Dela via


NIST NVD (Independent Publisher) (Preview)

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Power Automate Premium All Power Automate regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Power Apps Premium All Power Apps regions except the following:
     -   US Government (GCC)
     -   US Government (GCC High)
     -   China Cloud operated by 21Vianet
     -   US Department of Defense (DoD)
Contact
Name Paul Culmsee
URL https://nvd.nist.gov/
Email paul.culmsee@sevensigma.com.au
Connector Metadata
Publisher Paul Culmsee
Website https://nvd.nist.gov/
Privacy Policy https://www.nist.gov/privacy-policy#privpolicy
Categories Business Management; IT Operations

Creating a connection

The connector supports the following authentication types:

Default Parameters for creating connection. All regions Not shareable

Default

Applicable: All regions

Parameters for creating connection.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Name Type Description Required
NIST API Key securestring The NIST API Key for this api True

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Actions

Retrieve a collection of CVE

Retrieve a collection of CVE

Retrieve CPE information

Retrieve Common Platform Enumeration information

Retrieve a collection of CVE

Retrieve a collection of CVE

Parameters

Name Key Required Type Description
Add CPE names
addOns string

addOns=dictionaryCpes adds official CPE names to the request

CPE Match String
cpeMatchString string

Filter vulnerabilities based on cpeMatchString of affected products

CVSS2 vector strings
cvssV2Metrics string

Filter vulnerabilities based on CVSS vector strings

CVSS V2 Severity
cvssV2Severity string

LOW, MEDIUM, or HIGH vulnerabilities

CVSS3 vector strings.
cvssV3Metrics string

Filter vulnerabilities based on CVSS vector strings

CVSS V3 Severity
cvssV3Severity string

Severity of LOW, MEDIUM, HIGH or CRITICAL vulnerabilities

Vulnerability classification (CWE-XX)
cweId string

MITRE Vulnerability classification (https://cwe.mitre.org/data/index.html)

Include Modified Names
includeMatchStringChange boolean

Include modified names in date queries

Exact Match
isExactMatch boolean

Match all keywords exactly vs match any

Keyword(s)
keyword string

keywords from vulnerability description or reference links.

Start Date Modified
modStartDate string

yyyy-MM-ddTHH:mm:ss:SSS Z

End Date Modified
modEndDate string

yyyy-MM-ddTHH:mm:ss:SSS Z

Start Date Published
pubStartDate string

yyyy-MM-ddTHH:mm:ss:SSS Z

End Date Published
pubEndDate string

yyyy-MM-ddTHH:mm:ss:SSS Z

Max results returned
resultsPerPage integer

maximum allowable limit is 2,000

Start Index
startIndex integer

Start Index

Returns

Name Path Type Description
resultsPerPage
resultsPerPage integer

Results Per Page

startIndex
startIndex integer

Start Index

totalResults
totalResults integer

Total Results

CVE_data_type
result.CVE_data_type string

CVE Data Type

CVE_data_format
result.CVE_data_format string

CVE Data Format

CVE_data_version
result.CVE_data_version string

CVE Data Version

CVE_data_timestamp
result.CVE_data_timestamp string

CVE Data Timestamp

CVE_Items
result.CVE_Items array of object

CVE Items

data_type
result.CVE_Items.cve.data_type string

Data Type

data_format
result.CVE_Items.cve.data_format string

Data Format

data_version
result.CVE_Items.cve.data_version string

Data Version

ID
result.CVE_Items.cve.CVE_data_meta.ID string

CVE ID

ASSIGNER
result.CVE_Items.cve.CVE_data_meta.ASSIGNER string

CVE ASSIGNER

problemtype_data
result.CVE_Items.cve.problemtype.problemtype_data array of object

Problem Type Data

description
result.CVE_Items.cve.problemtype.problemtype_data.description array of object

