LogoLogo
  • AttackForge Support
  • Release Notes
    • 2025
    • 2024
    • 2023
    • 2022
    • 2021
    • 2020
    • 2019
  • Core & Enterprise
    • Getting Started
      • How It Works
      • Requesting A Project
      • Creating & Updating Projects
      • Invite User To Project
      • View Project Team
      • Project Scope
      • Project Workspace
      • Project Notes
      • Project Pages
      • Test Cases
      • Creating Vulnerabilities
      • Updating Vulnerabilities
      • Review & QA
      • Attack Chains
      • Reporting
      • Retesting & Remediation
      • Notifications
      • Custom Fields & Forms
      • Vulnerability SLAs
      • User Settings
      • Login Redirects
    • Modules
      • Dashboard
      • Analytics
      • Vulnerabilities
      • Projects
      • Scheduling
      • Portfolios
      • Groups
      • Attack Chains
      • Assets
      • Writeups
      • Test Suites
      • Report Templates
        • Overview
        • Tutorial
        • Tips & Tricks
        • Troubleshooting
        • Template - Report Templates
        • Template - Tags
        • Template - Options
        • Template - Functions
        • Template - Filters
        • Template - Styles
        • Template - Tables
        • Template - Charts
        • Template - Conditions
        • ReportGen CLI
        • ReportGen Library
      • Users
      • Administration
      • Flows
      • Self-Service RESTful API
        • GETTING STARTED
        • EXPORTING TO CSV
        • ADVANCED QUERY FILTER
        • ActivateUser
        • AddProjectMembershipAdministrators
        • AddTestcaseToTestsuite
        • AddTestcasesToTestsuite
        • AddUserToGroup
        • ApproveProjectRequestById
        • ArchivePortfolio
        • ArchiveProject
        • CancelProjectRetestRound
        • CloneProject
        • CompleteProjectRetestRound
        • CreateAssetInLibrary
        • CreateGroup
        • CreatePortfolio
        • CreateProject
        • CreateProjectNote
        • CreateProjectRequest
        • CreateProjectTestCase
        • CreateProjectWorkspaceNote
        • CreateRemediationNote
        • CreateScope
        • CreateTestcaseNote
        • CreateTestsuite
        • CreateUser
        • CreateUsers
        • CreateVulnerability
        • CreateVulnerabilityBulk
        • CreateVulnerabilityLibraryIssue
        • CreateVulnerabilityWithLibrary
        • DeactivateUser
        • DownloadProjectTestCaseFile
        • DownloadProjectTestCaseNoteFile
        • DownloadProjectTestCaseWorkspaceNoteFile
        • DownloadVulnerabilityEvidence
        • DownloadVulnerabilityLibraryFile
        • DownloadWorkspaceFile
        • GetApplicationAuditLogs
        • GetAssets
        • GetAssetsByGroup
        • GetAssetInLibrary
        • GetAssetsInLibrary
        • GetCustomFieldsConfig
        • GetFormConfig
        • GetGroup
        • GetGroups
        • GetMostCommonVulnerabilities
        • GetMostFailedTestcases
        • GetMostVulnerableAssets
        • GetPortfolio
        • GetPortfolios
        • GetPortfolioStream
        • GetProjectAuditLogs
        • GetProjectById
        • GetProjects
        • GetProjectsAndVulnerabilities
        • GetProjectsByGroup
        • GetProjectMembershipAdministrators
        • GetProjectNotes
        • GetProjectReport
        • GetProjectReportData
        • GetProjectRequests
        • GetProjectRequestById
        • GetProjectTestcasesById
        • GetProjectVulnerabilitiesById
        • GetProjectWorkspace
        • GetTestsuiteById
        • GetTestsuites
        • GetUserByEmail
        • GetUserById
        • GetUserByUsername
        • GetUserAuditLogs
        • GetUserGroups
        • GetUserLoginHistory
        • GetUserProjects
        • GetUsers
        • GetVulnerabilityById
        • GetVulnerabilities
        • GetVulnerabilitiesByAssetName
        • GetVulnerabilitiesByGroup
        • GetVulnerabilityLibraryIssues
        • GetVulnerabilityRevisionHistory
        • InviteUserToProject
        • InviteUsersToProjectTeam
        • RejectProjectRequestById
        • RegenerateAPIKey
        • RemoveProjectMembershipAdministrators
        • RemoveProjectTeamMembers
        • RequestNewProjectRetest
        • RestoreProject
        • SendEmail
        • SendDailyCommencementEmail
        • SendDailyCompletionEmail
        • UpdateAssetInLibrary
        • UpdateCustomFieldsConfig
        • UpdateExecSummaryNotes
        • UpdateFormConfig
        • UpdateGroup
        • UpdatePortfolio
        • UpdateProjectById
        • UpdateProjectMembershipAdministrators
        • UpdateProjectNote
        • UpdateProjectRequestById
        • UpdateProjectRetestRound
        • UpdateProjectWorkspaceNote
        • UpdateScope
        • UpdateTestcase
        • UpdateTestcaseOnTestsuite
        • UpdateTestsuite
        • UpdateUserAccessOnGroup
        • UpdateUserAccessOnProject
        • UpdateUser
        • UpdateVulnerabilityById
        • UpdateVulnerabilityLibraryIssue
        • UpdateVulnerabilitySLAs
        • UpdateVulnerabilityWithLibrary
        • UploadTestcaseFile
        • UploadVulnerabilityEvidence
        • UploadVulnerabilityLibraryFile
        • UploadWorkspaceFile
      • Self-Service Events API
        • GETTING STARTED
        • Project Created
        • Project Updated
        • Project Request Created
        • Project Request Updated
        • Project Retest Requested
        • Project Retest Completed
        • Project Retest Cancelled
        • Vulnerability Created
        • Vulnerability Updated
        • Vulnerability Evidence Created
        • Vulnerability Evidence Updated
        • Vulnerability Remediation Note Created
        • Vulnerability Remediation Note Updated
    • AFScript
    • Access Control Matrix
    • Raising Support Tickets
    • Security
  • Contact
Powered by GitBook

