric value to limit the amount of results in the requested list.Optional

Context Output#

PathTypeDescription
Qualys.Excluded.Host.AddressunknownIP Address.
Qualys.Excluded.Host.Address.#textunknownIP of excluded host with expiration date.
Qualys.Excluded.Host.Address.@expiration_dateunknownExpiration date of excluded host address.
Qualys.Excluded.Host.Range.#textunknownRange of excluded hosts with expiration date.
Qualys.Excluded.Host.Range.@expiration_dateunknownExpiration date of excluded hosts ranges.
Qualys.Excluded.Host.RangeunknownRange of IP addresses.

Command Example#

!qualys-host-excluded-list ips=1.1.1.1

Context Example#

{
"Qualys": {
"Excluded": {
"Host": {
"Address": {
"#text": "1.1.1.1",
"@expiration_date": "2021-06-01T00:00:00Z"
}
}
}
}
}

Human Readable Output#

ip
@expiration_date
#text

qualys-scheduled-report-list#


Get list of scheduled reports

Base Command#

qualys-scheduled-report-list

Input#

Argument NameDescriptionRequired
idScheduled report ID.Optional
is_activeSelect is_active=1 for active or is_active=0 for inactive scheduled reports to view. Possible values are: 1, 0.Optional
limitSpecify a positive numeric value to limit the amount of results in the requested list.Optional

Context Output#

PathTypeDescription
Qualys.Report.IDStringReport ID.
Qualys.Report.TITLEunknownReport title.
Qualys.Report.TYPEunknownReport type.
Qualys.Report.LAUNCH_DATETIMEunknownDate and time the report launched.
Qualys.Report.OUTPUT_FORMATunknownReport output format.
Qualys.Report.SIZEunknownReport size.
Qualys.Report.STATUS.STATEunknownReport state status.
Qualys.Report.STATUS.MESSAGEunknownReport status message.
Qualys.Report.STATUS.PERCENTunknownReport status percent.
Qualys.Report.EXPIRATION_DATETIMEunknownReport expiration datetime.
Qualys.Report.ACTIVEunknownReport active.
Qualys.Report.TEMPLATE_TITLEunknownTitle of the template.
Qualys.Report.SCHEDULE.START_DATE_UTCunknownStart date of the scheduled report in UTC format.
Qualys.Report.SCHEDULE.START_HOURunknownStart hour of the scheduled report.
Qualys.Report.SCHEDULE.START_MINUTEunknownStart minute of the scheduled report.
Qualys.Report.SCHEDULE.DAILY.@frequency_daysunknownFrequency of the scheduled report.
Qualys.Report.SCHEDULE.TIME_ZONE.TIME_ZONE_CODEunknownTimezone of the scheduled report.
Qualys.Report.SCHEDULE.TIME_ZONE.TIME_ZONE_DETAILSunknownTimezone details of the scheduled report.

Command Example#

!qualys-scheduled-report-list id=8084468 is_active=1

Context Example#

{
"Qualys": {
"Report": {
"ACTIVE": "1",
"ID": "8084468",
"OUTPUT_FORMAT": "PDF",
"SCHEDULE": {
"DAILY": {
"@frequency_days": "1"
},
"DST_SELECTED": "0",
"START_DATE_UTC": "2021-03-15T09:49:00Z",
"START_HOUR": "11",
"START_MINUTE": "49",
"TIME_ZONE": {
"TIME_ZONE_CODE": "IL",
"TIME_ZONE_DETAILS": "(GMT +02:00) Israel"
}
},
"TEMPLATE_TITLE": "Executive Report",
"TITLE": "Test - 20210315"
}
}
}

Human Readable Output#

Scheduled Report List#

ACTIVEIDOUTPUT_FORMATSCHEDULETEMPLATE_TITLETITLE
18084468PDFDAILY: {"@frequency_days": "1"}
START_DATE_UTC: 2021-03-15T09:49:00Z
START_HOUR: 11
START_MINUTE: 49
TIME_ZONE: {"TIME_ZONE_CODE": "IL", "TIME_ZONE_DETAILS": "(GMT +02:00) Israel"}
DST_SELECTED: 0
Executive ReportTest - 20210315

qualys-report-template-list#


get list of report template for user

Base Command#

qualys-report-template-list

Input#

Argument NameDescriptionRequired
limitSpecify a positive numeric value to limit the amount of results in the requested list.Optional

Context Output#

PathTypeDescription
Qualys.ReportTemplate.IDunknownReport template ID.
Qualys.ReportTemplate.TYPEunknownReport type.
Qualys.ReportTemplate.TITLEunknownReport template title.
Qualys.ReportTemplate.LAST_UPDATEunknownLast update time.
Qualys.ReportTemplate.GLOBALunknownReport template global.
Qualys.ReportTemplate.DEFAULTunknownReport template default.
Qualys.ReportTemplate.USER.LOGINunknownLast updated user login.
Qualys.ReportTemplate.USER.FIRSTNAMEunknownLast updated user login first name.
Qualys.ReportTemplate.USER.LASTNAMEunknownLast updated user login last name.
Qualys.ReportTemplate.TEMPLATE_TYPEunknownType of report template.

Command Example#

!qualys-report-template-list

Context Example#

{
"Qualys": {
"ReportTemplate": [
{
"GLOBAL": "1",
"ID": "2385938",
"LAST_UPDATE": "2021-04-08T09:50:45Z",
"TEMPLATE_TYPE": "Map",
"TITLE": "maptemptest",
"TYPE": "Manual",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "0",
"ID": "2383157",
"LAST_UPDATE": "2021-03-15T10:19:46Z",
"TEMPLATE_TYPE": "Scan",
"TITLE": "Remediated Vulnerabilities Last 30 Days v.1",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "0",
"ID": "2383160",
"LAST_UPDATE": "2021-03-15T10:38:09Z",
"TEMPLATE_TYPE": "Scan",
"TITLE": "Assets at risk of Malware v.1",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "1",
"ID": "2339987",
"LAST_UPDATE": "2020-04-07T06:14:41Z",
"TEMPLATE_TYPE": "Scan",
"TITLE": "Patchable High-priority Vulnerabilities v.1 - (1)",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "1",
"ID": "1977713",
"LAST_UPDATE": "2018-05-08T14:18:50Z",
"TEMPLATE_TYPE": "Scan",
"TITLE": "Virtually Patchable Assets v.1",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "1",
"ID": "1977717",
"LAST_UPDATE": "2018-05-08T14:22:47Z",
"TEMPLATE_TYPE": "Scan",
"TITLE": "Virtually Patchable Assets v.2",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "1",
"ID": "1977716",
"LAST_UPDATE": "2018-05-08T14:20:29Z",
"TEMPLATE_TYPE": "Scan",
"TITLE": "Assets with Obsolete Software v.1",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "1",
"ID": "1977714",
"LAST_UPDATE": "2018-05-08T14:19:31Z",
"TEMPLATE_TYPE": "Scan",
"TITLE": "Patchable High-priority Vulnerabilities v.1",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "1",
"ID": "1528875",
"LAST_UPDATE": "2017-06-07T20:34:57Z",
"TEMPLATE_TYPE": "Patch",
"TITLE": "Qualys Patch Report",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "1",
"ID": "1528873",
"LAST_UPDATE": "2017-06-07T20:34:57Z",
"TEMPLATE_TYPE": "Scan",
"TITLE": "Executive Report",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "1",
"ID": "1528874",
"LAST_UPDATE": "2017-06-07T20:34:57Z",
"TEMPLATE_TYPE": "Scan",
"TITLE": "Technical Report",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "1",
"ID": "1528876",
"LAST_UPDATE": "2017-06-07T20:34:57Z",
"TEMPLATE_TYPE": "Scan",
"TITLE": "High Severity Report",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "1",
"ID": "1528877",
"LAST_UPDATE": "2017-06-07T20:34:57Z",
"TEMPLATE_TYPE": "Compliance",
"TITLE": "2008 SANS Top 20 Report",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "System",
"LASTNAME": "System",
"LOGIN": "System"
}
},
{
"GLOBAL": "1",
"ID": "1528878",
"LAST_UPDATE": "2017-06-07T20:34:57Z",
"TEMPLATE_TYPE": "Compliance",
"TITLE": "Qualys Top 20 Report",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "System",
"LASTNAME": "System",
"LOGIN": "System"
}
},
{
"GLOBAL": "1",
"ID": "1528879",
"LAST_UPDATE": "2017-06-07T20:34:57Z",
"TEMPLATE_TYPE": "Compliance",
"TITLE": "Payment Card Industry (PCI) Technical Report",
"TYPE": "Manual",
"USER": {
"FIRSTNAME": "System",
"LASTNAME": "System",
"LOGIN": "System"
}
},
{
"GLOBAL": "1",
"ID": "1528880",
"LAST_UPDATE": "2017-06-07T20:34:57Z",
"TEMPLATE_TYPE": "Compliance",
"TITLE": "Payment Card Industry (PCI) Executive Report",
"TYPE": "Manual",
"USER": {
"FIRSTNAME": "System",
"LASTNAME": "System",
"LOGIN": "System"
}
},
{
"GLOBAL": "1",
"ID": "1528881",
"LAST_UPDATE": "2017-06-07T20:34:57Z",
"TEMPLATE_TYPE": "Remediation",
"TITLE": "Executive Remediation Report",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "System",
"LASTNAME": "System",
"LOGIN": "System"
}
},
{
"GLOBAL": "1",
"ID": "1528882",
"LAST_UPDATE": "2017-06-07T20:34:57Z",
"TEMPLATE_TYPE": "Remediation",
"TITLE": "Tickets per Vulnerability",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "System",
"LASTNAME": "System",
"LOGIN": "System"
}
},
{
"GLOBAL": "1",
"ID": "1528883",
"LAST_UPDATE": "2017-06-07T20:34:57Z",
"TEMPLATE_TYPE": "Remediation",
"TITLE": "Tickets per User",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "System",
"LASTNAME": "System",
"LOGIN": "System"
}
},
{
"GLOBAL": "1",
"ID": "1528884",
"LAST_UPDATE": "2017-06-07T20:34:57Z",
"TEMPLATE_TYPE": "Remediation",
"TITLE": "Tickets per Asset Group",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "System",
"LASTNAME": "System",
"LOGIN": "System"
}
},
{
"GLOBAL": "1",
"ID": "1528886",
"LAST_UPDATE": "2017-06-07T20:35:05Z",
"TEMPLATE_TYPE": "Policy",
"TITLE": "Policy Report Template",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "1",
"ID": "1528888",
"LAST_UPDATE": "2017-06-07T20:34:58Z",
"TEMPLATE_TYPE": "Map",
"TITLE": "Unknown Device Report",
"TYPE": "Manual",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
},
{
"GLOBAL": "1",
"ID": "2389895",
"LAST_UPDATE": "2021-05-07T15:28:52Z",
"TEMPLATE_TYPE": "Patch",
"TITLE": "Critical Patches Required v.1",
"TYPE": "Auto",
"USER": {
"FIRSTNAME": "Neelima",
"LASTNAME": "Rustagi",
"LOGIN": "demst2nr"
}
}
]
}
}

