> ## Documentation Index > Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt > Use this file to discover all available pages before exploring further. # Update CVE Status > Updates the status of a specific CVE for a given MAC address. Use this to mark a vulnerability as 'accepted' (e.g., a false positive or acceptable risk) or 'mitigated' (e.g., a patch has been applied or a workaround is in place). Each update creates a new historical record. ## OpenAPI ````yaml /api/en/cve-scans.yaml post /scans/cve/mac-address/cve/status openapi: 3.0.3 info: title: Altostrat CVE Scans API version: 1.0.0 description: >- The Altostrat CVE Scans API is the microservice responsible for scheduling, executing, and reporting on network vulnerability scans. It is a core component of the Altostrat SDX platform's security posture management, providing deep insights into potential vulnerabilities across MikroTik networks to complement the platform's automation and AI capabilities. This API allows you to programmatically manage: - **Scan Schedules:** Define recurring vulnerability scans for specific network sites, including frequency, timing, and vulnerability thresholds. - **Scan Results:** Access detailed historical and in-progress scan reports, including discovered CVEs, affected hosts, and severity scores. - **Vulnerability Management:** Query specific CVEs by device (MAC address) and manage their lifecycle by marking them as accepted or mitigated. Developers use this API to integrate automated vulnerability scanning and reporting into their network management workflows and security dashboards. servers: - url: https://v1.api.altostrat.io description: Altostrat Production API Server security: - bearerAuth: [] tags: - name: Scan Schedules description: Manage the configuration and scheduling of recurring vulnerability scans. - name: Scan Execution description: Manually trigger and terminate scan jobs. - name: Scan Results description: Retrieve historical and in-progress scan reports and data. - name: Vulnerability Intelligence description: Query for specific vulnerability data and mitigation advice. - name: Vulnerability Management description: Manage the lifecycle and status of discovered vulnerabilities. paths: /scans/cve/mac-address/cve/status: post: tags: - Vulnerability Management summary: Update CVE Status description: >- Updates the status of a specific CVE for a given MAC address. Use this to mark a vulnerability as 'accepted' (e.g., a false positive or acceptable risk) or 'mitigated' (e.g., a patch has been applied or a workaround is in place). Each update creates a new historical record. operationId: updateCveStatus requestBody: required: true description: The details of the CVE status update. content: application/json: schema: type: object required: - mac_address - cve_id - status - justification properties: mac_address: type: string description: The MAC address of the affected device. example: 00:1A:2B:3C:4D:5E cve_id: type: string description: The CVE identifier to update. example: CVE-2023-1234 status: type: string description: The new status for the vulnerability. enum: - accepted - mitigated example: accepted justification: type: string description: A detailed reason for the status change, for audit purposes. example: >- This vulnerability is related to a service that is not exposed to the internet and is firewalled internally. Risk is considered low. responses: '200': description: >- The CVE status was updated successfully. Returns the created status record. content: application/json: schema: $ref: '#/components/schemas/MacCveStatusResponse' '400': $ref: '#/components/responses/BadRequestError' '401': $ref: '#/components/responses/UnauthorizedError' '403': $ref: '#/components/responses/ForbiddenError' '422': $ref: '#/components/responses/ValidationError' '500': $ref: '#/components/responses/InternalServerError' components: schemas: MacCveStatusResponse: type: object properties: data: $ref: '#/components/schemas/MacCveStatus' message: type: string example: CVE status updated successfully MacCveStatus: type: object properties: id: type: string format: uuid description: The unique identifier for this status record. mac_address: type: string description: The MAC address to which this status applies. example: 00:1A:2B:3C:4D:5E cve_id: type: string description: The CVE identifier to which this status applies. example: CVE-2023-1234 status: type: string description: The management status of the vulnerability. enum: - accepted - mitigated example: accepted justification: type: string description: The reason for this status assignment. example: Risk accepted due to internal-only service with no external access. scan_id: type: string format: uuid description: The ID of the scan that was active when this status was created. nullable: true expiration_date: type: string format: date-time description: The timestamp when this status will expire and revert to 'open'. nullable: true created_by: type: string format: uuid description: The ID of the user who created this status record. updated_by: type: string format: uuid description: The ID of the user who last updated this status record. created_at: type: string format: date-time description: The timestamp when this status record was created. updated_at: type: string format: date-time description: The timestamp when this status record was last updated. ErrorResponse: type: object properties: type: type: string description: A broad category for the error (e.g., 'invalid_request_error'). example: invalid_request_error code: type: string description: A short, unique string identifying the specific error. example: parameter_missing message: type: string description: A human-readable description of what went wrong. example: The 'description' parameter is required for this request. doc_url: type: string description: >- A direct link to the documentation page for this specific error code. example: https://docs.altostrat.io/errors/parameter_missing responses: BadRequestError: description: Bad Request - The request was malformed or invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' UnauthorizedError: description: >- Unauthorized - The request requires authentication, but none was provided or it was invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' ForbiddenError: description: >- Forbidden - The authenticated user does not have permission to perform this action. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' ValidationError: description: >- Unprocessable Entity - The request was well-formed but was unable to be followed due to semantic errors. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' InternalServerError: description: Internal Server Error - An unexpected error occurred on the server. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: 'Enter your bearer token in the format: Bearer {token}' ````