Check YouTube for more tutorials: https://youtube.com/@attackforge

On this page
  • Parameters
  • Headers
  • Query
  • Example
  • Request
  • Response
  1. Core & Enterprise
  2. Modules
  3. Self-Service RESTful API

UpdateVulnerabilityWithLibrary

This method can be used for the following: Update a vulnerability on a project you have access to, by vulnerability identifier (Id) and vulnerability library identifier (Id).

Parameters

The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory.

Headers

PUT /api/ss/vulnerability-with-library/:vulnerabilityId HTTP/1.1
Host: demo.attackforge.com
X-SSAPI-KEY: APIKey
Content-Type: application/json
Connection: close

Query

vulnerabilityId (string)

Identifier for the vulnerability.

Example:

PUT /api/ss/vulnerability-with-library/5f976f775345860a3491e075 HTTP/1.1

projectId (string)

Identifier for the project.

Example:

{
   "projectId": "656158c0965172000f9119e8"
}

vulnerabilityLibraryId (string)

Identifier for the writeup.

Example:

{
   "vulnerabilityLibraryId": "656158c0965172000f9119a8"
}

library (string) (optional)

Search this library when matching vulnerabilityLibraryId. Must be either "Imported Vulnerabilities", "Main Vulnerabilities", "Project Vulnerabilities" or key for a custom library (if custom libraries are used). Default is Main Vulnerabilities Library.

Example:

{   
    "library": "Imported Vulnerabilities"
}

asset_library_ids (array of strings) (optional)

Asset libraries to map affected asset(s) against.

Example:

{
   "asset_library_ids": ["6569608e55bc00bacc67b417", "...", "..."]
}

affected_asset (object) (optional)

Id or Name of the affected asset.

