Skip to content

Commit

Permalink
Add new vulnerabilities resource for IoT Security (#15360)
Browse files Browse the repository at this point in the history 
* 1st

* 2nd

* severity

* prettier

* fix date example

* add date

* readme

* resolve pr comments

* readme

* remove id + title

* remove publishedDate + lastModifiedDate

* source -> sources

* format

* format

* remove paging

* update to 3 levels

* fix validation

Co-authored-by: Gal Bruchim <galbru@microsoft.com>
  • Loading branch information
@galbru
galbru and Gal Bruchim authored Aug 18, 2021
1 parent 145da44 commit 5b604aa
Show file tree
Hide file tree
Showing 4 changed files with 603 additions and 0 deletions.
43 changes: 43 additions & 0 deletions ...TSecurity/preview/2021-07-01-preview/examples/Vulnerabilities/GetDeviceVulnerability.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
{
"parameters": {
"api-version": "2021-07-01-preview",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
"iotDefenderLocation": "eastus",
"deviceGroupName": "default",
"vulnerabilityId": "CVE-2017-7797|0418f897-937b-4cb5-92dc-dd31d3da7911"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/vulnerabilities/CVE-2017-7797|0418f897-937b-4cb5-92dc-dd31d3da7911",
"type": "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
"name": "CVE-2017-7797|0418f897-937b-4cb5-92dc-dd31d3da7911",
"properties": {
"description": "This vulnerability affects the following vendors: Mozilla, Ubuntu. To view more details about this vulnerability please visit the vendor website.",
"severityScore": "Medium",
"score": 6.5,
"sources": [
"Nvd"
],
"affectedVersions": [
"cpe:2.3:a:ubuntu:firefox:*:*:*:*:*:ubuntu_linux_19.10:*:*",
"cpe:2.3:a:ubuntu:firefox:*:*:*:*:*:ubuntu_linux_16.04:*:*",
"cpe:2.3:a:ubuntu:firefox-geckodriver:*:*:*:*:*:ubuntu_linux_18.04:*:*",
"cpe:2.3:a:ubuntu:firefox-geckodriver:*:*:*:*:*:ubuntu_linux_20.04:*:*",
"cpe:2.3:a:ubuntu:firefox-geckodriver:*:*:*:*:*:ubuntu_linux_16.04:*:*",
"cpe:2.3:a:ubuntu:firefox:*:*:*:*:*:ubuntu_linux_20.04:*:*"
],
"exploitType": "Unknown"
},
"systemData": {
"createdBy": null,
"createdByType": null,
"createdAt": "2017-08-08T00:00:00Z",
"lastModifiedBy": null,
"lastModifiedByType": null,
"lastModifiedAt": "2018-07-30T16:51:00Z"
}
}
}
}
}
290 changes: 290 additions & 0 deletions ...urity/preview/2021-07-01-preview/examples/Vulnerabilities/GetDeviceVulnerabilityList.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,290 @@
{
"parameters": {
"api-version": "2021-07-01-preview",
"subscriptionId": "20ff7fc3-e762-44dd-bd96-b71116dcdc23",
"iotDefenderLocation": "eastus",
"deviceGroupName": "default"
},
"responses": {
"200": {
"body": {
"nextLink": "https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/vulnerabilities?api-version=2021-07-01-preview&$skipToken=Y3BlOjIuMzphOnVidW50dTpmaXJlZm94Oio6KjoqOio6Kjp1YnVudHVfbGludXhfMTguMDQ6Kjoq",
"value": [
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/vulnerabilities/CVE-2017-7797|0418f897-937b-4cb5-92dc-dd31d3da7911",
"type": "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
"name": "CVE-2017-7797|0418f897-937b-4cb5-92dc-dd31d3da7911",
"properties": {
"description": "This vulnerability affects the following vendors: Mozilla, Ubuntu. To view more details about this vulnerability please visit the vendor website.",
"severityScore": "Medium",
"score": 6.5,
"sources": [
"Nvd"
],
"affectedVersions": [
"cpe:2.3:a:ubuntu:firefox:*:*:*:*:*:ubuntu_linux_19.10:*:*",
"cpe:2.3:a:ubuntu:firefox:*:*:*:*:*:ubuntu_linux_16.04:*:*",
"cpe:2.3:a:ubuntu:firefox-geckodriver:*:*:*:*:*:ubuntu_linux_18.04:*:*",
"cpe:2.3:a:ubuntu:firefox-geckodriver:*:*:*:*:*:ubuntu_linux_20.04:*:*",
"cpe:2.3:a:ubuntu:firefox-geckodriver:*:*:*:*:*:ubuntu_linux_16.04:*:*",
"cpe:2.3:a:ubuntu:firefox:*:*:*:*:*:ubuntu_linux_20.04:*:*"
],
"exploitType": "Unknown"
},
"systemData": {
"createdBy": null,
"createdByType": null,
"createdAt": "2017-08-08T00:00:00Z",
"lastModifiedBy": null,
"lastModifiedByType": null,
"lastModifiedAt": "2018-07-30T16:51:00Z"
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/vulnerabilities/CVE-2020-16942|a02a1fd1-8235-4c67-86f6-be38ddb6178e",
