NIST NVD (Independent Publisher) (Preview)
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
This connector is available in the following products and regions:
Service | Class | Regions |
---|---|---|
Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
Power Automate | Premium | All Power Automate regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Power Apps | Premium | All Power Apps regions except the following: - US Government (GCC) - US Government (GCC High) - China Cloud operated by 21Vianet - US Department of Defense (DoD) |
Contact | |
---|---|
Name | Paul Culmsee |
URL | https://nvd.nist.gov/ |
[email protected] |
Connector Metadata | |
---|---|
Publisher | Paul Culmsee |
Website | https://nvd.nist.gov/ |
Privacy Policy | https://www.nist.gov/privacy-policy#privpolicy |
Categories | Business Management; IT Operations |
Creating a connection
The connector supports the following authentication types:
Default | Parameters for creating connection. | All regions | Not shareable |
Default
Applicable: All regions
Parameters for creating connection.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Name | Type | Description | Required |
---|---|---|---|
NIST API Key | securestring | The NIST API Key for this api | True |
Throttling Limits
Name | Calls | Renewal Period |
---|---|---|
API calls per connection | 100 | 60 seconds |
Actions
Retrieve a collection of CVE |
Retrieve a collection of CVE |
Retrieve CPE information |
Retrieve Common Platform Enumeration information |
Retrieve a collection of CVE
Retrieve a collection of CVE
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Add CPE names
|
addOns | string |
addOns=dictionaryCpes adds official CPE names to the request |
|
CPE Match String
|
cpeMatchString | string |
Filter vulnerabilities based on cpeMatchString of affected products |
|
CVSS2 vector strings
|
cvssV2Metrics | string |
Filter vulnerabilities based on CVSS vector strings |
|
CVSS V2 Severity
|
cvssV2Severity | string |
LOW, MEDIUM, or HIGH vulnerabilities |
|
CVSS3 vector strings.
|
cvssV3Metrics | string |
Filter vulnerabilities based on CVSS vector strings |
|
CVSS V3 Severity
|
cvssV3Severity | string |
Severity of LOW, MEDIUM, HIGH or CRITICAL vulnerabilities |
|
Vulnerability classification (CWE-XX)
|
cweId | string |
MITRE Vulnerability classification (https://cwe.mitre.org/data/index.html) |
|
Include Modified Names
|
includeMatchStringChange | boolean |
Include modified names in date queries |
|
Exact Match
|
isExactMatch | boolean |
Match all keywords exactly vs match any |
|
Keyword(s)
|
keyword | string |
keywords from vulnerability description or reference links. |
|
Start Date Modified
|
modStartDate | string |
yyyy-MM-ddTHH:mm:ss:SSS Z |
|
End Date Modified
|
modEndDate | string |
yyyy-MM-ddTHH:mm:ss:SSS Z |
|
Start Date Published
|
pubStartDate | string |
yyyy-MM-ddTHH:mm:ss:SSS Z |
|
End Date Published
|
pubEndDate | string |
yyyy-MM-ddTHH:mm:ss:SSS Z |
|
Max results returned
|
resultsPerPage | integer |
maximum allowable limit is 2,000 |
|
Start Index
|
startIndex | integer |
Start Index |
Returns
Name | Path | Type | Description |
---|---|---|---|
resultsPerPage
|
resultsPerPage | integer |
Results Per Page |
startIndex
|
startIndex | integer |
Start Index |
totalResults
|
totalResults | integer |
Total Results |
CVE_data_type
|
result.CVE_data_type | string |
CVE Data Type |
CVE_data_format
|
result.CVE_data_format | string |
CVE Data Format |
CVE_data_version
|
result.CVE_data_version | string |
CVE Data Version |
CVE_data_timestamp
|
result.CVE_data_timestamp | string |
CVE Data Timestamp |
CVE_Items
|
result.CVE_Items | array of object |
CVE Items |
data_type
|
result.CVE_Items.cve.data_type | string |
Data Type |
data_format
|
result.CVE_Items.cve.data_format | string |
Data Format |
data_version
|
result.CVE_Items.cve.data_version | string |
Data Version |
ID
|
result.CVE_Items.cve.CVE_data_meta.ID | string |
CVE ID |
ASSIGNER
|
result.CVE_Items.cve.CVE_data_meta.ASSIGNER | string |
