title: Vulnerability methods and properties description: Retrieves vulnerability information ms.service: defender-endpoint ms.author: painbar author: paulinbar ms.localizationpriority: medium manager: bagol audience: ITPro ms.collection:
- m365-security
- tier3
- must-keep
ms.topic: reference
ms.subservice: reference
ms.custom: api
search.appverid: met150
ms.date: 11/16/2025
appliesto:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
[!INCLUDE Prerelease information]
| Property | Type | Description |
|---|---|---|
| Id | String | Vulnerability Id |
| Name | String | Vulnerability title |
| Description | String | Vulnerability description |
| Severity | String | Vulnerability Severity. Possible values are: Low, Medium, High, or Critical |
| cvssV3 | Double | CVSS v3 score |
| cvssVector | String | A compressed textual representation that reflects the values used to derive the score |
| exposedMachines | Long | Number of exposed devices |
| publishedOn | DateTime | Date when vulnerability was published |
| updatedOn | DateTime | Date when vulnerability was updated |
| publicExploit | Boolean | Public exploit exists |
| exploitVerified | Boolean | Exploit is verified to work |
| exploitInKit | Boolean | Exploit is part of an exploit kit |
| exploitTypes | String collection | Exploit affect. Possible values are: Local privilege escalation, Denial of service, or Local |
| exploitUris | String collection | Exploit source URLs |
| CveSupportability | String collection | Possible values are: Supported, Not Supported, or SupportedInPremium |
| EPSS | Numeric | Represents the probability that a vulnerability will be exploited. This probability is expressed as a number between 0 and 1 (0%-100%) according to the EPSS model. |