Vulnerability ID. Can be a single ID or a comma-separated list of IDs.

Display vulnerability data if value is 1. This is also the default behavior if this parameter is omitted from the request. If the value is 0, vulnerability data is NOT displayed.

Display general information about each vulnerability. The 'custom' option will display custom descriptions.

Display the default general information about each vulnerability (no custom description).

Display general vulnerability solution information. The 'custom' option will display custom solutions.

Display the default solution for each vulnerability (no custom solution).

Display all questions and answers (Q and A) that exist for each vulnerability.

Display the Common Vulnerability Scoring System (CVSS) score and vector for each vulnerability.

Display all tags for each vulnerability.

Display risk value for each vulnerability. Only meaningful to Advanced Scoring users.

Display impact value for each vulnerability. Only meaningful to Advanced Scoring users.

Display likelihood value for each vulnerability. Only meaningful to Advanced Scoring users.

Display the date the vulnerability was first opened.

Display each vulnerability's custom risk, if it is defined. Only meaningful to Advanced Scoring users who make use of custom scoring features.

If a custom policy is applied to any vuln retrieved, setting this parameter displays the custom policy name, description, who created the policy, and the date the policy was created. Only meaningful to Advanced Scoring users who make use of custom scoring features.

Display the text values of vulnerability scores instead of numeric. NOTE: Only available for CSV output at this time.

Display attack vector (AV) data.
Values allowed: 0, 1, open, closed, accepted, invalid, all.
Specifying 0 displays minimal data on open, closed, and accepted AVs.
Specifying 1 displays details on open, closed, and accepted AVs.
Specifying 'all' displays details on AVs of all statuses.
Specifying 'open' displays details on open AVs.

With the exception of 0, 1, and 'all', comma-separated combinations of these options are also allowed.
EXAMPLE: 'open,accepted'

Display all attack vector notes for each vulnerability attack vector. PREREQUISITE: display_attack_vectors=1

Display whether or not an attack vector is 'flagged'. PREREQUISITE: display_attack_vectors=1

Display scanner tags for each attack vector. PREREQUISITE: display_attack_vectors=1

Displays attack vectors that have the given ''unreachable'' status. If a vector has this flag set to TRUE (1), a retest on the vector returned a response that was significantly different from the original response, indicating a very different page is now associated with the attack vector path. PREREQUISITE: display_attack_vectors=1

Display attack vector request information. Basic request data is already shown if display_attack_vectors=1, but this parameter may be useful if the user wishes to omit this information. PREREQUISITE: display_attack_vectors=1

Display attack vector response information. Basic response data is already shown if display_attack_vectors=1, but this parameter may be useful if the user wishes to omit this information. PREREQUISITE: display_attack_vectors=1

Display the attack vector response body (can be quite large). PREREQUISITE: display_attack_vectors=1

Display the attack vector response body match in full (can be quite large). Highlights where the vuln was found. PREREQUISITE: display_attack_vectors=1

Display a smaller (abbreviated) response body match as part of the response content. Highlights where the vuln was found. PREREQUISITE: display_attack_vectors=1, display_body=1

Display attack vector HTTP request and response headers. PREREQUISITE: display_attack_vectors=1

Display attack vector request parameter(s). This data is already shown if display_attack_vectors=1, but this parameter may be useful if the user wishes to omit this information. PREREQUISITE: display_attack_vectors=1

Display whether or not notes exist for vulnerabilities and attack vectors (result value will be 1 if notes exist, 0 if not).

Display vulnerability statistics for all sites accessible to the requester.

Reports vulnerabilities that encountered errors attempting to retrieve attack vector response data. In most cases, issuing a retest on these vulns will fix the issue. PREREQUISITE: display_attack_vectors=1

Displays the CVSS v3 vector information for each vulnerability. Only applies to CSV format. PREREQUISITE: display_cvss=1

Displays the Business Logic Assessment (BLA) ID, if any, associated with each vulnerability.

Order the results.

Requested resource format for the response.

Generated from available response content types