CVE ASSIGNER |
problemtype_data
|
result.CVE_Items.cve.problemtype.problemtype_data | array of object |
Problem Type Data |
description
|
result.CVE_Items.cve.problemtype.problemtype_data.description | array of object |
Problem Type Description |
lang
|
result.CVE_Items.cve.problemtype.problemtype_data.description.lang | string |
Problem Type Language |
value
|
result.CVE_Items.cve.problemtype.problemtype_data.description.value | string |
Problem Type Value |
reference_data
|
result.CVE_Items.cve.references.reference_data | array of object |
Reference Data |
url
|
result.CVE_Items.cve.references.reference_data.url | string |
Reference Url |
name
|
result.CVE_Items.cve.references.reference_data.name | string |
Reference Name |
refsource
|
result.CVE_Items.cve.references.reference_data.refsource | string |
Reference Source |
tags
|
result.CVE_Items.cve.references.reference_data.tags | array of string |
Reference Tags |
description_data
|
result.CVE_Items.cve.description.description_data | array of object |
Vulnerability Description Data |
lang
|
result.CVE_Items.cve.description.description_data.lang | string |
Vulnerability Description Language |
value
|
result.CVE_Items.cve.description.description_data.value | string |
Vulnerability Description Value |
CVE_data_version
|
result.CVE_Items.configurations.CVE_data_version | string |
CVE Data Version |
nodes
|
result.CVE_Items.configurations.nodes | array of object |
Nodes |
operator
|
result.CVE_Items.configurations.nodes.operator | string |
Logical Operator |
children
|
result.CVE_Items.configurations.nodes.children | array of |
Children |
cpe_match
|
result.CVE_Items.configurations.nodes.cpe_match | array of object |
Maching CPE |
vulnerable
|
result.CVE_Items.configurations.nodes.cpe_match.vulnerable | boolean |
Vulnerable |
cpe23Uri
|
result.CVE_Items.configurations.nodes.cpe_match.cpe23Uri | string |
CPE23 Uri |
versionEndExcluding
|
result.CVE_Items.configurations.nodes.cpe_match.versionEndExcluding | string |
Version End Excluding |
cpe_name
|
result.CVE_Items.configurations.nodes.cpe_match.cpe_name | array of object |
CPE_Name |
cpe23Uri
|
result.CVE_Items.configurations.nodes.cpe_match.cpe_name.cpe23Uri | string |
CPE23 Uri |
lastModifiedDate
|
result.CVE_Items.configurations.nodes.cpe_match.cpe_name.lastModifiedDate | string |
Last Modified Date |
version
|
result.CVE_Items.impact.baseMetricV3.cvssV3.version | string |
CVSSV3 Version |
vectorString
|
result.CVE_Items.impact.baseMetricV3.cvssV3.vectorString | string |
CVSSV3 Vector String |
attackVector
|
result.CVE_Items.impact.baseMetricV3.cvssV3.attackVector | string |
CVSSV3 Attack Vector |
attackComplexity
|
result.CVE_Items.impact.baseMetricV3.cvssV3.attackComplexity | string |
CVSSV3 Attack Complexity |
privilegesRequired
|
result.CVE_Items.impact.baseMetricV3.cvssV3.privilegesRequired | string |
CVSSV3 Privileges Required |
userInteraction
|
result.CVE_Items.impact.baseMetricV3.cvssV3.userInteraction | string |
CVSSV3 User Interaction |
scope
|
result.CVE_Items.impact.baseMetricV3.cvssV3.scope | string |
CVSSV3 Scope |
confidentialityImpact
|
result.CVE_Items.impact.baseMetricV3.cvssV3.confidentialityImpact | string |
CVSSV3 Confidentiality Impact |
integrityImpact
|
result.CVE_Items.impact.baseMetricV3.cvssV3.integrityImpact | string |
CVSSV3 Integrity Impact |
availabilityImpact
|
result.CVE_Items.impact.baseMetricV3.cvssV3.availabilityImpact | string |
CVSSV3 Availability Impact |
baseScore
|
result.CVE_Items.impact.baseMetricV3.cvssV3.baseScore |
CVSSV3 Base Score |
|
baseSeverity
|
result.CVE_Items.impact.baseMetricV3.cvssV3.baseSeverity | string |
CVSSV3 Base Severity |
exploitabilityScore
|
result.CVE_Items.impact.baseMetricV3.exploitabilityScore |
CVSSV3 Exploitability Score |
|
impactScore
|
result.CVE_Items.impact.baseMetricV3.impactScore |
CVSSV3 Impact Score |
|
version
|
result.CVE_Items.impact.baseMetricV2.cvssV2.version | string |
CVSSV2 Version |
vectorString
|