Problem Type Description

lang
result.CVE_Items.cve.problemtype.problemtype_data.description.lang string

Problem Type Language

value
result.CVE_Items.cve.problemtype.problemtype_data.description.value string

Problem Type Value

reference_data
result.CVE_Items.cve.references.reference_data array of object

Reference Data

url
result.CVE_Items.cve.references.reference_data.url string

Reference Url

name
result.CVE_Items.cve.references.reference_data.name string

Reference Name

refsource
result.CVE_Items.cve.references.reference_data.refsource string

Reference Source

tags
result.CVE_Items.cve.references.reference_data.tags array of string

Reference Tags

description_data
result.CVE_Items.cve.description.description_data array of object

Vulnerability Description Data

lang
result.CVE_Items.cve.description.description_data.lang string

Vulnerability Description Language

value
result.CVE_Items.cve.description.description_data.value string

Vulnerability Description Value

CVE_data_version
result.CVE_Items.configurations.CVE_data_version string

CVE Data Version

nodes
result.CVE_Items.configurations.nodes array of object

Nodes

operator
result.CVE_Items.configurations.nodes.operator string

Logical Operator

children
result.CVE_Items.configurations.nodes.children array of

Children

cpe_match
result.CVE_Items.configurations.nodes.cpe_match array of object

Maching CPE

vulnerable
result.CVE_Items.configurations.nodes.cpe_match.vulnerable boolean

Vulnerable

cpe23Uri
result.CVE_Items.configurations.nodes.cpe_match.cpe23Uri string

CPE23 Uri

versionEndExcluding
result.CVE_Items.configurations.nodes.cpe_match.versionEndExcluding string

Version End Excluding

cpe_name
result.CVE_Items.configurations.nodes.cpe_match.cpe_name array of object

CPE_Name

cpe23Uri
result.CVE_Items.configurations.nodes.cpe_match.cpe_name.cpe23Uri string

CPE23 Uri

lastModifiedDate
result.CVE_Items.configurations.nodes.cpe_match.cpe_name.lastModifiedDate string

Last Modified Date

version
result.CVE_Items.impact.baseMetricV3.cvssV3.version string

CVSSV3 Version

vectorString
result.CVE_Items.impact.baseMetricV3.cvssV3.vectorString string

CVSSV3 Vector String

attackVector
result.CVE_Items.impact.baseMetricV3.cvssV3.attackVector string

CVSSV3 Attack Vector

attackComplexity
result.CVE_Items.impact.baseMetricV3.cvssV3.attackComplexity string

CVSSV3 Attack Complexity

privilegesRequired
result.CVE_Items.impact.baseMetricV3.cvssV3.privilegesRequired string

CVSSV3 Privileges Required

userInteraction
result.CVE_Items.impact.baseMetricV3.cvssV3.userInteraction string

CVSSV3 User Interaction

scope
result.CVE_Items.impact.baseMetricV3.cvssV3.scope string

CVSSV3 Scope

confidentialityImpact
result.CVE_Items.impact.baseMetricV3.cvssV3.confidentialityImpact string

CVSSV3 Confidentiality Impact

integrityImpact
result.CVE_Items.impact.baseMetricV3.cvssV3.integrityImpact string

CVSSV3 Integrity Impact

availabilityImpact
result.CVE_Items.impact.baseMetricV3.cvssV3.availabilityImpact string

CVSSV3 Availability Impact

baseScore
result.CVE_Items.impact.baseMetricV3.cvssV3.baseScore

CVSSV3 Base Score

baseSeverity
result.CVE_Items.impact.baseMetricV3.cvssV3.baseSeverity string

CVSSV3 Base Severity

exploitabilityScore
result.CVE_Items.impact.baseMetricV3.exploitabilityScore

CVSSV3 Exploitability Score

impactScore
result.CVE_Items.impact.baseMetricV3.impactScore

CVSSV3 Impact Score

version
result.CVE_Items.impact.baseMetricV2.cvssV2.version string

CVSSV2 Version

vectorString
result.CVE_Items.impact.baseMetricV2.cvssV2.vectorString string

CVSSV2 VectorString

accessVector
result.CVE_Items.impact.baseMetricV2.cvssV2.accessVector string

CVSSV2 AccessVector

accessComplexity
result.CVE_Items.impact.baseMetricV2.cvssV2.accessComplexity string

