Saved Queries

Retrieve list of saved search queries

get

Retrieve a list of saved search queries belonging to your organization. Provides queries that are marked as shared and not private.

Authorizations
Responses
200
successful
application/json
get
GET /api/saved_queries HTTP/1.1
Host: app.empiricalsecurity.com
Authorization: Bearer JWT
Accept: */*
200

successful

{
  "saved_queries": [
    {
      "name": "saved query",
      "id": "Pmdas85LycyVZxP1",
      "url": "https://app.empiricalsecurity.com/api/saved_queries/Pmdas85LycyVZxP1",
      "query_string": "score:>90"
    }
  ]
}

Retrieve CVEs for a specified saved search query

get

Executes the specified saved query and returns the search results.

Authorizations
Path parameters
idstringRequired

The saved query id for the query to be executed

Example: Pmdas85LycyVZxP1
Query parameters
scoring_modelstringOptional

The key of the scoring model to use for the search (e.g., epss_v4, global, etc.)

Responses
200
successful
application/json
get
GET /api/saved_queries/{id} HTTP/1.1
Host: app.empiricalsecurity.com
Authorization: Bearer JWT
Accept: */*
200

successful

[
  {
    "identifier": "CVE-2023-49103",
    "description": "An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo).",
    "cvss": [
      {
        "version": "3.1",
        "score": 10,
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "metrics": {
          "attack_vector": "Network",
          "attack_complexity": "Low",
          "privileges_required": "None",
          "user_interaction": "None",
          "scope": "Changed",
          "confidentiality": "High",
          "integrity": "High",
          "availability": "High"
        },
        "sources": [
          "[email protected]",
          "mitre"
        ]
      },
      {
        "version": "3.1",
        "score": 7.5,
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "metrics": {
          "attack_vector": "Network",
          "attack_complexity": "Low",
          "privileges_required": "None",
          "user_interaction": "None",
          "scope": "Unchanged",
          "confidentiality": "High",
          "integrity": "None",
          "availability": "None"
        },
        "sources": [
          "[email protected]"
        ]
      }
    ],
    "references": [
      "https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/",
      "https://owncloud.org/security"
    ],
    "has_exploitation_activity": true,
    "exploitation_activity": {
      "0_to_7_days": true,
      "8_to_30_days": true,
      "31_to_90_days": true,
      "91_to_365_days": true,
      "alltime": true
    },
    "tags": {
      "actor": [],
      "actor_action": [],
      "attack_vector": [],
      "component": [
        "mail server credentials",
        "license key",
        "ownCloud admin password"
      ],
      "keywords": [
        "information disclosure",
        "web",
        "configuration"
      ],
      "outcome": [
        "credential disclosure",
        "gather information"
      ],
      "prerequisite": [
        "URL is accessed"
      ],
      "stride": [
        "tampering",
        "information disclosure",
        "denial of service"
      ],
      "weakness": [
        "reveals the configuration details of the PHP environment",
        "exposes various other potentially sensitive configuration details"
      ]
    },
    "cwes": [
      {
        "identifier": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor",
        "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.",
        "category_name": "SFP Secondary Cluster: Exposed Data",
        "category_id": "CWE-963"
      }
    ],
    "reserved_at": "2023-11-21T00:00:00.000Z",
    "published_at": "2023-11-21T00:00:00.000Z",
    "last_updated_at": "2025-01-27T22:24:27.772Z",
    "cisa_kev_added_at": "2023-11-30T00:00:00.000Z",
    "shodan_vulnerability_count": null,
    "google_project_zero": {
      "present": false,
      "patched_at": null
    },
    "exploits": {
      "metasploit": [
        {
          "name": "ownCloud Phpinfo Reader",
          "fullname": "auxiliary/gather/owncloud_phpinfo_reader",
          "description": "Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app `graph` installed\n          contain a test file which prints `phpinfo()` to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter.\n          Docker may export sensitive environment variables including ownCloud, DB, redis, SMTP, and S3 credentials, as well as other host information.",
          "disclosure_date": "2023-11-21",
          "mod_time": "2023-12-04T20:09:56.000Z"
        }
      ],
      "exploitdb": [],
      "github": [
        {
          "repo": "d0rb/CVE-2023-49103",
          "prediction": 0.8660581707954407,
          "predicted_at": "2025-03-10T16:40:29.000Z",
          "repo_created_at": "2025-03-10T20:11:29.004Z"
        }
      ]
    },
    "hackerone_reports_submitted": 4,
    "scores": {
      "global": {
        "score": 0.9713943314711305,
        "percentile": 0.9998484036161284,
        "computed_at": "2025-03-16T07:27:24.000Z"
      },
      "epss_v3": {
        "score": 0.92099,
        "percentile": 0.99238,
        "computed_at": "2025-03-16T15:46:16.000Z"
      },
      "epss_v4": {
        "score": 0.9091291982186883,
        "percentile": 0.996181146025878,
        "computed_at": "2025-03-16T18:47:04.000Z"
      }
    },
    "platforms": [
      {
        "product": "product",
        "vendor": "vendor"
      }
    ]
  }
]
PreviousSearch

Last updated

Was this helpful?