result.CVE_Items.impact.baseMetricV2.cvssV2.vectorString | string |
CVSSV2 VectorString |
accessVector
|
result.CVE_Items.impact.baseMetricV2.cvssV2.accessVector | string |
CVSSV2 AccessVector |
accessComplexity
|
result.CVE_Items.impact.baseMetricV2.cvssV2.accessComplexity | string |
CVSSV2 AccessComplexity |
authentication
|
result.CVE_Items.impact.baseMetricV2.cvssV2.authentication | string |
CVSSV2 Authentication |
confidentialityImpact
|
result.CVE_Items.impact.baseMetricV2.cvssV2.confidentialityImpact | string |
CVSSV2 Confidentiality Impact |
integrityImpact
|
result.CVE_Items.impact.baseMetricV2.cvssV2.integrityImpact | string |
CVSSV2 Integrity Impact |
availabilityImpact
|
result.CVE_Items.impact.baseMetricV2.cvssV2.availabilityImpact | string |
CVSSV2 Availability Impact |
baseScore
|
result.CVE_Items.impact.baseMetricV2.cvssV2.baseScore |
CVSSV2 Base Score |
|
severity
|
result.CVE_Items.impact.baseMetricV2.severity | string |
CVSSV2 Severity |
exploitabilityScore
|
result.CVE_Items.impact.baseMetricV2.exploitabilityScore |
CVSSV2 Exploitability Score |
|
impactScore
|
result.CVE_Items.impact.baseMetricV2.impactScore |
CVSSV2 Impact Score |
|
acInsufInfo
|
result.CVE_Items.impact.baseMetricV2.acInsufInfo | boolean |
CVSSV2 acInsufInfo |
obtainAllPrivilege
|
result.CVE_Items.impact.baseMetricV2.obtainAllPrivilege | boolean |
CVSSV2 Obtain All Privilege |
obtainUserPrivilege
|
result.CVE_Items.impact.baseMetricV2.obtainUserPrivilege | boolean |
CVSSV2 Obtain User Privilege |
obtainOtherPrivilege
|
result.CVE_Items.impact.baseMetricV2.obtainOtherPrivilege | boolean |
CVSSV2 Obtain Other Privilege |
userInteractionRequired
|
result.CVE_Items.impact.baseMetricV2.userInteractionRequired | boolean |
CVSSV2 User Interaction Required |
publishedDate
|
result.CVE_Items.publishedDate | string |
Published Date |
lastModifiedDate
|
result.CVE_Items.lastModifiedDate | string |
Last ModifiedDate |
Retrieve CPE information
Retrieve Common Platform Enumeration information
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Include vulnerabilities
|
addOns | string |
Including addOns=cves adds the vulnerabilities associated with the CPE. |
|
CPE Match String
|
cpeMatchString | string |
This parameter is used to filter products based on the CPE match criteria |
|
include Deprecated CPE
|
includeDeprecated | boolean |
A deprecated CPE is one that has been replaced by one or more other CPE |
|
Keyword(s)
|
keyword | string |
Filter results to words found in the CPE title or reference links |
|
CPE that were modified after this date
|
modStartDate | string |
yyyy-MM-ddTHH:mm:ss:SSS Z (Z indicates offset-from-UTC. eg UTC+01:00) |
|
CPE that were modified before this date
|
modEndDate | string |
yyyy-MM-ddTHH:mm:ss:SSS Z (Z indicates offset-from-UTC. eg UTC+01:00) |
|
Results per page
|
resultsPerPage | integer |
Results per page |
|
Start Index
|
startIndex | integer |
Start Index |
Returns
Name | Path | Type | Description |
---|---|---|---|
resultsPerPage
|
resultsPerPage | integer |
Results Per Page |
startIndex
|
startIndex | integer |
Start Index |
totalResults
|
totalResults | integer |
Total Results |
dataType
|
result.dataType | string |
Data Type |
feedVersion
|
result.feedVersion | string |
Feed Version |
cpeCount
|
result.cpeCount | integer |
CPE Count |
feedTimestamp
|
result.feedTimestamp | string |
Feed Timestamp |
cpes
|
result.cpes | array of object |
CPEs |
deprecated
|
result.cpes.deprecated | boolean |
CPE Deprecated |
cpe23Uri
|
result.cpes.cpe23Uri | string |
CPE23 Uri |
lastModifiedDate
|
result.cpes.lastModifiedDate | string |
CPE Last Modified Date |
titles
|
result.cpes.titles | array of object |
CPE Titles |
title
|
result.cpes.titles.title | string |
CPE Title |
lang
|
result.cpes.titles.lang | string |
CPE Language |
refs
|
result.cpes.refs | array of |
References |
deprecatedBy
|
result.cpes.deprecatedBy | array of |
Deprecated By |
vulnerabilities
|
result.cpes.vulnerabilities | array of |
Vulnerabilities |