# UpdateVulnerabilityById ## Parameters The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory. ### Headers ``` PUT /api/ss/vulnerability/:id HTTP/1.1 Host: demo.attackforge.com X-SSAPI-KEY: APIKey Content-Type: application/json Connection: close ``` ### Query **id (string)** Identifier for the vulnerability. Example: ``` PUT /api/ss/vulnerability/5e7afb0be7aa1b0f20eb62fe HTTP/1.1 ``` **projectId (string)** Identifier for the project. Example: ``` { "projectId": "656158c0965172000f9119e8" } ``` **asset\_library\_ids (*****array of strings*****) (*****optional*****)** Asset libraries to map affected asset(s) against. Example: ``` { "asset_library_ids": ["6569608e55bc00bacc67b417", "...", "..."] } ``` **affected\_asset (object) (*****optional*****)** Id or Name of the affected asset. Example: ``` { "affected_asset": { "assetId": "...", "assetName": "..." } } ``` **affected\_assets (array of objects) (optional)** Assign multiple assets to vulnerability. Example: ``` [ { "assetId": "...", "assetName": "...", "notes": [ "..." ], "tags": [ "..." ], "actioned": false, "components": [ { "name": "...", "notes": [ "..." ], "actioned": false, "tags": [ "..." ] } ] } ] ``` **created (string) (optional)** Overwrite the created timestamp for the vulnerability. Must be UTC string e.g. 2021-06-03T23:15:33.008Z. Example: ``` { "created": "2021-06-03T23:15:33.008Z" } ``` **title (string) (optional)** Title for the vulnerability. Example: ``` { "title": "..." } ``` **priority (string) (optional)** Priority for the vulnerability. Must be one of the following: Critical, High, Medium, Low, Info Example: ``` { "priority": "Critical" } ``` **status (string) (optional)** Status for the vulnerability. Must be one of the following: Open, Closed, Retest Example: ``` { "status": "Closed" } ``` **reason (string) (optional)** Reason for the status. Status must also be supplied. Must be one of the following - "Issue has been fixed", "Issue has not been fixed", "Risk accepted", "". Example: ``` { "status": "Closed", "reason": "Risk accepted" } ``` **likelihood\_of\_exploitation (number) (optional)** Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10. Example: ``` { "likelihood_of_exploitation": 10 } ``` **description (string) (optional)** Description of the vulnerability. Example: ``` { "description": "..." } ``` **attack\_scenario (string) (optional)** Attack Scenario for the vulnerability. Example: ``` { "attack_scenario": "..." } ``` **remediation\_recommendation (string) (optional)** Remediation Recommendation for the vulnerability. Example: ``` { "remediation_recommendation": "..." } ``` **steps\_to\_reproduce (string) (optional)** Steps to Reproduce the vulnerability (POC). Example: ``` { "steps_to_reproduce": "..." } ``` **cvssv4\_vector (string) (optional)** CVSS Version 4 vector string. Example: ``` { "cvssv4_vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" } ``` **tags (array of strings) (optional)** Tags for the vulnerability. Example: ``` { "tags": ["...", "...", "..."] } ``` **notes (array of objects) (optional)** Notes for the vulnerability. Type is optional. Type must be either PLAINTEXT or RICHTEXT. Example: ``` { "notes": [ { "note": "Lorem ipsum..", "type": "PLAINTEXT" } ] } ``` **is\_zeroday (boolean) (optional)** Whether vulnerability is a zeroday (0-day) or not. Example: ``` { "is_zeroday": true } ``` **is\_visible (boolean) (optional)** Whether vulnerability is visible to the project team (true) or only team members with Edit access (false). Example: ``` { "is_visible": true } ``` **is\_deleted (boolean) (optional)** Whether vulnerability is deleted or not. Example: ``` { "is_deleted": false } ``` **custom\_tags (*****array of objects*****) (*****optional*****)** Custom tags. Must include a name and value. Name must be unique and letters, numbers and underscores only. Example: ``` { "custom_tags": [{"name": "...", "value": "..."}] } ``` **linked\_testcases (array of strings) (optional)** Test case Ids to link to the vulnerability. Example: ``` { "linked_testcases": ["..."] } ``` **custom\_fields (*****array of objects*****) (*****optional*****)** Custom fields. Must include a key and value. Key must be unique and letters, numbers and underscores only. For more information visit Example: ``` { "custom_fields": [{"key": "...", "value": "..."}] } ``` ## Example The following example is a cURL request to update a vulnerability by its identifier (Id). ### Request Include API Token instead of stars in 'X-SSAPI-KEY: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*' parameter. ``` curl -X PUT 'https://demo.attackforge.com/api/ss/vulnerability/5e7afb0be7aa1b0f20eb62fe' -H 'Host: demo.attackforge.com' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{ "title": "SQL Injection", "priority": "Critical", "status": "Open", "likelihood_of_exploitation": 10, "description": "Lorem Ipsum...", "attack_scenario": "Lorem Ipsum...", "remediation_recommendation": "Lorem Ipsum...", "steps_to_reproduce": "Lorem Ipsum...", "tags": ["CWE-89", "Injection"], "notes": [ { "note": "Lorem ipsum..", "type": "PLAINTEXT" } ], "is_zeroday": false, "is_visible": true, "is_deleted": false, "custom_tags": [{"name": "ext_vuln_score", "value": "123"}], "custom_fields": [{"key": "af_sys_affected_endpoint", "value": "https://batportal.attackforge.com"}], "linked_testcases": ["66845d85d427ba0010d0681b"] }' ``` ### Response Response contains a result object. ``` { "result": { "result": "Vulnerability Updated" } } ```