Human Readable Output#

Template Report List#

GLOBALIDLAST_UPDATETEMPLATE_TYPETITLETYPEUSER
123859382021-04-08T09:50:45ZMapmaptemptestManualLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
023831572021-03-15T10:19:46ZScanRemediated Vulnerabilities Last 30 Days v.1AutoLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
023831602021-03-15T10:38:09ZScanAssets at risk of Malware v.1AutoLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
123399872020-04-07T06:14:41ZScanPatchable High-priority Vulnerabilities v.1 - (1)AutoLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
119777132018-05-08T14:18:50ZScanVirtually Patchable Assets v.1AutoLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
119777172018-05-08T14:22:47ZScanVirtually Patchable Assets v.2AutoLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
119777162018-05-08T14:20:29ZScanAssets with Obsolete Software v.1AutoLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
119777142018-05-08T14:19:31ZScanPatchable High-priority Vulnerabilities v.1AutoLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
115288752017-06-07T20:34:57ZPatchQualys Patch ReportAutoLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
115288732017-06-07T20:34:57ZScanExecutive ReportAutoLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
115288742017-06-07T20:34:57ZScanTechnical ReportAutoLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
115288762017-06-07T20:34:57ZScanHigh Severity ReportAutoLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
115288772017-06-07T20:34:57ZCompliance2008 SANS Top 20 ReportAutoLOGIN: System
FIRSTNAME: System
LASTNAME: System
115288782017-06-07T20:34:57ZComplianceQualys Top 20 ReportAutoLOGIN: System
FIRSTNAME: System
LASTNAME: System
115288792017-06-07T20:34:57ZCompliancePayment Card Industry (PCI) Technical ReportManualLOGIN: System
FIRSTNAME: System
LASTNAME: System
115288802017-06-07T20:34:57ZCompliancePayment Card Industry (PCI) Executive ReportManualLOGIN: System
FIRSTNAME: System
LASTNAME: System
115288812017-06-07T20:34:57ZRemediationExecutive Remediation ReportAutoLOGIN: System
FIRSTNAME: System
LASTNAME: System
115288822017-06-07T20:34:57ZRemediationTickets per VulnerabilityAutoLOGIN: System
FIRSTNAME: System
LASTNAME: System
115288832017-06-07T20:34:57ZRemediationTickets per UserAutoLOGIN: System
FIRSTNAME: System
LASTNAME: System
115288842017-06-07T20:34:57ZRemediationTickets per Asset GroupAutoLOGIN: System
FIRSTNAME: System
LASTNAME: System
115288862017-06-07T20:35:05ZPolicyPolicy Report TemplateAutoLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
115288882017-06-07T20:34:58ZMapUnknown Device ReportManualLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi
123898952021-05-07T15:28:52ZPatchCritical Patches Required v.1AutoLOGIN: demst2nr
FIRSTNAME: Neelima
LASTNAME: Rustagi

qualys-vulnerability-list#


download a list of vulnerabilities from Qualys’ KnowledgeBase

Base Command#

qualys-vulnerability-list

Input#

Argument NameDescriptionRequired
detailsShow the requested amount of information for each vulnerability in the XML output. A valid value is: Basic (default), All, or None. Basic includes basic elements plus CVSS Base and Temporal scores. All includes all vulnerability details, including the Basic details. Possible values are: Basic, All, None.Optional
idsUsed to filter the XML output to include only vulnerabilities that have QID numbers matching the QID numbers you specify.Optional
id_minUsed to filter the XML output to show only vulnerabilities that have a QID number greater than or equal to a QID number you specify.Optional
id_maxUsed to filter the XML output to show only vulnerabilities that have a QID number less than or equal to a QID number you specify.Optional
is_patchableUsed to filter the XML output to show only vulnerabilities that are patchable or not patchable. A vulnerability is considered patchable when a patch exists for it. When 1 is specified, only vulnerabilities that are patchable will be included in the output. When 0 is specified, only vulnerabilities that are not patchable will be included in the output. When unspecified, patchable and unpatchable vulnerabilities will be included in the output. Possible values are: 0, 1.Optional
last_modified_afterUsed to filter the XML output to show only vulnerabilities last modified after a certain date and time. When specified vulnerabilities last modified by a user or by the service will be shown. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.Optional
last_modified_beforeUsed to filter the XML output to show only vulnerabilities last modified before a certain date and time. When specified vulnerabilities last modified by a user or by the service will be shown. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.Optional
last_modified_by_user_afterUsed to filter the XML output to show only vulnerabilities last modified by a user after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.Optional
last_modified_by_user_beforeUsed to filter the XML output to show only vulnerabilities last modified by a user before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.Optional
last_modified_by_service_afterUsed to filter the XML output to show only vulnerabilities last modified by the service after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.Optional
last_modified_by_service_beforeUsed to filter the XML output to show only vulnerabilities last modified by the service before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.Optional
published_afterUsed to filter the XML output to show only vulnerabilities published after a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.Optional
published_beforeUsed to filter the XML output to show only vulnerabilities published before a certain date and time. use YYYY-MM-DD[THH:MM:SSZ] like β€œ2007-07-01” or β€œ2007-01-25T23:12:00Z” or today, yesterday, 24hr ago, 3 days ago, last week.Optional
discovery_method(Optional) Used to filter the XML output to show only vulnerabilities assigned a certain discovery method. A valid value is: Remote, Authenticated, RemoteOnly, AuthenticatedOnly, or RemoteAndAuthenticated. Possible values are: Remote, Authenticated, RemoteOnly, AuthenticatedOnly, RemoteAndAuthenticated.Optional
discovery_auth_typesUsed to filter the XML output to show only vulnerabilities having one or more authentication types. A valid value is: Windows, Oracle, Unix or SNMP. Multiple values are entered as a comma-separated list.Optional
show_pci_reasonsUsed to filter the XML output to show reasons for passing or failing PCI compliance (when the CVSS Scoring feature is turned on in the user’s subscription). Specify 1 to view the reasons in the XML output. When unspecified, the reasons are not included in the XML output. Possible values are: 0, 1.Optional
show_supported_modules_infoUsed to filter the XML output to show Qualys modules that can be used to detect each vulnerability. Specify 1 to view supported modules in the XML output. When unspecified, supported modules are not included in the XML output. Possible values are: 0, 1.Optional
show_disabled_flagSpecify 1 to include the disabled flag for each vulnerability in the XML output. Possible values are: 0, 1.Optional
show_qid_change_logSpecify 1 to include QID changes for each vulnerability in the XML output. Possible values are: 0, 1.Optional
limitSpecify a positive numeric value to limit the amount of results in the requested list.Optional

Context Output#

PathTypeDescription
Qualys.Vulnerability.List.QIDunknownVulnerability QID.
Qualys.Vulnerability.List.PATCHABLEunknownIs Vulnerability patchable.
Qualys.Vulnerability.List.SEVERITY_LEVELunknownSeverity level of the Vulnerability.
Qualys.Vulnerability.List.CONSEQUENCEunknownConsequence of the Vulnerability.
Qualys.Vulnerability.List.VENDOR_REFERENCE_LIST.VENDOR_REFERENCE.IDunknownID of the vendor.
Qualys.Vulnerability.List.VENDOR_REFERENCE_LIST.VENDOR_REFERENCE.URLunknownURL of the vendor.
Qualys.Vulnerability.List.LAST_SERVICE_MODIFICATION_DATETIMEunknownDate of the last service modification.
Qualys.Vulnerability.List.CVE_LIST.CVE.IDunknownCVE ID.
Qualys.Vulnerability.List.CVE_LIST.CVE.URLunknownCVE URL.
Qualys.Vulnerability.List.PUBLISHED_DATETIMEunknownPublished date.
Qualys.Vulnerability.List.DISCOVERY.ADDITIONAL_INFOunknownAdditional info.
Qualys.Vulnerability.List.DISCOVERY.AUTH_TYPE_LIST.AUTH_TYPEunknownDiscovery Authentication type.
Qualys.Vulnerability.List.DISCOVERY.REMOTEunknownIs discovery remote.
Qualys.Vulnerability.List.DIAGNOSISunknownDiagnosis of vulnerability.
Qualys.Vulnerability.List.PCI_FLAGunknownPCI flag.
Qualys.Vulnerability.List.SOFTWARE_LIST.SOFTWARE.PRODUCTunknownProduct name.
Qualys.Vulnerability.List.SOFTWARE_LIST.SOFTWARE.VENDORunknownVendor of the product.
Qualys.Vulnerability.List.VULN_TYPEunknownType of the vulnerability.
Qualys.Vulnerability.List.TITLEunknownTitle of the vulnerability.
Qualys.Vulnerability.List.SOLUTIONunknownSolution for the vulnerability.
Qualys.Vulnerability.List.CATEGORYunknownCategory of the vulnerability.