"type": "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
"name": "CVE-2020-16942|a02a1fd1-8235-4c67-86f6-be38ddb6178e",
"properties": {
"description": "An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.",
"severityScore": "Medium",
"score": 4.1,
"sources": [
"Nvd"
],
"affectedVersions": [
"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:windows:*:*"
],
"exploitType": "Unknown"
},
"systemData": {
"createdBy": null,
"createdByType": null,
"createdAt": "2020-10-13T00:00:00Z",
"lastModifiedBy": null,
"lastModifiedByType": null,
"lastModifiedAt": "2020-10-20T19:34:00Z"
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/vulnerabilities/CVE-2017-5447|a02a1fd1-8235-4c67-86f6-be38ddb6178e",
"type": "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
"name": "CVE-2017-5447|a02a1fd1-8235-4c67-86f6-be38ddb6178e",
"properties": {
"description": "This vulnerability affects the following vendors: Debian, Red_Hat, Mozilla, Ubuntu. To view more details about this vulnerability please visit the vendor website.",
"severityScore": "High",
"score": 8.8,
"sources": [
"Nvd"
],
"affectedVersions": [
"cpe:2.3:o:red_hat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
],
"exploitType": "Verified"
},
"systemData": {
"createdBy": null,
"createdByType": null,
"createdAt": "2017-04-19T00:00:00Z",
"lastModifiedBy": null,
"lastModifiedByType": null,
"lastModifiedAt": "2018-08-07T18:19:00Z"
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/vulnerabilities/CVE-2017-7797|a02a1fd1-8235-4c67-86f6-be38ddb6178e",
"type": "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
"name": "CVE-2017-7797|a02a1fd1-8235-4c67-86f6-be38ddb6178e",
"properties": {
"description": "This vulnerability affects the following vendors: Mozilla, Ubuntu. To view more details about this vulnerability please visit the vendor website.",
"severityScore": "Medium",
"score": 6.5,
"sources": [
"Nvd"
],
"affectedVersions": [
"cpe:2.3:a:ubuntu:firefox:*:*:*:*:*:ubuntu_linux_16.04:*:*",
"cpe:2.3:a:ubuntu:firefox-geckodriver:*:*:*:*:*:ubuntu_linux_19.10:*:*",
"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe:2.3:a:ubuntu:firefox-mozsymbols:*:*:*:*:*:ubuntu_linux_20.04:*:*",
"cpe:2.3:a:ubuntu:firefox-geckodriver:*:*:*:*:*:ubuntu_linux_16.04:*:*",
"cpe:2.3:a:ubuntu:firefox:*:*:*:*:*:ubuntu_linux_19.10:*:*"
],
"exploitType": "Unknown"
},
"systemData": {
"createdBy": null,
"createdByType": null,
"createdAt": "2017-08-08T00:00:00Z",
"lastModifiedBy": null,
"lastModifiedByType": null,
"lastModifiedAt": "2018-07-30T16:51:00Z"
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/vulnerabilities/CVE-2020-16942|a8ffdeb1-cf87-4479-97f7-2b54e4ab8641",
"type": "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
"name": "CVE-2020-16942|a8ffdeb1-cf87-4479-97f7-2b54e4ab8641",
"properties": {
"description": "An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.",
"severityScore": "Medium",
"score": 4.1,
"sources": [
"Nvd"
],
"affectedVersions": [
"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:windows:*:*"
],
"exploitType": "Unknown"
},
"systemData": {
"createdBy": null,
"createdByType": null,
"createdAt": "2020-10-13T00:00:00Z",
"lastModifiedBy": null,
"lastModifiedByType": null,
"lastModifiedAt": "2020-10-20T19:34:00Z"
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/vulnerabilities/CVE-2017-5447|a8ffdeb1-cf87-4479-97f7-2b54e4ab8641",
"type": "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
"name": "CVE-2017-5447|a8ffdeb1-cf87-4479-97f7-2b54e4ab8641",
"properties": {
"description": "This vulnerability affects the following vendors: Debian, Red_Hat, Mozilla, Ubuntu. To view more details about this vulnerability please visit the vendor website.",
"severityScore": "High",
"score": 8.8,
"sources": [
"Nvd"
],
"affectedVersions": [
"cpe:2.3:o:red_hat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
],
"exploitType": "Verified"
},
"systemData": {
"createdBy": null,
"createdByType": null,
"createdAt": "2017-04-19T00:00:00Z",
"lastModifiedBy": null,
"lastModifiedByType": null,
"lastModifiedAt": "2018-08-07T18:19:00Z"
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/vulnerabilities/CVE-2017-7797|a8ffdeb1-cf87-4479-97f7-2b54e4ab8641",