Example:

{
   "affected_asset": {
      "assetId": "...",
      "assetName": "..."
   }
}

affected_assets (array of objects) (optional)

Assign multiple assets to vulnerability.

Example:

[
   {
      "assetId": "...",
      "assetName": "...",
      "notes": [
         "..."
      ],
      "tags": [
         "..."
      ],
      "actioned": false,
      "components": [
         {
            "name": "...",
            "notes": [
               "..."
            ],
            "tags": [
               "..."
            ]
         }
      ]
   }
]

created (string) (optional)

Overwrite the created timestamp for the vulnerability. Must be UTC string e.g. 2021-06-03T23:15:33.008Z.

Example:

{
   "created": "2021-06-03T23:15:33.008Z"
}

priority (string) (optional)

Priority for the vulnerability. Must be one of the following: Critical, High, Medium, Low, Info

Example:

{
   "priority": "Critical"
}

status (string) (optional)

Status for the vulnerability. Must be one of the following: Open, Closed, Retest

Example:

{
   "status": "Closed"
}

likelihood_of_exploitation (number) (optional)

Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10.

Example:

{
   "likelihood_of_exploitation": 10
}

steps_to_reproduce (string) (optional)

Steps to Reproduce the vulnerability (POC).

Example:

{
   "steps_to_reproduce": "..."
}

tags (array of strings) (optional)

Tags for the vulnerability.

Example:

{
   "tags": ["...", "...", "..."]
}

notes (array of strings) (optional)

Notes for the vulnerability.

Example:

{
   "notes": ["...", "...", "..."]
}

is_zeroday (boolean) (optional)

Whether vulnerability is a zeroday (0-day) or not.

Example:

{
   "is_zeroday": true
}

is_visible (boolean) (optional)

Whether vulnerability is visible to the project team (true) or only team members with Edit access (false).

Example:

{
   "is_visible": true
}

is_deleted (boolean) (optional)

Whether vulnerability is deleted or not.

Example:

{
   "is_deleted": false
}

custom_tags (array of objects) (optional)

Custom tags. Must include a name and value. Name must be unique and letters, numbers and underscores only.

Example:

{   
    "custom_tags": [{"name": "...", "value": "..."}]
}

linked_testcases (array of strings) (optional)

Test case Ids to link to the vulnerability.

Example:

{
    "linked_testcases": ["..."]
}

custom_fields (array of objects) (optional)

Custom fields. Must include a key and value. Key must be unique and letters, numbers and underscores only.

Example:

{   
    "custom_fields": [{"key": "...", "value": "..."}]
}

Example

The following example is a cURL request to update a vulnerability by its identifier (Id) and an issue from the Vulnerability Library by its identifier (Id).

Request

Include API Token instead of stars in 'X-SSAPI-KEY: ***************************************' parameter.

curl -X PUT 'https://localhost:3000/api/ss/vulnerability-with-library/5f976f775345860a3491e075' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{
    "vulnerabilityLibraryId": "212193650644186",
    "library": "Imported Vulnerabilities",
    "priority": "Critical",
    "status": "Open",
    "likelihood_of_exploitation": 10,
    "steps_to_reproduce": "Lorem Ipsum...",
    "tags": ["CWE-89", "Injection"],
    "notes": ["Lorem Ipsum...", "Lorem Ipsum..."],
    "is_zeroday": false,
    "is_visible": true,
    "is_deleted": false,
    "custom_tags": [{"name": "ext_vuln_score", "value": "123"}],
    "custom_fields": [{"key": "af_sys_affected_endpoint", "value": "https://batportal.attackforge.com"}],
    "linked_testcases": ["66845d85d427ba0010d0681b"]
}'

Response

Response contains a result object.

{
   "result": {
      "result": "Vulnerability Updated"
   }
}
PreviousUpdateVulnerabilitySLAsNextUploadTestcaseFile

Last updated 8 months ago

For more information visit

https://support.attackforge.com/attackforge-enterprise/getting-started/custom-fields-and-forms#using-custom-fields-with-apis