Command Example#

!qualys-vulnerability-list published_after=2021-04-01 published_before=2021-04-20 details=Basic is_patchable=1

Context Example#

{
"File": {
"EntryID": "1457@ad70a33b-26a4-4a3c-8013-24494880c3ee",
"Info": "text/html",
"MD5": "fcc96f72a8ec05bad85f76b84b660548",
"Name": "Result file",
"SHA1": "c7511da62209ea195fb3e4c57e472ed8f47576bc",
"SHA256": "3551eb3fea9fd881dc5827bb53040f11aedaa1515045bbf5ab7b648e6fc380b7",
"SHA512": "480085d65387a950e9a60d017ced084290c1bc2f783dad758e986e15b04c5edd6c1ff622f6632875a7ad54f7105bcbb4eb05f3878995ad27c797eb41c4b27afe",
"SSDeep": "3072:UtD4/FegMJuPyfrDK2fkQqGp+Zr2QNim101s6cZj+5BnF/WkWFdG5LB3Zag357OB:u/5LsTMc4/U5",
"Size": 713309,
"Type": "HTML document text, ASCII text, with very long lines"
},
"Qualys": {
"Vulnerability": {
"List": [
{
"CATEGORY": "CGI",
"CONSEQUENCE": "These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting (XSS) vulnerabilities.<P>",
"CORRELATION": {
"EXPLOITS": {
"EXPLT_SRC": {
"EXPLT_LIST": {
"EXPLT": [
{
"DESC": "jQuery 1.2 - Cross-Site Scripting (XSS) - The Exploit-DB Ref : 49766",
"LINK": "http://www.exploit-db.com/exploits/49766",
"REF": "CVE-2020-11022"
},
{
"DESC": "jQuery 1.0.3 - Cross-Site Scripting (XSS) - The Exploit-DB Ref : 49767",
"LINK": "http://www.exploit-db.com/exploits/49767",
"REF": "CVE-2020-11023"
}
]
},
"SRC_NAME": "The Exploit-DB"
}
}
},
"CVE_LIST": {
"CVE": [
{
"ID": "CVE-2020-11022",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022"
},
{
"ID": "CVE-2020-11023",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023"
}
]
},
"DIAGNOSIS": "Jira is a proprietary issue tracking product, developed by Atlassian. It provides bug tracking, issue tracking, and project management functions.<P>\n\nAffected version:<br/>\nAtlassian Jira before version 8.15.0<P>\n\nQID Detection Logic:(Unauthenticated)<br/>\nIt checks for vulnerable version of Atlassian Jira.<P>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available, Exploit Available",
"REMOTE": "1"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:29Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-01T13:01:29Z",
"QID": "10083",
"SEVERITY_LEVEL": "2",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "jira",
"VENDOR": "atlassian"
}
},
"SOLUTION": "Customers are advised to refer to <A HREF=\"https://jira.atlassian.com/browse/JRASERVER-72052\" TARGET=\"_blank\">JRASERVER-72052</A> for updates pertaining to this vulnerability.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://jira.atlassian.com/browse/JRASERVER-72052\" TARGET=\"_blank\">JRASERVER-72052</A>",
"TITLE": "Atlassian Jira Cross-Site Scripting Vulnerability(JRASERVER-72052)",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "JRASERVER-72052",
"URL": "https://jira.atlassian.com/browse/JRASERVER-72052"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "CGI",
"CONSEQUENCE": "Allow a remote attacker to inject arbitrary Javascript into the context of the application.<P>",
"DIAGNOSIS": "Confluence is team collaboration software written in Java.<P>\n\nAffected Versions:<br/>\nAtlassian Confluence before version 7.4.8<P>\n\nQID Detection Logic:<br/>\nThis unauthenticated QID detects vulnerable Atlassian Confluence versions by making GET request to login.action page and parsing information exposed in ajs-version-number or footer-build-information HTML entities.<P>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"REMOTE": "1"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:29Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-01T13:01:29Z",
"QID": "10501",
"SEVERITY_LEVEL": "2",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "confluence",
"VENDOR": "atlassian"
}
},
"SOLUTION": "Customers are advised to refer to upgrade to <A HREF=\"https://www.atlassian.com/software/confluence/download\" TARGET=\"_blank\">Atlassian Confluence 7.8.0, 6.13.20, 7.4.8</A> or later versions to remediate this vulnerability.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://jira.atlassian.com/browse/CONFSERVER-61622\" TARGET=\"_blank\">CONFSERVER-61622</A>",
"TITLE": "Atlassian Confluence Cross-Site Scripting Vulnerability (CONFSERVER-61622)",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "CONFSERVER-61622",
"URL": "https://jira.atlassian.com/browse/CONFSERVER-61622"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"BUGTRAQ_LIST": {
"BUGTRAQ": {
"ID": "95386",
"URL": "http://www.securityfocus.com/bid/95386"
}
},
"CATEGORY": "CGI",
"CONSEQUENCE": "An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file.",
"CVE_LIST": {
"CVE": {
"ID": "CVE-2019-7932",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7932"
}
},
"DIAGNOSIS": "Magento is PHP based e-commerce platform.<br/>\nMagento Commerce has a remote code execution vulnerability<P>\n\nAffected Versions:<br/>\nMagento Commerce prior to 1.14.4.2<br/>\nMagento 2.1 prior to 2.1.18<br/>\nMagento 2.2 prior to 2.2.9<br/>\nMagento 2.3 prior to 2.3.2<P>\n\nQID Detection Logic:<br/>\nThis QID checks for vulnerable version of Magento on system<P>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"REMOTE": "1"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T14:56:24Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-15T14:56:24Z",
"QID": "13250",
"SEVERITY_LEVEL": "3",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "magento",
"VENDOR": "adobe"
}
},
"SOLUTION": "The vendor has released a fix in <A HREF=\"https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13\" TARGET=\"_blank\">PRODSECBUG-2351</A> to remediate this vulnerability.<br/>\n\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://magento.com/tech-resources/download?_ga=2.48007079.18249196.1609397868-1531796080.1609397868\" TARGET=\"_blank\">Magento</A>",
"TITLE": "Magento Commerce Remote Code Execution Vulnerability",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "CVE-2019-7932",
"URL": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Hardware",
"CONSEQUENCE": "This vulnerability could be exploited to gain access to sensitive information also use this vulnerability to change contents or configuration on the system. Additionally this vulnerability can also be used to cause a denial of service in the form of interruptions in resource availability.",
"CVE_LIST": {
"CVE": [
{
"ID": "CVE-2021-0223",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0223"
},
{
"ID": "CVE-2021-0204",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0204"
}
]
},
"DIAGNOSIS": "Juniper Junos is the network operating system used in Juniper Networks hardware systems.<P>\n\nMultiple local privilege escalation vulnerabilities in Juniper Networks Junos OS have been reported due to the setuid bit being enabled on multiple binaries.<P>\n\nAffected releases are Junos OS:<br/>\nall versions prior to 15.1R7-S9;\n17.3 versions prior to 17.3R3-S11;\n17.4 versions prior to 17.4R2-S12, 17.4R3-S3;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S6;\n18.3 versions prior to 18.3R3-S4;\n18.4 versions prior to 18.4R2-S7, 18.4R3-S6;\n19.1 versions prior to 19.1R2-S2, 19.1R3-S4;\n19.2 versions prior to 19.2R1-S6, 19.2R3-S1;\n19.3 versions prior to 19.3R3-S1;\n19.4 versions prior to 19.4R2-S2, 19.4R3-S1;\n20.1 versions prior to 20.1R1-S4, 20.1R2;\n20.2 versions prior to 20.2R2.\n\n\nQID detection logic: (Authenticated)<br/>\nIt checks for vulnerable Junos OS version.",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Unix"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-01T13:01:30Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-01T13:01:30Z",
"QID": "43823",
"SEVERITY_LEVEL": "3",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "junos",
"VENDOR": "juniper"
}
},
"SOLUTION": "The vendor has released fixes.<br/>\nThe following software releases have been updated to resolve these specific issues:<br/>\n\nJunos OS 15.1R7-S9*, 17.3R3-S11*, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R3-S4, 18.4R2-S7, 18.4R3-S6, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S1, 19.3R3-S1, 19.4R2-S2, 19.4R3-S1, 20.1R1-S4, 20.1R2, 20.2R2, 20.3R1, and all subsequent releases.<br/>\n\n\nFor more information please visit <A HREF=\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11114\" TARGET=\"_blank\">JSA11114</A>.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11114\" TARGET=\"_blank\">JSA11114</A>",
"TITLE": "Juniper Junos Multiple Local Privilege Escalation Vulnerabilities (JSA11114)",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "JSA11114",
"URL": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11114"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Hardware",
"CONSEQUENCE": "Successful exploitation allows unauthorized disclosure information.",
"CVE_LIST": {
"CVE": {
"ID": "CVE-2009-3238",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3238"
}
},
"DIAGNOSIS": "A security vulnerability in certain HPE routers, switches, and office connectivity products that use Linux-based Comware 5 and Comware 7 software could allow remote unauthorized disclosure of information.<P>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Unix"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:50Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",
"QID": "43824",
"SEVERITY_LEVEL": "3",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "router",
"VENDOR": "hpe"
}
},
"SOLUTION": "Vendor has released updates to fix the issue. Please refer to vendor advisory <A HREF=\"https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf03836en_us\" TARGET=\"_blank\">HPESBHF03836</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf03836en_us\" TARGET=\"_blank\">HPESBHF03836</A>",
"TITLE": "HPE Comware Routers and Switches Remote Unauthorized Disclosure of Information HPESBHF03836",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "HPESBHF03836",