"type": "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
"name": "CVE-2017-7797|a8ffdeb1-cf87-4479-97f7-2b54e4ab8641",
"properties": {
"description": "This vulnerability affects the following vendors: Mozilla, Ubuntu. To view more details about this vulnerability please visit the vendor website.",
"severityScore": "Medium",
"score": 6.5,
"sources": [
"Nvd"
],
"affectedVersions": [
"cpe:2.3:a:ubuntu:firefox:*:*:*:*:*:ubuntu_linux_16.04:*:*",
"cpe:2.3:a:ubuntu:firefox-geckodriver:*:*:*:*:*:ubuntu_linux_19.10:*:*",
"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe:2.3:a:ubuntu:firefox-mozsymbols:*:*:*:*:*:ubuntu_linux_20.04:*:*",
"cpe:2.3:a:ubuntu:firefox-geckodriver:*:*:*:*:*:ubuntu_linux_16.04:*:*",
"cpe:2.3:a:ubuntu:firefox:*:*:*:*:*:ubuntu_linux_19.10:*:*"
],
"exploitType": "Unknown"
},
"systemData": {
"createdBy": null,
"createdByType": null,
"createdAt": "2017-08-08T00:00:00Z",
"lastModifiedBy": null,
"lastModifiedByType": null,
"lastModifiedAt": "2018-07-30T16:51:00Z"
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/vulnerabilities/CVE-2020-16942|b167502c-02d4-4f0b-a1cc-d804e894a8d2",
"type": "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
"name": "CVE-2020-16942|b167502c-02d4-4f0b-a1cc-d804e894a8d2",
"properties": {
"description": "An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.To take advantage of the vulnerability, an attacker would require access to the specific SharePoint page affected by this vulnerability.The security update addresses the vulnerability by correcting how scripts are referenced on some SharePoint pages.",
"severityScore": "Medium",
"score": 4.1,
"sources": [
"Nvd"
],
"affectedVersions": [
"cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:windows:*:*"
],
"exploitType": "Unknown"
},
"systemData": {
"createdBy": null,
"createdByType": null,
"createdAt": "2020-10-13T00:00:00Z",
"lastModifiedBy": null,
"lastModifiedByType": null,
"lastModifiedAt": "2020-10-20T19:34:00Z"
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/vulnerabilities/CVE-2017-5447|b167502c-02d4-4f0b-a1cc-d804e894a8d2",
"type": "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
"name": "CVE-2017-5447|b167502c-02d4-4f0b-a1cc-d804e894a8d2",
"properties": {
"description": "This vulnerability affects the following vendors: Debian, Red_Hat, Mozilla, Ubuntu. To view more details about this vulnerability please visit the vendor website.",
"severityScore": "High",
"score": 8.8,
"sources": [
"Nvd"
],
"affectedVersions": [
"cpe:2.3:o:red_hat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
],
"exploitType": "Verified"
},
"systemData": {
"createdBy": null,
"createdByType": null,
"createdAt": "2017-04-19T00:00:00Z",
"lastModifiedBy": null,
"lastModifiedByType": null,
"lastModifiedAt": "2018-08-07T18:19:00Z"
}
},
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96b71116dcdc23/providers/Microsoft.IoTSecurity/locations/eastus/deviceGroups/default/vulnerabilities/CVE-2017-7797|b167502c-02d4-4f0b-a1cc-d804e894a8d2",
"type": "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
"name": "CVE-2017-7797|b167502c-02d4-4f0b-a1cc-d804e894a8d2",
"properties": {
"description": "This vulnerability affects the following vendors: Mozilla, Ubuntu. To view more details about this vulnerability please visit the vendor website.",
"severityScore": "Medium",
"score": 6.5,
"sources": [
"Nvd"
],
"affectedVersions": [
"cpe:2.3:a:ubuntu:firefox:*:*:*:*:*:ubuntu_linux_16.04:*:*",
"cpe:2.3:a:ubuntu:firefox-geckodriver:*:*:*:*:*:ubuntu_linux_19.10:*:*",
"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe:2.3:a:ubuntu:firefox-mozsymbols:*:*:*:*:*:ubuntu_linux_20.04:*:*",
"cpe:2.3:a:ubuntu:firefox-geckodriver:*:*:*:*:*:ubuntu_linux_16.04:*:*",
"cpe:2.3:a:ubuntu:firefox:*:*:*:*:*:ubuntu_linux_19.10:*:*"
],
"exploitType": "Unknown"
},
"systemData": {
"createdBy": null,
"createdByType": null,
"createdAt": "2017-08-08T00:00:00Z",
"lastModifiedBy": null,
"lastModifiedByType": null,
"lastModifiedAt": "2018-07-30T16:51:00Z"
}
}
]
}
}
}
}
Loading

0 comments on commit 5b604aa

Please sign in to comment.