The Edgewatch CVE Lookup API, offers developers a powerful interface to retrieve detailed information on Common Vulnerabilities and Exposures (CVEs). This guide provides a thorough overview of the API’s endpoints, their functionalities, and practical usage examples, enabling smooth and efficient integration into your applications.
Base URL for the API calls:
https://cve.edgewatch.net/api/Retrieve CVE Details by ID
- Endpoint:
GET /cves/{cve_id} - Description: Fetches detailed information for a specific CVE identified by its unique ID.
- Parameters:
cve_id(path parameter): The unique identifier for the CVE (e.g.,CVE-2021-34527).
- Response: Returns a JSON object containing comprehensive details about the specified CVE, including its description, impact metrics, references, and more.
Example Request:
GET /cves?cves=CVE-2021-34527'Example Response:
[
{
"cve": {
"id": "CVE-2021-34527",
"assigner": "[email protected]",
"access": {
"authentication": "SINGLE",
"complexity": "LOW",
"vector": "NETWORK"
},
"cvss": 8.8,
"impactScore": 5.9,
"exploitabilityScore": 2.8,
"impact": {
"availability": "HIGH",
"confidentiality": "HIGH",
"integrity": "HIGH"
},
"exploitability": {
"attackvector": "NETWORK",
"attackcomplexity": "LOW",
"privilegesrequired": "LOW",
"userinteraction": "NONE",
"scope": "UNCHANGED"
},
"summary": "<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>UPDATE July 7, 2021: The security update for Windows Server 2012, Windows Server 2016 and Windows 10, Version 1607 have been released. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability.</p>\n<p>In addition to installing the updates, in order to secure your system, you must confirm that the following registry settings are set to 0 (zero) or are not defined (<strong>Note</strong>: These registry keys do not exist by default, and therefore are already at the secure setting.), also that your Group Policy setting are correct (see FAQ):</p>\n<ul>\n<li>HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Printers\\PointAndPrint</li>\n<li>NoWarningNoElevationOnInstall = 0 (DWORD) or not defined (default setting)</li>\n<li>UpdatePromptSettings = 0 (DWORD) or not defined (default setting)</li>\n</ul>\n<p><strong>Having NoWarningNoElevationOnInstall set to 1 makes your system vulnerable by design.</strong></p>\n<p>UPDATE July 6, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. If you are unable to install these updates, see the FAQ and Workaround sections in this CVE for information on how to help protect your system from this vulnerability. See also <a href=\"https://support.microsoft.com/topic/31b91c02-05bc-4ada-a7ea-183b129578a7\">KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates</a>.</p>\n<p>Note that the security updates released on and after July 6, 2021 contain protections for CVE-2021-1675 and the additional remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527.</p>\n",
"translations": [
{
"summary": "Una vulnerabilidad en la ejecución de código remota de Windows Print Spooler",
"provider": "INCIBE",
"language": "ES-es"
}
],
"cweId": "CWE-269",
"references": [
"http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34527"
]
},
"cwe": [
{
"id": "269",
"description": "User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).User with capability can prevent setuid program from dropping privileges (Unsafe privileged actions).",
"name": "Improper Privilege Management",
"related_weaknesses": [
"284"
],
"status": "Draft",
"weaknessabs": "Class"
}
],
"capec": [
{
"id": "122",
"loa": "High",
"name": "Privilege Abuse",
"prerequisites": "The target must have misconfigured their access control mechanisms such that sensitive information, which should only be accessible to more trusted users, remains accessible to less trusted users. The adversary must have access to the target, albeit with an account that is less privileged than would be appropriate for the targeted resources.",
"related_capecs": [
"664"
],
"related_weakness": [
"1317",
"269",
"732"
],
"solutions": "Configure account privileges such privileged/administrator functionality is not exposed to non-privileged/lower accounts.",
"summary": "An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.",
"taxonomy": {
"ATTACK": {
"1548": {
"Entry_ID": "1548",
"Entry_Name": "Abuse Elevation Control Mechanism",
"URL": "https://attack.mitre.org/techniques/T1548"
}
}
},
"typical_severity": "Medium"
},
{
"id": "233",
"loa": "Medium",
"name": "Privilege Escalation",
"prerequisites": "",
"related_capecs": [],
"related_weakness": [
"1264",
"1311",
"269"
],
"solutions": "",
"summary": "An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.",
"taxonomy": {
"ATTACK": {
"1548": {
"Entry_ID": "1548",
"Entry_Name": "Abuse Elevation Control Mechanism",
"URL": "https://attack.mitre.org/techniques/T1548"
}
}
},
"typical_severity": "High"
},
{
"id": "58",
"loa": "High",
"name": "Restful Privilege Elevation",
"prerequisites": "The attacker needs to be able to identify HTTP Get URLs. The Get methods must be set to call applications that perform operations other than get such as update and delete.",
"related_capecs": [
"1",
"180"
],
"related_weakness": [
"267",
"269"
],
"solutions": "Design: Enforce principle of least privilege Implementation: Ensure that HTTP Get methods only retrieve state and do not alter state on the server side Implementation: Ensure that HTTP methods have proper ACLs based on what the functionality they expose",
"summary": "An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.",
"typical_severity": "High"
}
]
}
]
Search CPE.