"URL": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbhf03836en_us"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Hardware",
"CONSEQUENCE": "On Successful exploitation could lead to information disclosure.",
"CVE_LIST": {
"CVE": {
"ID": "CVE-2019-5591",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5591"
}
},
"DIAGNOSIS": "<P>FortiOS is a security-hardened, purpose-built operating system that is the software foundation of FortiGate.<br/>\nIt is affected with following vulnerability:<br/> CVE-2019-5591 : A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet <br/>to intercept sensitive information by impersonating the LDAP server.\n\n<P>Affected Products :<br/>\n FortiOS 6.2.0 and below. Enabling the CLI option that checks for LDAP server identity entirely prevents the issue. Potential detection as cannot determine server-identity-check enabled or disabled.\n\nNote: FortiOS 6.2.1 and above have server-identity-check enabled by default, when installed from scratch. <br/>Upgrading from 6.0.3 - 6.2.0 to 6.2.1 and above does not suffice to thwart the <br/>issue: server-identity-check must be enabled (prior the upgrade of after, indifferently) to solve this.\n\n<P>QID Detection Logic (Authenticated) :<br/>\nDetection checks for vulnerable version of FortiOS.",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Unix"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-13T05:06:29Z",
"PATCHABLE": "1",
"PCI_FLAG": "0",
"PUBLISHED_DATETIME": "2021-04-05T13:40:50Z",
"QID": "43825",
"SEVERITY_LEVEL": "3",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "fortios",
"VENDOR": "cisco"
}
},
"SOLUTION": "Enabling the CLI option that checks for LDAP server identity entirely prevents the issue OR Upgrade to FortiOS 6.2.1 or above from scratch.\nVendor has released fix to address these vulnerabilities. Refer to <A HREF=\"https://www.fortiguard.com/psirt/FG-IR-19-037\" TARGET=\"_blank\">FG-IR-19-037</A>Workaround:<br/> A workaround exists, enabling the CLI option that checks for LDAP server identity entirely prevents the issue. This option can be enabled only if secure and ca-cert of the LDAP server are set. \nFollowing commands can be used for this cli option:\nconfig user ldap\nedit ldap-server\nset ca-cert\nset secure ldaps\nset server-identity-check enable\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://www.fortiguard.com/psirt/FG-IR-19-037\" TARGET=\"_blank\">FG-IR-19-037: FortiOS</A>",
"TITLE": "Fortigate FortiOS Default Configuration(FG-IR-19-037)",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "FG-IR-19-037",
"URL": "https://www.fortiguard.com/psirt/FG-IR-19-037"
}
},
"VULN_TYPE": "Potential Vulnerability"
},
{
"CATEGORY": "Hardware",
"CONSEQUENCE": "This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device.",
"CVE_LIST": {
"CVE": {
"ID": "CVE-2020-1660",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1660"
}
},
"DIAGNOSIS": "Juniper Junos is the network operating system used in Juniper Networks hardware systems.<P>\n\nAffected releases are Junos OS:<br/>\n17.3 versions prior to 17.3R3-S8.<br/>\n18.3 versions prior to 18.3R3-S1.<br/>\n18.4 versions prior to 18.4R3.<br/>\n19.1 versions prior to 19.1R3.<br/>\n19.2 versions prior to 19.2R2.<br/>\n19.3 versions prior to 19.3R3.<P>\n\nQID detection logic: (Authenticated)<br/>\nIt checks for vulnerable Junos OS version.\n\nNOTE: The following minimal configuration is required to potentially hit this issue:\nservices web-filter profile profile-name dns-filter-template template-name",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Unix"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T14:36:40Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",
"QID": "43826",
"SEVERITY_LEVEL": "3",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "junos",
"VENDOR": "juniper"
}
},
"SOLUTION": "The vendor has released fixes.<br/>For more information please visit <A HREF=\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11054\" TARGET=\"_blank\">JSA11054</A>.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11054\" TARGET=\"_blank\">JSA11054</A>",
"TITLE": "Juniper Junos OS:MX Series Denial of Service (DNS Filtering)vulnerability(JSA11054)",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "JSA11054",
"URL": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11054"
}
},
"VULN_TYPE": "Potential Vulnerability"
},
{
"CATEGORY": "Hardware",
"CONSEQUENCE": "Successful exploitation allows attacker to execute remote code.<P>",
"CVE_LIST": {
"CVE": {
"ID": "CVE-2021-0254",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0254"
}
},
"DIAGNOSIS": "Juniper Junos is the network operating system used in Juniper Networks hardware systems.<P>\nA buffer overflow vulnerability exists in the overlayd service of Juniper Networks Junos OS.<br/>\nThe overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port 4789. This issue results from improper buffer size validation, which can lead to a buffer overflow.<P>\n\nAffected releases are Junos OS:<br/>\n15.1X49 versions prior to 15.1X49-D240 on SRX Series;<br/>\n15.1 versions prior to 15.1R7-S9;<br/>\n17.3 versions prior to 17.3R3-S11;<br/>\n17.4 versions prior to 17.4R2-S13, 17.4R3-S4;<br/>\n18.1 versions prior to 18.1R3-S12;<br/>\n18.2 versions prior to 18.2R2-S8, 18.2R3-S7;<br/>\n18.3 versions prior to 18.3R3-S4;<br/>\n18.4 versions prior to 18.4R1-S8, 18.4R2-S7, 18.4R3-S7;<br/>\n19.1 versions prior to 19.1R2-S2, 19.1R3-S4;<br/>\n19.2 versions prior to 19.2R1-S6, 19.2R3-S2;<br/>\n19.3 versions prior to 19.3R3-S1;<br/>\n19.4 versions prior to 19.4R2-S4, 19.4R3-S1;<br/>\n20.1 versions prior to 20.1R2-S1, 20.1R3;<br/>\n20.2 versions prior to 20.2R2, 20.2R2-S1, 20.2R3;<br/>\n20.3 versions prior to 20.3R1-S1.<P>\n\nQID detection logic: (Authenticated)<br/>\nIt checks for vulnerable Junos OS version.",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Unix"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-19T16:47:32Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-19T14:36:40Z",
"QID": "43827",
"SEVERITY_LEVEL": "4",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "junos",
"VENDOR": "juniper"
}
},
"SOLUTION": "The vendor has released fixes.<br/>\nThe following software releases have been updated to resolve these specific issues:<br/>\n\nJunos OS 15.1X49-D240, 15.1R7-S9, 17.3R3-S11, 17.4R2-S13, 17.4R3-S4, 18.1R3-S12, 18.2R2-S8, 18.2R3-S7, 18.3R3-S4, 18.4R1-S8, 18.4R2-S7, 18.4R3-S7, 19.1R2-S2, 19.1R3-S4, 19.2R1-S6, 19.2R3-S2, 19.3R3-S1, 19.4R2-S4, 19.4R3-S1, 20.1R2-S1, 20.1R3, 20.2R2, 20.2R2-S1, 20.2R3, 20.3R1-S1, 20.4R1, and all subsequent releases.<br/>\n\n\nFor more information please visit <A HREF=\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11114\" TARGET=\"_blank\">JSA11147</A>.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11147&actp=METADATA\" TARGET=\"_blank\">JSA11147</A>",
"TITLE": "Juniper Junos Remote Code Execution Vulnerability (JSA11147)",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "JSA11147",
"URL": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11147&actp=METADATA"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Mail services",
"CONSEQUENCE": "Successful exploitation allows attackers to execute remote code.<br/>",
"CVE_LIST": {
"CVE": [
{
"ID": "CVE-2021-28480",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28480"
},
{
"ID": "CVE-2021-28481",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28481"
},
{
"ID": "CVE-2021-28482",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28482"
},
{
"ID": "CVE-2021-28483",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28483"
}
]
},
"DIAGNOSIS": "Microsoft Exchange Server is prone to remote code execution vulnerability.<br/>\nKB Articles associated with this update are: KB5001779<P>\nAffected Versions:<br/>\nMicrosoft Exchange Server 2013 Cumulative Update 23<br/>\nMicrosoft Exchange Server 2016 Cumulative Update 19<br/>\nMicrosoft Exchange Server 2016 Cumulative Update 20<br/>\nMicrosoft Exchange Server 2019 Cumulative Update 8<br/>\nMicrosoft Exchange Server 2019 Cumulative Update 9<P>\n\nQID Detection Logic (authenticated):<br/>The QID checks for the version of file Exsetup.exe.<br/>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Windows"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:01Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-14T05:14:46Z",
"QID": "50109",
"SEVERITY_LEVEL": "5",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "exchange_server",
"VENDOR": "microsoft"
}
},
"SOLUTION": "Customers are advised to refer to <A HREF=\"https://support.microsoft.com/help/5001779\" TARGET=\"_blank\">KB5001779</A> for information pertaining to this vulnerability.<br/>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://support.microsoft.com/help/5001779\" TARGET=\"_blank\">KB5001779</A>",
"TITLE": "Microsoft Exchange Server Remote Code Execution Vulnerability - April 2021",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "KB5001779",
"URL": "https://support.microsoft.com/help/5001779"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Web server",
"CONSEQUENCE": "A successful exploit could give an unauthenticated attacker access file on the SAP system.",
"CORRELATION": {
"EXPLOITS": {
"EXPLT_SRC": {
"EXPLT_LIST": {
"EXPLT": {
"DESC": "SAP NetWeaver AS JAVA 7.1 < 7.5 - Directory Traversal - The Exploit-DB Ref : 39996",
"LINK": "http://www.exploit-db.com/exploits/39996",
"REF": "CVE-2016-3976"
}
},
"SRC_NAME": "The Exploit-DB"
}
}
},
"CVE_LIST": {
"CVE": {
"ID": "CVE-2016-3976",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3976"
}
},
"DIAGNOSIS": "SAP NetWeaver Application Server (AS) or SAP Web Application Server is a component of the solution which works as a web application server to SAP solutions.<P>\nSAP NetWeaver AS JAVA is exposed to a directory traversal vulnerability. (CVE-2016-3976)\n<P>Affected Versions<br/>\nSAP NetWeaver AS JAVA Versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40 , 7.50.\n<P>QID Detection Logic(s):<br/>\nScan initiates HTTP request with an active payload to detect the vulnerability.",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available, Exploit Available",
