Vulnerability Exploitability eXchange

A Vulnerability Exploitability eXchange (VEX) document is a security advisory that is machine readable, and supports integration for existing security tools and platforms. The Vexination service allows you to publish, retrieve, and search for VEX documents by using a REST API. Vexination supports searching VEX data by using the sikula simple query language. Publishing and retrieving VEX documents uses the VEX identifier.

Publishing a Vulnerability Exploitability eXchange document

You can publish VEX documents by using the Common Security Advisory Framework (CSAF) 2.0 format, and the VEX document must be in a JSON file format.

A document can take between a few seconds to minutes before appearing in search results.
Prerequisites

  • A VEX document.

Procedure

  1. To publish an VEX document to Trustification:

    Example
    $ curl --json vex-example.json https://vex.trustification.dev/api/v1/vex

    A 201 Created response means the document was successfully published.

Additional resources

See the OpenAPI for more details on responses.

Retrieving a Vulnerability Exploitability eXchange document

You can retrieve VEX documents by specifying a VEX identifier.

Prerequisites

  • A VEX identifier.

Procedure

  1. To retrieve a VEX document from Trustification:

    Syntax
    curl https://vex.trustification.dev/api/v1/vex?advisory=VEX_IDENTIFIER
    Example
    $ curl https://vex.trustification.dev/api/v1/vex?advisory=RHSA-2023:3923

Search for a Vulnerability Exploitability eXchange document

By default, queries search for identifiers, titles, and descriptions within the VEX document, and returns the matching results ordered by relevance.

See the sikula simple query language for more details on the search syntax.

Search qualifiers

The following table has a list of the search qualifiers you can use when searching the Vexination service.

Qualifier

Description

Matching Type

Example

id

Search by VEX identifier

Exact

id:"RHSA-2023:4517"

cve

Search by CVE identifier

Exact

cve:"CVE-2022-42896"

title

Search in VEX and CVE title

Term

title:exploit

description

Search by VEX and CVE description

Term

"NULL pointer" in:description

status

Search by VEX status

Exact

severity:Critical

cvss

Search by CVSS score

Range

cvss:>6.3

package

Search by fixed or affected package or product identifier

Exact, Partial

affected:"cpe:/a:redhat:openshift_container_storage:4.8::el8"

fixed

Search by fixed package or product identifier

Exact, Partial

"cpe:/a:redhat:openshift_container_storage:4.8" in:fixed

affected

Search by affected package or product identifier

Exact, Partial

"pkg:rpm/redhat/xz-libs@5.2.4" in:affected

advisoryInitial

Search by VEX initial date

Exact, Range

advisoryInitial:2022-01-01..2023-01-01

release

Search by VEX release date

Exact, Range

release:>2023-05-05

cveRelease

Search by CVE release date

Exact, Range

cveRelease:>2023-05-05

cveDiscovery

Search by CVE discovery date

Exact, Range

cveDiscovery:<2023-01-01

The four matching types are:

  • An Exact match has the exact value.

  • A Partial match is a prefix value.

  • A Term match is text matching.

  • A Range match is values within a range.

You can also enforce an ordering on the results for the created field, for example, ubi9 sort:created or ubi9 -sort:created.

Predicates

You can use the following predicates to search by severity: critical, high, medium and low.

Use cases

The following uses cases illustrate how you can search Trustification to find VEX documents.

Enable Complex searching before running these queries.

Find advisories that relates to the Red Hat Enterprise Linux 8 product

Example
"cpe:/a:redhat:rhel_eus:8" in:package

Find all critical advisories for OpenShift on Red Hat Enterprise Linux 9, released this year

Example
"cpe:/a:redhat:openshift:4.13::el9" in:package release:>2023-01-01 is:critical

Reference

See the full Vexination API documentation for more details.