NIST NVD Unmapped CPE integration: Invalid response error 403

ositamefor · ‎10-23-2023

Hello,

Has anyone encountered, or is encountering continuous failed integration runs for the NIST NVD Unmapped CPE API integration? This is an integration that runs on demand after the CPE-only API has been completed successfully. Other than activating the API, nothing has been changed from the OOB. However, it continues to fail with the error message "invalid response from NVD: 403". If anyone has insight on how to resolve this, I would appreciate your assistance.

Thank you,

Osita

andy_ojha · ‎10-24-2023

Hey there,

A few questions:

1) What version of the ServiceNow Store App for NIST NVD are we using?
- There are some tweaks to the NIST API moving to 2.0, the latest Store App for NVD utilizes this
- NIST will deprecate the 1.0 API in Dec 2023 - so worth upgrading anyways to rule that out if not already using it
- See v1.3.3 of the NOW Store App -> Vulnerability Response Integration with NVD

2) Was the "Unmapped CPE" job ever working successfully (are we trying it out net new and it is failing)?

3) Have you setup the NVD integration to utilize an API key (free from NIST)?
- Without an API key, the requests may work but be rate limited
- Not sure if this CPE endpoint requires the API key - worth trying with one in place

4) Have you adjusted the time that the NVD (CPE) job runs at (or is it still the baseline time / value)?
- Just to rule it out, I know it sounds silly
- Sometimes the jobs shipped baseline are set at a given time - and it is worth shifting to see if this causing a wrinkle

------------------------------------------------------------------------------

If the other NIST NVD jobs are working successfully - and you are not utilizing an API Key from NIST - would try looking at that first.

NOTE: that the other CVE job will run a bit smoother for larger imports with a valid API key as the requests have different rate limiting when using an API key vs not using an API key... In other words, it won't hurt to use the API key anyways.

Grab a NIST API key here -> https://nvd.nist.gov/developers/request-an-api-key

Append it to the Password Value under the 'National Vulnerability Database' Integration Source

Try running the Unmapped CPE job again and see if you get a win and no longer run into the 403 error

ositamefor · ‎10-25-2023

Thanks for your response.

1. It is running on the latest

2. Only successful once about two weeks ago. Ever since it has been failing with the same error code.

3. No API Key

4. Yes tried adjusting the time, but same results.

I got the API key and plugged it in as instructed, then tried another run. It errored out after 30 minutes with the following message.

andy_ojha · ‎10-26-2023

Hey there - copy that.

I see the same thing as well with the latest Store App and using a valid NVD API key.

Would suggest opening a NOW Support Case - so they can review and this issue gets tracked formally.

They may also ack this as a known / confirmed issue - and suggest the next steps... An upcoming enhancement is coming to this Store App, and perhaps they may adjust how it works as of right now there does not appear to be a time based filter - and this may be NIST rate limiting the requests...

ositamefor · ‎10-26-2023

Thank you, I'll move forward with a Support Case.