"REMOTE": "1"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-08T12:44:32Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-08T12:44:32Z",
"QID": "87446",
"SEVERITY_LEVEL": "3",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "netweaver",
"VENDOR": "sap"
}
},
"SOLUTION": "some solution",
"TITLE": "SAP NetWeaver AS JAVA Directory Traversal Vulnerability",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "someid",
"URL": "https://blogs.sap.com/2016/03/08/sap-security-patch-day-march-2016/"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Web server",
"CONSEQUENCE": "A successful exploit could give an unauthenticated attacker to obtain unauthorized access to an OS filesystem.",
"CVE_LIST": {
"CVE": {
"ID": "CVE-2016-9563",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9563"
}
},
"DIAGNOSIS": "SAP NetWeaver Application Server (AS) or SAP Web Application Server is a component of the solution which works as a web application server to SAP solutions.<P>\nBC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI<P>\n<P>Affected Versions<br/>\nSAP NetWeaver AS JAVA Versions 7.50.\n<P>QID Detection Logic(s):<br/>\nThis QID sends a HTTP POST request to &quot;sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn&quot; to detect the vulnerability",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"REMOTE": "1"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-05-18T12:29:35Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-08T12:44:32Z",
"QID": "87447",
"SEVERITY_LEVEL": "3",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "netweaver",
"VENDOR": "sap"
}
},
"SOLUTION": "somesolution2",
"TITLE": "SAP NetWeaver AS JAVA 7.5 XML External Entity Vulnerability",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "someid2",
"URL": "https://service.sap.com/sap/support/notes/2296909"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Windows",
"CONSEQUENCE": "Successful exploitation allows attacker to bypass the security feature and allows set a second cookie with the name being percent encoded.",
"CVE_LIST": {
"CVE": {
"ID": "CVE-2021-26701",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26701"
}
},
"DIAGNOSIS": "A denial of service vulnerability exists when .NET Core improperly handles web requests.<br/>\nThis security update is rated Important for supported versions of .NET Core.<P>\nAffected versions:<br/>\nAny .NET Core 2.1 , 3.1 or .NET 5.0 application running on .NET Core 2.1.25, 3.1.12 or .NET 5.0.3 or lower respectively.<P>\nQID Detection Logic (Authenticated):<br/>\nThe qid looks for sub directories under %programfiles%\\dotnet\\shared\\Microsoft.NETCore.App, %programfiles(x86)%\\dotnet\\shared\\Microsoft.NETCore.App and checks for vulnerable versions in .version file on Windows.",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Windows"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-12T13:50:00Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-12T13:50:00Z",
"QID": "91756",
"SEVERITY_LEVEL": "4",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": ".net_core",
"VENDOR": "microsoft"
}
},
"SOLUTION": "Customers are advised to refer to <A HREF=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701\" TARGET=\"_blank\">CVE-2021-26701</A> for more details pertaining to this vulnerability.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701\" TARGET=\"_blank\">CVE-2021-26701: WIndows</A>",
"TITLE": "Microsoft .NET Core Security Update March 2021",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "CVE-2021-26701",
"URL": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26701"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Windows",
"CONSEQUENCE": "Successful exploitation can affect confidentiality, integrity and availability.",
"CVE_LIST": {
"CVE": {
"ID": "CVE-2021-27064",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27064"
}
},
"DIAGNOSIS": "Microsoft has released security update for Visual Studio which resolves multiple security vulnerabilities.<P>\n\nAffected Software:<br/>\nMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)<br/>\nMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)<br/>\nMicrosoft Visual Studio 2019 version 16.7 (includes 16.0 - 16.6)<br/>\n\nMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)<P>\nQID Detection Logic:Authenticated<br/>\nThis QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe.",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Windows"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-14T05:14:46Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-14T05:14:46Z",
"QID": "91757",
"SEVERITY_LEVEL": "4",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "visual studio",
"VENDOR": "microsoft"
}
},
"SOLUTION": "Customers are advised to refer to <A HREF=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27064\" TARGET=\"_blank\">CVE-2021-27064</A> for more information pertaining to this vulnerability.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27064\" TARGET=\"_blank\">CVE-2021-27064: WIndows</A>",
"TITLE": "Microsoft Visual Studio Security Update for April 2021",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "CVE-2021-27064",
"URL": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27064"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Windows",
"CONSEQUENCE": "A remote attacker could exploit this vulnerability and execute code on the target system.",
"CVE_LIST": {
"CVE": [
{
"ID": "CVE-2021-26413",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26413"
},
{
"ID": "CVE-2021-26415",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26415"
},
{
"ID": "CVE-2021-26416",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26416"
},
{
"ID": "CVE-2021-26417",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26417"
},
{
"ID": "CVE-2021-27072",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27072"
},
{
"ID": "CVE-2021-27079",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27079"
},
{
"ID": "CVE-2021-27086",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27086"
},
{
"ID": "CVE-2021-27088",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27088"
},
{
"ID": "CVE-2021-27089",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27089"
},
{
"ID": "CVE-2021-27090",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27090"
},
{
"ID": "CVE-2021-27091",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27091"
},
{
"ID": "CVE-2021-27092",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27092"
},
{
"ID": "CVE-2021-27093",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27093"
},
{
"ID": "CVE-2021-27094",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27094"
},
{
"ID": "CVE-2021-27095",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27095"
},
{
"ID": "CVE-2021-27096",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27096"
},
{
"ID": "CVE-2021-28309",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28309"
},
{
"ID": "CVE-2021-28310",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28310"
},
{
"ID": "CVE-2021-28311",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28311"
},
{
"ID": "CVE-2021-28312",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28312"
},
{
"ID": "CVE-2021-28313",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28313"
},
{
"ID": "CVE-2021-28314",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28314"
},
{
"ID": "CVE-2021-28315",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28315"
},
{
"ID": "CVE-2021-28316",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28316"
},
{
"ID": "CVE-2021-28317",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28317"
},
{
"ID": "CVE-2021-28318",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28318"
},
{
"ID": "CVE-2021-28319",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28319"
},
{
"ID": "CVE-2021-28320",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28320"
},
{
"ID": "CVE-2021-28321",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28321"
},
{
"ID": "CVE-2021-28322",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28322"
},
{
"ID": "CVE-2021-28323",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28323"
},
{
"ID": "CVE-2021-28324",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28324"
},
{
"ID": "CVE-2021-28325",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28325"
},
{
"ID": "CVE-2021-28326",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28326"
},
{
"ID": "CVE-2021-28327",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28327"
},
{
"ID": "CVE-2021-28328",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28328"
},
{
"ID": "CVE-2021-28329",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28329"
},
{
"ID": "CVE-2021-28330",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28330"
},
{
"ID": "CVE-2021-28331",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28331"
},
{
"ID": "CVE-2021-28332",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28332"
},
{
"ID": "CVE-2021-28333",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28333"
},
{
"ID": "CVE-2021-28334",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28334"
},
{
"ID": "CVE-2021-28335",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28335"
},
{
"ID": "CVE-2021-28336",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28336"
},
{
"ID": "CVE-2021-28337",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28337"
},
{
"ID": "CVE-2021-28338",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28338"
},
{
"ID": "CVE-2021-28339",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28339"