- Endpoint:
GET /cpes - Description: Get all data related to a CPE. Including product, vendor and version.
- Parameters:
name(query parameter): Name of product- version (query parameter): Product version
- Response: Returns a JSON array of CPEs matching the search criteria, each containing key details.
Example Request:
GET /cpe?name=openssh&version=8.2Example Response:
[
{
"id": 3399211,
"fetch_type": "nvd",
"cpe_uri": "cpe:/a:openbsd:openssh:8.2",
"cpe_fs": "cpe:2.3:a:openbsd:openssh:8.2:*:*:*:*:*:*:*",
"part": "a",
"vendor": "openbsd",
"product": "openssh",
"version": "8\\.2",
"update": "ANY",
"edition": "ANY",
"language": "ANY",
"software_edition": "ANY",
"target_software": "ANY",
"target_hardware": "ANY",
"other": "ANY",
"deprecated": 0,
"title": "OpenBSD OpenSSH 8.2"
}
]
Exclusive Feature: CVE Description Translations
The Edgewatch CVE Lookup API offers a unique and exclusive feature: CVE description translations. This functionality is particularly valuable for global teams who may need security information in their native language. The translation service ensures that crucial vulnerability details are easily accessible and understandable across different linguistic and cultural contexts.
How It Works:
When you retrieve details for a specific CVE using the GET /cve/{cve_id} endpoint, the API provides descriptions in multiple languages within the response. Each description is associated with a language code, allowing applications to display the appropriate version based on user preferences.
Example Response:
"translations":[
{
"summary":"El lado del cliente en OpenSSH versiones 5.7 hasta 8.4, presenta una Discrepancia Observable que conlleva a una filtración de información en la negociación del algoritmo. Esto permite a atacantes de tipo man-in-the-middle apuntar a unos intentos iniciales de conexión (donde ninguna clave de host para el servidor ha sido almacenada en caché por parte del cliente) NOTA: algunos informes afirman que las versiones 8.5 y 8.6 también están afectadas.",
"provider":"INCIBE",
"language":"ES-es"
}In this example, the CVE description is provided in Spanish ("lang": "es-ES"), with the translation sourced from INCIBE (the Spanish Cybersecurity Agency). It is important to note that the translation provider may vary. Edgewatch has proactively completed any missing translations themselves to ensure comprehensive coverage where official translations are unavailable. Applications can leverage this multilingual support to present CVE descriptions in the user’s preferred language, significantly enhancing accessibility and understanding for a global audience.
Benefits:
- Enhanced Accessibility: Users can access CVE information in their native language, reducing misunderstandings and improving clarity.
- Improved Collaboration: Multilingual descriptions facilitate better communication among international teams, ensuring all members have a consistent understanding of vulnerabilities.
- Regulatory Compliance: Providing information in multiple languages can assist organizations in meeting regional compliance requirements related to information accessibility.
By integrating this feature, developers can create applications that cater to a global audience, promoting inclusivity and effective dissemination of critical security information.
Authentication
Even though access is currently open, the Edgewatch CVE Lookup API may require an API key for authentication in the future. If authentication becomes necessary, you can include your API key in the Authorization header of each request like this:
Authorization: Bearer YOUR_API_KEYThis setup ensures secure access and usage, helping maintain data integrity and user privacy. Be sure to keep your API key secure and avoid exposing it in public repositories or client-side code.
Rate Limiting
The API enforces rate limits to ensure fair usage. If you exceed the allowed number of requests per minute, you will receive a 429 Too Many Requests response. It’s advisable to implement exponential backoff in your application to handle such scenarios gracefully.
Error Handling
The API uses standard HTTP status codes to indicate the success or failure of a request:
200 OK: The request was successful.400 Bad Request: The request was malformed or contained invalid parameters.401 Unauthorized: Authentication failed due to a missing or invalid API key.404 Not Found: The requested resource was not found.429 Too Many Requests: Rate limit exceeded.500 Internal Server Error: An error occurred on the server.
Best Practices
- Caching: To optimize performance and reduce the number of API calls, implement caching strategies where appropriate.
- Error Handling: Ensure your application gracefully handles errors by checking HTTP status codes and implementing retry logic with exponential backoff.
- Data Validation: Validate input parameters before making API requests to prevent unnecessary errors.
- Security: Keep your API key secure and avoid exposing it in client-side code.
For more detailed information and to explore the API interactively, refer to the Edgewatch CVE Lookup API Swagger Documentation.