CVSSV2 AccessComplexity

authentication
result.CVE_Items.impact.baseMetricV2.cvssV2.authentication string

CVSSV2 Authentication

confidentialityImpact
result.CVE_Items.impact.baseMetricV2.cvssV2.confidentialityImpact string

CVSSV2 Confidentiality Impact

integrityImpact
result.CVE_Items.impact.baseMetricV2.cvssV2.integrityImpact string

CVSSV2 Integrity Impact

availabilityImpact
result.CVE_Items.impact.baseMetricV2.cvssV2.availabilityImpact string

CVSSV2 Availability Impact

baseScore
result.CVE_Items.impact.baseMetricV2.cvssV2.baseScore

CVSSV2 Base Score

severity
result.CVE_Items.impact.baseMetricV2.severity string

CVSSV2 Severity

exploitabilityScore
result.CVE_Items.impact.baseMetricV2.exploitabilityScore

CVSSV2 Exploitability Score

impactScore
result.CVE_Items.impact.baseMetricV2.impactScore

CVSSV2 Impact Score

acInsufInfo
result.CVE_Items.impact.baseMetricV2.acInsufInfo boolean

CVSSV2 acInsufInfo

obtainAllPrivilege
result.CVE_Items.impact.baseMetricV2.obtainAllPrivilege boolean

CVSSV2 Obtain All Privilege

obtainUserPrivilege
result.CVE_Items.impact.baseMetricV2.obtainUserPrivilege boolean

CVSSV2 Obtain User Privilege

obtainOtherPrivilege
result.CVE_Items.impact.baseMetricV2.obtainOtherPrivilege boolean

CVSSV2 Obtain Other Privilege

userInteractionRequired
result.CVE_Items.impact.baseMetricV2.userInteractionRequired boolean

CVSSV2 User Interaction Required

publishedDate
result.CVE_Items.publishedDate string

Published Date

lastModifiedDate
result.CVE_Items.lastModifiedDate string

Last ModifiedDate

Retrieve CPE information

Retrieve Common Platform Enumeration information

Parameters

Name Key Required Type Description
Include vulnerabilities
addOns string

Including addOns=cves adds the vulnerabilities associated with the CPE.

CPE Match String
cpeMatchString string

This parameter is used to filter products based on the CPE match criteria

include Deprecated CPE
includeDeprecated boolean

A deprecated CPE is one that has been replaced by one or more other CPE

Keyword(s)
keyword string

Filter results to words found in the CPE title or reference links

CPE that were modified after this date
modStartDate string

yyyy-MM-ddTHH:mm:ss:SSS Z (Z indicates offset-from-UTC. eg UTC+01:00)

CPE that were modified before this date
modEndDate string

yyyy-MM-ddTHH:mm:ss:SSS Z (Z indicates offset-from-UTC. eg UTC+01:00)

Results per page
resultsPerPage integer

Results per page

Start Index
startIndex integer

Start Index

Returns

Name Path Type Description
resultsPerPage
resultsPerPage integer

Results Per Page

startIndex
startIndex integer

Start Index

totalResults
totalResults integer

Total Results

dataType
result.dataType string

Data Type

feedVersion
result.feedVersion string

Feed Version

cpeCount
result.cpeCount integer

CPE Count

feedTimestamp
result.feedTimestamp string

Feed Timestamp

cpes
result.cpes array of object

CPEs

deprecated
result.cpes.deprecated boolean

CPE Deprecated

cpe23Uri
result.cpes.cpe23Uri string

CPE23 Uri

lastModifiedDate
result.cpes.lastModifiedDate string

CPE Last Modified Date

titles
result.cpes.titles array of object

CPE Titles

title
result.cpes.titles.title string

CPE Title

lang
result.cpes.titles.lang string

CPE Language

refs
result.cpes.refs array of

References

deprecatedBy
result.cpes.deprecatedBy array of

Deprecated By

vulnerabilities
result.cpes.vulnerabilities array of

Vulnerabilities