},
{
"ID": "CVE-2021-28340",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28340"
},
{
"ID": "CVE-2021-28341",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28341"
},
{
"ID": "CVE-2021-28342",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28342"
},
{
"ID": "CVE-2021-28343",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28343"
},
{
"ID": "CVE-2021-28344",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28344"
},
{
"ID": "CVE-2021-28345",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28345"
},
{
"ID": "CVE-2021-28346",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28346"
},
{
"ID": "CVE-2021-28347",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28347"
},
{
"ID": "CVE-2021-28348",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28348"
},
{
"ID": "CVE-2021-28349",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28349"
},
{
"ID": "CVE-2021-28350",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28350"
},
{
"ID": "CVE-2021-28351",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28351"
},
{
"ID": "CVE-2021-28352",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28352"
},
{
"ID": "CVE-2021-28353",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28353"
},
{
"ID": "CVE-2021-28354",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28354"
},
{
"ID": "CVE-2021-28355",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28355"
},
{
"ID": "CVE-2021-28356",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28356"
},
{
"ID": "CVE-2021-28357",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28357"
},
{
"ID": "CVE-2021-28358",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28358"
},
{
"ID": "CVE-2021-28434",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28434"
},
{
"ID": "CVE-2021-28435",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28435"
},
{
"ID": "CVE-2021-28436",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28436"
},
{
"ID": "CVE-2021-28437",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28437"
},
{
"ID": "CVE-2021-28438",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28438"
},
{
"ID": "CVE-2021-28439",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28439"
},
{
"ID": "CVE-2021-28440",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28440"
},
{
"ID": "CVE-2021-28441",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28441"
},
{
"ID": "CVE-2021-28442",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28442"
},
{
"ID": "CVE-2021-28443",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28443"
},
{
"ID": "CVE-2021-28444",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28444"
},
{
"ID": "CVE-2021-28445",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28445"
},
{
"ID": "CVE-2021-28446",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28446"
},
{
"ID": "CVE-2021-28447",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28447"
},
{
"ID": "CVE-2021-28464",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28464"
},
{
"ID": "CVE-2021-28466",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28466"
},
{
"ID": "CVE-2021-28468",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28468"
}
]
},
"DIAGNOSIS": "Microsoft releases the security update for Windows April 2021<P>\nThe KB Articles associated with the update:<br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001387\" TARGET=\"_blank\">KB5001387</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001382\" TARGET=\"_blank\">KB5001382</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001339\" TARGET=\"_blank\">KB5001339</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001337\" TARGET=\"_blank\">KB5001337</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001347\" TARGET=\"_blank\">KB5001347</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001383\" TARGET=\"_blank\">KB5001383</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001342\" TARGET=\"_blank\">KB5001342</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001392\" TARGET=\"_blank\">KB5001392</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001335\" TARGET=\"_blank\">KB5001335</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001330\" TARGET=\"_blank\">KB5001330</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001389\" TARGET=\"_blank\">KB5001389</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001332\" TARGET=\"_blank\">KB5001332</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001393\" TARGET=\"_blank\">KB5001393</A><br/>\n<A HREF=\"https://support.microsoft.com/en-us/help/5001340\" TARGET=\"_blank\">KB5001340</A><br/>\n<P>This QID checks for the file version of ntoskrnl.exe\n<P>The following versions of ntoskrnl.exe with their corresponding KBs are verified:<br/>\nKB5001387 - 6.2.9200.23327<br/>\nKB5001382 - 6.3.9600.19994<br/>\nKB5001339 - 10.0.17134.2145<br/>\nKB5001337 - 10.0.18362.1500<br/>\nKB5001347 - 10.0.14393.4350<br/>\nKB5001383 - 6.2.9200.23327<br/>\nKB5001342 - 10.0.17763.1879<br/>\nKB5001392 - 6.1.7601.24576<br/>\nKB5001335 - 6.1.7601.24576<br/>\nKB5001330 - 10.0.19041.928<br/>\nKB5001389 - 6.0.6003.21095<br/>\nKB5001332 - 6.0.6003.21095<br/>\nKB5001393 - 6.3.9600.19994<br/>\nKB5001340 - 10.0.10240.18906<br/>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Windows"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:01Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-14T05:14:46Z",
"QID": "91758",
"SEVERITY_LEVEL": "4",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "windows",
"VENDOR": "microsoft"
}
},
"SOLUTION": "Please refer to the <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance\" TARGET=\"_blank\">Security Update Guide</A> for more information pertaining to these vulnerabilities.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance\" TARGET=\"_blank\">Microsoft Security Update Guide: Windows</A>",
"TITLE": "Microsoft Windows Security Update for April 2021",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": [
{
"ID": "KB5001387",
"URL": "https://support.microsoft.com/en-in/help/5001387"
},
{
"ID": "KB5001382",
"URL": "https://support.microsoft.com/en-in/help/5001382"
},
{
"ID": "KB5001339",
"URL": "https://support.microsoft.com/en-in/help/5001339"
},
{
"ID": "KB5001337",
"URL": "https://support.microsoft.com/en-in/help/5001337"
},
{
"ID": "KB5001347",
"URL": "https://support.microsoft.com/en-in/help/5001347"
},
{
"ID": "KB5001383",
"URL": "https://support.microsoft.com/en-in/help/5001383"
},
{
"ID": "KB5001342",
"URL": "https://support.microsoft.com/en-in/help/5001342"
},
{
"ID": "KB5001392",
"URL": "https://support.microsoft.com/en-in/help/5001392"
},
{
"ID": "KB5001335",
"URL": "https://support.microsoft.com/en-in/help/5001335"
},
{
"ID": "KB5001330",
"URL": "https://support.microsoft.com/en-in/help/5001330"
},
{
"ID": "KB5001389",
"URL": "https://support.microsoft.com/en-in/help/5001389"
},
{
"ID": "KB5001332",
"URL": "https://support.microsoft.com/en-in/help/5001332"
},
{
"ID": "KB5001393",
"URL": "https://support.microsoft.com/en-in/help/5001393"
},
{
"ID": "KB5001340",
"URL": "https://support.microsoft.com/en-in/help/5001340"
}
]
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Windows",
"CONSEQUENCE": "Successful exploitation may allow unauthorized disclosure of information, unauthorized modification or disruption of service.<P>",
"DIAGNOSIS": "Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes.<P>\nMicrosoft has released Servicing Stack security updates for Windows.<br/>Related KBs:<br/>KB5001401,KB5001403,KB5001399,KB5001402,KB5001400,KB5001404,5001406\n<br/>\nQID Detection Logic (Authenticated): <br/>\nThis authenticated QID will check for file version of CbsCore.dll<P>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Windows"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-14T05:14:46Z",
"PATCHABLE": "1",
"PCI_FLAG": "0",
"PUBLISHED_DATETIME": "2021-04-14T05:14:46Z",
"QID": "91759",
"SEVERITY_LEVEL": "2",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "servicing_stack",
"VENDOR": "microsoft"
}
},
"SOLUTION": "Customers are advised to refer to advisory <A HREF=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001\" TARGET=\"_blank\">ADV990001</A> for more information.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001\" TARGET=\"_blank\">ADV990001</A>",
"TITLE": "Microsoft Windows Servicing Stack Security Update April 2021",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "ADV990001",
"URL": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Windows",
"CONSEQUENCE": "Successful exploitation allows attacker to get access to Azure DevOps Server pipeline configuration variables and secrets.<br/>",
"CVE_LIST": {
"CVE": [
{
"ID": "CVE-2021-27067",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27067"
},
{
"ID": "CVE-2021-28459",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28459"
}
]
},
"DIAGNOSIS": "Azure DevOps Server and Team Foundation Server are prone to information disclosure vulnerability.<br/>\nAzure DevOps Server 2020.0.1<br/>\nAzure DevOps Server 2020<br/>\nAzure DevOps Server 2019.0.1<br/>\nAzure DevOps Server 2019 Update 1<br/>\nAzure DevOps Server 2019 Update 1.1<br/>\nTeam Foundation Server 2018 Update 3.2<br/>\nTeam Foundation Server 2018 Update 1.2<br/>\nTeam Foundation Server 2017 Update 3.1<br/>\nTeam Foundation Server 2015 Update 4.2<br/>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Windows"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:00Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-14T05:14:46Z",
"QID": "91760",
"SEVERITY_LEVEL": "3",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "azure_devops_server",
"VENDOR": "microsoft"
}
},
