KnowledgeBase download

action=list

(Required)

echo_request={0|1}

(Optional) Specify 1 to view (echo) input parameters in the XML output. By default these are not included.

details={Basic|All|None}

(Optional) Show the requested amount of information for each vulnerability in the XML output. A valid value is: Basic (default), All, or None. Basic includes basic elements plus CVSS Base and Temporal scores. All includes all vulnerability details, including the Basic details.

ids={value}

(Optional) Used to filter the XML output to include only vulnerabilities that have QID numbers matching the QID numbers you specify.

id_min={value}

(Optional) Used to filter the XML output to show only vulnerabilities that have a QID number greater than or equal to a QID number you specify.

id_max={value}

(Optional) Used to filter the XML output to show only vulnerabilities that have a QID number less than or equal to a QID number you specify.

is_patchable={0|1}

(Optional) Used to filter the XML output to show only vulnerabilities that are patchable or not patchable. A vulnerability is considered patchable when a patch exists for it. When 1 is specified, only vulnerabilities that are patchable will be included in the output. When 0 is specified, only vulnerabilities that are not patchable will be included in the output. When unspecified, patchable and unpatchable vulnerabilities will be included in the output.

last_modified_after={date}

(Optional) Used to filter the XML output to show only vulnerabilities last modified after a certain date and time. When specified vulnerabilities last modified by a user or by the service will be shown. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT).

last_modified_before={date}

(Optional) Used to filter the XML output to show only vulnerabilities last modified before a certain date and time. When specified vulnerabilities last modified by a user or by the service will be shown. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT).

last_modified_by_user_after={date}

(Optional) Used to filter the XML output to show only vulnerabilities last modified by a user after a certain date and time. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT).

last_modified_by_user_before={date}

(Optional) Used to filter the XML output to show only vulnerabilities last modified by a user before a certain date and time. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT).

last_modified_by_service_after={date}

(Optional) Used to filter the XML output to show only vulnerabilities last modified by the service after a certain date and time. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT).

last_modified_by_service_before={date}

(Optional) Used to filter the XML output to show only vulnerabilities last modified by the service before a certain date and time. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT).

published_after={date}

(Optional) Used to filter the XML output to show only vulnerabilities published after a certain date and time. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT).

published_before={date}

(Optional) Used to filter the XML output to show only vulnerabilities published before a certain date and time. The date/time is specified in YYYY-MM-DD[THH:MM:SSZ] format (UTC/GMT).

discovery_method={value}

(Optional) Used to filter the XML output to show only vulnerabilities assigned a certain discovery method. A valid value is: Remote, Authenticated, RemoteOnly, AuthenticatedOnly, or RemoteAndAuthenticated.

When “Authenticated” is specified, the service shows vulnerabilities that have at least one associated authentication type. Vulnerabilities that have at least one authentication type can be detected in two ways: 1) remotely without using authentication, and 2) using authentication.

discovery_auth_types={value}

(Optional) Used to filter the XML output to show only vulnerabilities having one or more authentication types. For example: Windows, Oracle, Unix, SNMP, DB2, HTTP, MySQL, VMware. Multiple values should be comma-separated.

show_pci_reasons={0|1}

(Optional) Used to filter the XML output to show reasons for passing or failing PCI compliance (when the CVSS Scoring feature is turned on in the user’s subscription). Specify 1 to view the reasons in the XML output. When unspecified, the reasons are not included in the XML output.

show_supported_modules_info={0|1}

(Optional) Used to filter the XML output to show Qualys modules that can be used to detect each vulnerability. Specify 1 to view supported modules in the XML output. When unspecified, supported modules are not included in the XML output.

show_disabled_flag={0|1}

(Optional) Specify 1 to include the disabled flag for each vulnerability in the XML output.

show_qid_change_log={0|1}

(Optional) Specify 1 to include QID changes for each vulnerability in the XML output.

Zero_Day (1)

Active attack has been observed in the wild and there is no patch from the vendor. An active attack is a prerequisite for this RTI in addition to no patch from the vendor. If a vulnerability is not actively attacked this RTI will not be set (even if there is no patch from the vendor). If a patch becomes available Qualys will remove the Zero Day RTI attribute which helps users to focus only on vulnerabilities that are actively exploited and there is no official patch.

Exploit_Public (2)

Exploit knowledge is well known and a working exploitation code is publicly available. Potential of active attacks is very high. This attribute is set for example when PoC exploit code is available from Exploit-DB, Metasploit, Core, Immunity or other exploit vendors. This RTI does not necessarily indicate that active attacks have been observed in the wild.

Active_Attacks (3)

Active attacks have been observed in the wild. This information is derived from Malware, Exploit Kits, acknowledgment from vendors, US-CERT and similar trusted sources. If there are no patches, Qualys will mark it as Zero Day, in addition, to actively attacked.

High_Lateral_Movement (4)

After a successful compromise, the attacker has high potential to compromise other machines in the network.

Easy_Exploit (5)

The attack can be carried out easily and requires little skills or does not require additional information.

High_Data_Loss (6)

Successful exploitation will result in massive data loss on the host.

Denial_of_Service (7)

Successful exploitation will result in denial of service.

No_Patch (8)

The vendor has not provided an official fix.

Malware (9)

Malware has been associated with the vulnerability.

Exploit_Kit (10)

Exploit Kit has been associated with this vulnerability. Exploit Kits are usually cloud based toolkits that help malware writers in identifying vulnerable browsers/plugins and install malware. Users can also search on Exploit Kit name like Angler, Nuclear, Rig and others.

Wormable (11)

Wormable has been associated with this vulnerability. The vulnerability can be used in "worms" - malware that spreads itself without user interaction.

Predicted_High_Risk (12)

Predicted High Risk has been associated with this vulnerability. Qualys Machine Learning Model predicted this vulnerability as a High Risk based on various data sources including NVD, Social network, Dark web, Security Blogs, Code repository, Exploits, etc.

Privilege_Escalation (13)

Successful exploitation allows an attacker to gain elevated privileges.

Unauthenticated_Exploitation (14)

Exploitation of this vulnerability does not require authentication.

Remote_Code_Execution (15)

Successful exploitation allows an attacker to execute arbitrary commands or code on a targeted system or in a target process.

Ransomware (16)

This vulnerability has been exploited in attack vectors where ransomware has been deployed. In other words, this vulnerability is associated with known ransomware.

Solorigate_Sunburst (17)

Solorigate Sunburst has been associated with all the CVEs, used by FireEye's Red Team tools to test the security of their client environments and compromised versions of SolarWinds Orion.