# UpdateVulnerabilityWithLibrary ## Parameters The following URL, Headers and Parameters are required for requests to this API endpoint. Where a parameter is optional, it will be indicated. Otherwise treat all parameters as mandatory. ### Headers ``` PUT /api/ss/vulnerability-with-library/:vulnerabilityId HTTP/1.1 Host: demo.attackforge.com X-SSAPI-KEY: APIKey Content-Type: application/json Connection: close ``` ### Query **vulnerabilityId (string)** Identifier for the vulnerability. Example: ``` PUT /api/ss/vulnerability-with-library/5f976f775345860a3491e075 HTTP/1.1 ``` **projectId (string)** Identifier for the project. Example: ``` { "projectId": "656158c0965172000f9119e8" } ``` **vulnerabilityLibraryId (string)** Identifier for the writeup. Example: ``` { "vulnerabilityLibraryId": "656158c0965172000f9119a8" } ``` **library (*****string*****) (*****optional*****)** Search this library when matching vulnerabilityLibraryId. Must be either "Imported Vulnerabilities", "Main Vulnerabilities", "Project Vulnerabilities" or key for a custom library (if custom libraries are used). Default is Main Vulnerabilities Library. Example: ``` { "library": "Imported Vulnerabilities" } ``` **asset\_library\_ids (*****array of strings*****) (*****optional*****)** Asset libraries to map affected asset(s) against. Example: ``` { "asset_library_ids": ["6569608e55bc00bacc67b417", "...", "..."] } ``` **affected\_asset (object) (*****optional*****)** Id or Name of the affected asset. Example: ``` { "affected_asset": { "assetId": "...", "assetName": "..." } } ``` **affected\_assets (array of objects) (optional)** Assign multiple assets to vulnerability. Example: ``` [ { "assetId": "...", "assetName": "...", "notes": [ "..." ], "tags": [ "..." ], "actioned": false, "components": [ { "name": "...", "notes": [ "..." ], "actioned": false, "tags": [ "..." ] } ] } ] ``` **created (string) (optional)** Overwrite the created timestamp for the vulnerability. Must be UTC string e.g. 2021-06-03T23:15:33.008Z. Example: ``` { "created": "2021-06-03T23:15:33.008Z" } ``` **priority (string) (optional)** Priority for the vulnerability. Must be one of the following: *Critical, High, Medium, Low, Info* Example: ``` { "priority": "Critical" } ``` **status (string) (optional)** Status for the vulnerability. Must be one of the following: *Open, Closed, Retest* Example: ``` { "status": "Closed" } ``` **reason (string) (optional)** Reason for the status. Status must also be supplied. Must be one of the following - "Issue has been fixed", "Issue has not been fixed", "Risk accepted", "". Example: ``` { "status": "Closed", "reason": "Risk accepted" } ``` **likelihood\_of\_exploitation (number) (optional)** Likelihood of Exploitation for the vulnerability. Must be a number between 1 to 10. Example: ``` { "likelihood_of_exploitation": 10 } ``` **steps\_to\_reproduce (string) (optional)** Steps to Reproduce the vulnerability (POC). Example: ``` { "steps_to_reproduce": "..." } ``` **cvssv4\_vector (string) (optional)** CVSS Version 4 vector string. Example: ``` { "cvssv4_vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:L" } ``` **tags (array of strings) (optional)** Tags for the vulnerability. Example: ``` { "tags": ["...", "...", "..."] } ``` **notes (array of strings) (optional)** Notes for the vulnerability. Example: ``` { "notes": ["...", "...", "..."] } ``` **is\_zeroday (boolean) (optional)** Whether vulnerability is a zeroday (0-day) or not. Example: ``` { "is_zeroday": true } ``` **is\_visible (boolean) (optional)** Whether vulnerability is visible to the project team (true) or only team members with Edit access (false). Example: ``` { "is_visible": true } ``` **is\_deleted (boolean) (optional)** Whether vulnerability is deleted or not. Example: ``` { "is_deleted": false } ``` **custom\_tags (*****array of objects*****) (*****optional*****)** Custom tags. Must include a name and value. Name must be unique and letters, numbers and underscores only. Example: ``` { "custom_tags": [{"name": "...", "value": "..."}] } ``` **linked\_testcases (array of strings) (optional)** Test case Ids to link to the vulnerability. Example: ``` { "linked_testcases": ["..."] } ``` **custom\_fields (*****array of objects*****) (*****optional*****)** Custom fields. Must include a key and value. Key must be unique and letters, numbers and underscores only. For more information visit Example: ``` { "custom_fields": [{"key": "...", "value": "..."}] } ``` ## Example The following example is a cURL request to update a vulnerability by its identifier (Id) and an issue from the Vulnerability Library by its identifier (Id). ### Request Include API Token instead of stars in 'X-SSAPI-KEY: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*' parameter. ``` curl -X PUT 'https://localhost:3000/api/ss/vulnerability-with-library/5f976f775345860a3491e075' -H 'Host: localhost:3000' -H 'X-SSAPI-KEY: ***************************************' -H 'Content-Type: application/json' -H 'Connection: close' -d '{ "vulnerabilityLibraryId": "212193650644186", "library": "Imported Vulnerabilities", "priority": "Critical", "status": "Open", "likelihood_of_exploitation": 10, "steps_to_reproduce": "Lorem Ipsum...", "tags": ["CWE-89", "Injection"], "notes": ["Lorem Ipsum...", "Lorem Ipsum..."], "is_zeroday": false, "is_visible": true, "is_deleted": false, "custom_tags": [{"name": "ext_vuln_score", "value": "123"}], "custom_fields": [{"key": "af_sys_affected_endpoint", "value": "https://batportal.attackforge.com"}], "linked_testcases": ["66845d85d427ba0010d0681b"] }' ``` ### Response Response contains a result object. ``` { "result": { "result": "Vulnerability Updated" } } ```