"SOLUTION": "Customers are advised to refer to <A HREF=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27067\" TARGET=\"_blank\">CVE-2021-27067</A>, <A HREF=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28459\" TARGET=\"_blank\">CVE-2021-28459</A> for information pertaining to this vulnerability.<br/>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://aka.ms/azdev2020.0.1patch2\" TARGET=\"_blank\">Azure DevOps Server 2020</A><P> <A HREF=\"https://aka.ms/azdev2019.1.1patch8\" TARGET=\"_blank\">Azure DevOps Server 2019 Update 1.1</A><P> <A HREF=\"http://aka.ms/azdev2019.1patch\" TARGET=\"_blank\">Azure DevOps Server 2019 Update 1</A><P> <A HREF=\"https://aka.ms/tfs2015.4.2patch\" TARGET=\"_blank\">Team Foundation Server 2015 Update 4.2</A><P> <A HREF=\"https://aka.ms/tfs2018.3.2patch\" TARGET=\"_blank\">Team Foundation Server 2018 Update 3.2</A><P> <A HREF=\"https://aka.ms/tfs2018.1.2patch\" TARGET=\"_blank\">Team Foundation Server 2018 Update 1.2</A><P> <A HREF=\"https://aka.ms/tfs2017.3.1patch\" TARGET=\"_blank\">Team Foundation Server 2017 Update 3.1</A><P> <A HREF=\"https://aka.ms/azdev2019.1.1patch10\" TARGET=\"_blank\">Azure DevOps Server 2019.0.1</A><P> <A HREF=\"https://aka.ms/azdev2020.0.1patch2\" TARGET=\"_blank\">Azure DevOps Server 2020.0.1</A>",
"TITLE": "Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability - April 2021",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": [
{
"ID": "CVE-2021-28459",
"URL": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28459"
},
{
"ID": "CVE-2021-27067",
"URL": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27067"
}
]
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Windows",
"CONSEQUENCE": "An attacker who successfully exploited this vulnerability could obtain information to further compromise the user system.",
"CVE_LIST": {
"CVE": [
{
"ID": "CVE-2021-28466",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28466"
},
{
"ID": "CVE-2021-28464",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28464"
},
{
"ID": "CVE-2021-28468",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28468"
}
]
},
"DIAGNOSIS": "A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory.<br/>\nMicrosoft has disclosed Information Disclosure and Remote Code Execution in Windows Codecs Library and VP9 Video Extensions.<P>\n\nAffected Product:<br/>\nVP9 Video Extensions prior to version 1.0.40631.0<br/>\nRaw Image Extension prior to version 1.0.40392.0<P>\n\n\nQID detection Logic:<br/>\nThe gets the version of HEVCVideoExtension by querying wmi class Win32_InstalledStoreProgram.<P>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Windows"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:01Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-14T05:14:46Z",
"QID": "91761",
"SEVERITY_LEVEL": "4",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "codecs",
"VENDOR": "microsoft"
}
},
"SOLUTION": "Users are advised to check <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-26902\" TARGET=\"_blank\">CVE-2021-26902</A> for more information.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28317\" TARGET=\"_blank\">CVE-2021-28317: Windows</A><P> <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28466\" TARGET=\"_blank\">CVE-2021-28466: Windows</A><P> <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-27079\" TARGET=\"_blank\">CVE-2021-27079: Windows</A><P> <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28464\" TARGET=\"_blank\">CVE-2021-28464: Windows</A><P> <A HREF=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28468\" TARGET=\"_blank\">CVE-2021-28468: Windows</A>",
"TITLE": "Microsoft Windows Codecs Library and VP9 Video Extensions Multiple Vulnerabilities",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": [
{
"ID": "CVE-2021-28466",
"URL": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28466"
},
{
"ID": "CVE-2021-28464",
"URL": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28464"
},
{
"ID": "CVE-2021-28468",
"URL": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-28468"
}
]
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Office Application",
"CONSEQUENCE": "Successful exploitation allows an attacker to execute code remotely.<P>",
"CVE_LIST": {
"CVE": [
{
"ID": "CVE-2021-28450",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28450"
},
{
"ID": "CVE-2021-28453",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28453"
}
]
},
"DIAGNOSIS": "Microsoft has released April 2021 security updates to fix multiple security vulnerabilities.<P>\nThis security update contains the following KBs:<P>\nKB4504709<br/>\nKB4504716<br/>\nKB4493170<br/>\nKB4504719<br/>\nKB4504701<br/>\nKB4504715<br/>\nKB4493201<br/>\nKB4504723<P>\nQID Detection Logic:<br/>\nThis authenticated QID checks the file versions from the above Microsoft KB article with the versions on the affected SharePoint system.<P>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Windows"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:00Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-14T05:14:45Z",
"QID": "110377",
"SEVERITY_LEVEL": "4",
"SOFTWARE_LIST": {
"SOFTWARE": [
{
"PRODUCT": "sharepoint_server",
"VENDOR": "microsoft"
},
{
"PRODUCT": "sharepoint_foundation",
"VENDOR": "microsoft"
}
]
},
"SOLUTION": "Refer to <A HREF=\"https://msrc.microsoft.com/update-guide/en-us\" TARGET=\"_blank\">Microsoft Security Guidance</A> for more details pertaining to this vulnerability.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://msrc.microsoft.com/update-guide/en-us\" TARGET=\"_blank\">Microsoft Office and Microsoft Office Services and Web Apps Security Update April 2021</A>",
"TITLE": "Microsoft SharePoint Enterprise Server Multiple Vulnerabilities April 2021",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": [
{
"ID": "KB4504709",
"URL": "https://support.microsoft.com/kb/4504709"
},
{
"ID": "KB4504716",
"URL": "https://support.microsoft.com/kb/4504716"
},
{
"ID": "KB4493170",
"URL": "https://support.microsoft.com/kb/4493170"
},
{
"ID": "KB4504719",
"URL": "https://support.microsoft.com/kb/4504719"
},
{
"ID": "KB4504701",
"URL": "https://support.microsoft.com/kb/4504701"
},
{
"ID": "KB4504715",
"URL": "https://support.microsoft.com/kb/4504715"
},
{
"ID": "KB4493201",
"URL": "https://support.microsoft.com/kb/4493201"
},
{
"ID": "KB4504723",
"URL": "https://support.microsoft.com/kb/4504723"
}
]
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Office Application",
"CONSEQUENCE": "Successful exploitation will lead to Remote Code Execution.<P>",
"CVE_LIST": {
"CVE": {
"ID": "CVE-2021-28452",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28452"
}
},
"DIAGNOSIS": "Microsoft has released April 2021 security updates for outlook to fix a Remote Code Execution vulnerability.<P>\nThis security update contains the following KBs:<br/>\n\nKB4493185<br/>\nKB4504733<br/>\nKB4504712<br/>\n\nQID Detection Logic:<br/>\nThis authenticated QID checks the file versions from the Microsoft advisory with the versions on affected outlook applications.<P>\n\nNote: Office click-2-run and Office 365 installations need to be either updated manually or need to be set to automatic update. There is no direct download for the patch.<P>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Windows"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:00Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-14T05:14:45Z",
"QID": "110378",
"SEVERITY_LEVEL": "4",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "outlook",
"VENDOR": "microsoft"
}
},
"SOLUTION": "Refer to <A HREF=\"https://msrc.microsoft.com/update-guide/en-us\" TARGET=\"_blank\">Microsoft Security Guide</A> for more details pertaining to this vulnerability.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://msrc.microsoft.com/update-guide/en-us\" TARGET=\"_blank\">Microsoft Office and Microsoft Office Services and Web Apps Security Update April 2021</A>",
"TITLE": "Microsoft Outlook Remote Code Execution Vulnerability Security Update April 2021",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": [
{
"ID": "KB4493185",
"URL": "https://support.microsoft.com/kb/4493185"
},
{
"ID": "KB4504733",
"URL": "https://support.microsoft.com/kb/4504733"
},
{
"ID": "KB4504712",
"URL": "https://support.microsoft.com/kb/4504712"
}
]
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "Office Application",
"CONSEQUENCE": "Successful exploitation allows an attacker to execute code remotely.<P>",
"CVE_LIST": {
"CVE": [
{
"ID": "CVE-2021-28454",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28454"
},
{
"ID": "CVE-2021-28453",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28453"
},
{
"ID": "CVE-2021-28452",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28452"
},
{
"ID": "CVE-2021-28451",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28451"
},
{
"ID": "CVE-2021-28449",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28449"
},
{
"ID": "CVE-2021-28456",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28456"
}
]
},
"DIAGNOSIS": "Microsoft has released April 2021 security updates to fix multiple security vulnerabilities.<P>\nThis security update contains the following KBs:<P>\n\nKB4504727<br/>\nKB4493218<br/>\nKB4504729<br/>\nKB4504735<br/>\nKB4504721<br/>\nKB4504714<br/>\nKB4504726<br/>\nKB3178643<br/>\nKB3178639<br/>\nKB2553491<br/>\nKB2589361<br/>\nKB4504738<br/>\nKB4504705<br/>\nKB4493215<br/>\nKB4493198<br/>\nKB4504739<br/>\nKB3017810<br/>\nKB4504724<br/>\nKB4493208<br/>\nKB4504722<P>\n\nQID Detection Logic:<br/>\nThis authenticated QID checks the file versions from the Microsoft advisory with the versions on the affected office system.<P>\n\nNote: Office click-2-run and Office 365 installations need to be updated manually or need to be set to automatic update. There is no direct download for the patch.<P>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": [
"Windows",
"Unix"
]
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-15T12:32:01Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-14T05:14:45Z",
"QID": "110379",
"SEVERITY_LEVEL": "4",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "office",
"VENDOR": "microsoft"
}
},
"SOLUTION": "Refer to <A HREF=\"https://msrc.microsoft.com/update-guide/en-us\" TARGET=\"_blank\">Microsoft Security Guidance</A> for more details pertaining to this vulnerability.<P>\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://msrc.microsoft.com/update-guide/en-us\" TARGET=\"_blank\">Microsoft Office and Microsoft Office Services and Web Apps Security Update April 2021</A>",
"TITLE": "Microsoft Office and Microsoft Office Services and Web Apps Security Update April 2021",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": [
{
"ID": "KB4504727",
"URL": "https://support.microsoft.com/kb/4504727"
},
{
"ID": "KB4493218",
"URL": "https://support.microsoft.com/kb/4493218"
},
{
"ID": "KB4504729",
"URL": "https://support.microsoft.com/kb/4504729"
},
{
"ID": "KB4504735",
"URL": "https://support.microsoft.com/kb/4504735"
},
{
"ID": "KB4504721",
"URL": "https://support.microsoft.com/kb/4504721"
},
{
"ID": "KB4504714",
"URL": "https://support.microsoft.com/kb/4504714"
},
{
"ID": "KB4504726",
"URL": "https://support.microsoft.com/kb/4504726"
},
{
"ID": "KB3178643",
"URL": "https://support.microsoft.com/kb/3178643"
},
{
"ID": "KB3178639",
"URL": "https://support.microsoft.com/kb/3178639"
},
{
"ID": "KB2553491",
"URL": "https://support.microsoft.com/kb/2553491"
},
{
"ID": "KB2589361",
"URL": "https://support.microsoft.com/kb/2589361"
},
{
"ID": "KB4504738",
"URL": "https://support.microsoft.com/kb/4504738"
},
{
"ID": "KB4504705",
"URL": "https://support.microsoft.com/kb/4504705"
},
{
"ID": "KB4493215",
"URL": "https://support.microsoft.com/kb/4493215"
},
{
"ID": "KB4493198",
"URL": "https://support.microsoft.com/kb/4493198"
},
{
"ID": "KB4504739",
"URL": "https://support.microsoft.com/kb/4504739"
},
{
"ID": "KB3017810",
"URL": "https://support.microsoft.com/kb/3017810"
},
{
"ID": "KB4504724",
"URL": "https://support.microsoft.com/kb/4504724"
},
{
"ID": "KB4493208",
"URL": "https://support.microsoft.com/kb/4493208"
},
{
"ID": "KB4504722",
"URL": "https://support.microsoft.com/kb/4504722"
}
]
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "OEL",
"CONSEQUENCE": "Malicious users could use this vulnerability to change partial contents or configuration on the system.",
"CORRELATION": {
"EXPLOITS": {
"EXPLT_SRC": {
"EXPLT_LIST": {
"EXPLT": {
"DESC": "jQuery 1.0.3 - Cross-Site Scripting (XSS) - The Exploit-DB Ref : 49767",
"LINK": "http://www.exploit-db.com/exploits/49767",
"REF": "CVE-2020-11023"
}
},
"SRC_NAME": "The Exploit-DB"
}
}
},
"CVE_LIST": {
"CVE": {
"ID": "CVE-2020-11023",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023"
}
},
"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for ipa to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 7<br/>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available, Exploit Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Unix"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:49Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-05T13:40:49Z",
"QID": "159121",
"SEVERITY_LEVEL": "3",
"SOFTWARE_LIST": {
"SOFTWARE": [
{
"PRODUCT": "peoplesoft_enterprise_human_capital_management_resources",
"VENDOR": "oracle"
},
{
"PRODUCT": "communications_session_route_manager",
"VENDOR": "oracle"
},
{
"PRODUCT": "jd_edwards_enterpriseone_orchestrator",
"VENDOR": "oracle"
},
{
"PRODUCT": "communications_element_manager",
"VENDOR": "oracle"
},
{
"PRODUCT": "weblogic_server",
"VENDOR": "oracle"
},
{
"PRODUCT": "application_testing_suite",
"VENDOR": "oracle"
},
{
"PRODUCT": "hyperion_financial_reporting",
"VENDOR": "oracle"
},
{
"PRODUCT": "application_express",
"VENDOR": "oracle"
},
{
"PRODUCT": "siebel_mobile",
"VENDOR": "oracle"
},
{
"PRODUCT": "rest_data_services",
"VENDOR": "oracle"
},
{
"PRODUCT": "storagetek_tape_analytics_sw_tool",
"VENDOR": "oracle"
},
{
"PRODUCT": "webcenter_sites",
"VENDOR": "oracle"
},
{
"PRODUCT": "communications_analytics",
"VENDOR": "oracle"
},
{
"PRODUCT": "communications_interactive_session_recorder",
"VENDOR": "oracle"
},
{
"PRODUCT": "healthcare_translational_research",
"VENDOR": "oracle"
},
{
"PRODUCT": "banking_enterprise_collections",
"VENDOR": "oracle"
},
{
"PRODUCT": "banking_platform",
"VENDOR": "oracle"
},
{
"PRODUCT": "communications_operations_monitor",
"VENDOR": "oracle"
},
{
"PRODUCT": "financial_services_regulatory_reporting_for_de_nederlandsche_bank",
"VENDOR": "oracle"
},
{
"PRODUCT": "communications_session_report_manager",
"VENDOR": "oracle"
},
{
"PRODUCT": "primavera_gateway",
"VENDOR": "oracle"
},
{
"PRODUCT": "jd_edwards_enterpriseone_tools",
"VENDOR": "oracle"
},
{
"PRODUCT": "None",
"VENDOR": "oracle"
}
]
},
"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0860.html\" TARGET=\"_blank\">ELSA-2021-0860</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0860.html\" TARGET=\"_blank\">ELSA-2021-0860: Oracle Linux</A>",
"TITLE": "Oracle Enterprise Linux Security Update for ipa (ELSA-2021-0860)",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "ELSA-2021-0860",
"URL": "https://linux.oracle.com/errata/ELSA-2021-0860.html"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "OEL",
"CONSEQUENCE": "This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system.",
"CVE_LIST": {
"CVE": {
"ID": "CVE-2021-20179",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20179"
}
},
"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for pki-core:10.6 to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 8<br/>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Unix"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:49Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-05T13:40:49Z",
"QID": "159122",
"SEVERITY_LEVEL": "3",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "None",
"VENDOR": "oracle"
}
},
"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0966.html\" TARGET=\"_blank\">ELSA-2021-0966</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0966.html\" TARGET=\"_blank\">ELSA-2021-0966: Oracle Linux</A>",
"TITLE": "Oracle Enterprise Linux Security Update for pki-core:10.6 (ELSA-2021-0966)",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "ELSA-2021-0966",
"URL": "https://linux.oracle.com/errata/ELSA-2021-0966.html"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "OEL",
"CONSEQUENCE": "Successful exploitation allows an attacker to compromise the system.",
"CVE_LIST": {
"CVE": [
{
"ID": "CVE-2021-23981",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"
},
{
"ID": "CVE-2021-23982",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"
},
{
"ID": "CVE-2021-23984",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"
},
{
"ID": "CVE-2021-23987",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"
}
]
},
"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for firefox to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 8<br/>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Unix"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:49Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-05T13:40:49Z",
"QID": "159123",
"SEVERITY_LEVEL": "3",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "None",
"VENDOR": "oracle"
}
},
"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0990.html\" TARGET=\"_blank\">ELSA-2021-0990</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0990.html\" TARGET=\"_blank\">ELSA-2021-0990: Oracle Linux</A>",
"TITLE": "Oracle Enterprise Linux Security Update for firefox (ELSA-2021-0990)",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "ELSA-2021-0990",
"URL": "https://linux.oracle.com/errata/ELSA-2021-0990.html"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "OEL",
"CONSEQUENCE": "Successful exploitation allows an attacker to compromise the system.",
"CVE_LIST": {
"CVE": [
{
"ID": "CVE-2021-23981",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"
},
{
"ID": "CVE-2021-23982",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"
},
{
"ID": "CVE-2021-23984",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"
},
{
"ID": "CVE-2021-23987",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987"
}
]
},
"DIAGNOSIS": "Oracle Enterprise Linux has released a security update for firefox to fix the vulnerabilities.<P>Affected Product:<br/>Oracle Linux 7<br/>",
"DISCOVERY": {
"ADDITIONAL_INFO": "Patch Available",
"AUTH_TYPE_LIST": {
"AUTH_TYPE": "Unix"
},
"REMOTE": "0"
},
"LAST_SERVICE_MODIFICATION_DATETIME": "2021-04-05T13:40:49Z",
"PATCHABLE": "1",
"PCI_FLAG": "1",
"PUBLISHED_DATETIME": "2021-04-05T13:40:49Z",
"QID": "159124",
"SEVERITY_LEVEL": "3",
"SOFTWARE_LIST": {
"SOFTWARE": {
"PRODUCT": "None",
"VENDOR": "oracle"
}
},
"SOLUTION": "To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:<br/><br/><A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0992.html\" TARGET=\"_blank\">ELSA-2021-0992</A>.\n<P>Patch:<br/>\nFollowing are links for downloading patches to fix the vulnerabilities:\n<P> <A HREF=\"https://linux.oracle.com/errata/ELSA-2021-0992.html\" TARGET=\"_blank\">ELSA-2021-0992: Oracle Linux</A>",
"TITLE": "Oracle Enterprise Linux Security Update for firefox (ELSA-2021-0992)",
"VENDOR_REFERENCE_LIST": {
"VENDOR_REFERENCE": {
"ID": "ELSA-2021-0992",
"URL": "https://linux.oracle.com/errata/ELSA-2021-0992.html"
}
},
"VULN_TYPE": "Vulnerability"
},
{
"CATEGORY": "OEL",
"CONSEQUENCE": "Successful exploitation allows an attacker to compromise the system.",
"CVE_LIST": {
"CVE": [
{
"ID": "CVE-2021-23981",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981"
},
{
"ID": "CVE-2021-23982",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982"
},
{
"ID": "CVE-2021-23984",
"URL": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984"