# Retrieve TOEs by their CVE IDs
source: https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/toe-by-cve-id/retrve-toes-by-cve-ids/index.md

## Overview {#overview}

The `GET TOES By CVE` endpoint allows you to retrieve companies and their TOE IDs by a valid [CVE ID](https://developer.mastercard.com/riskrecon-api/documentation/glossary/index.md#cve). You must provide a valid `cve_id` in the API request body of this endpoint to retrieve the companies and their TOE IDs.

You can then use the retrieved TOE IDs (`toe_id`) as the request parameter for the [Paginated Findings API](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/findings/index.md) endpoint to drill down to the root cause and source of the vulnerability represented by the CVE ID.

### View findings corresponding to CVE IDs on the RiskRecon portal {#view-findings-corresponding-to-cve-ids-on-the-riskrecon-portal}

You can see the findings corresponding to the CVE IDs by clicking the **Issue Details** tab in the issue slide-out window of the **Security Criteria** section within a security domain in the **Security Profile** tab on the **RiskRecon portal**:

![](https://static.developer.mastercard.com/content/riskrecon-api/uploads/cves.png)

## Sequence Diagram {#sequence-diagram}

The following diagram shows how to retrieve company names and their TOE IDs by a valid CVE ID:
Diagram retrieve-toes-by-cve

## Execution Steps {#execution-steps}

The following steps describe how to retrieve company names and their TOE IDs by a valid CVE ID:

1. The user sends a `GET` request to retrieve all the company names and their TOE IDs by a valid CVE ID.
2. RiskRecon retrieves the company names and their TOE IDs for the requested CVE ID.

## Sample Request and Response {#sample-request-and-response}

For a sample response for this API, see [Get TOEs by their CVE IDs](https://developer.mastercard.com/riskrecon-api/documentation/testing/toe-samples/retrve-toes-cveid-smpl/index.md).

## Use Case Example {#use-case-example}

The [Track vendors affected by a vulnerability](https://developer.mastercard.com/riskrecon-api/documentation/use-cases/risk-assessment/toe-by-cve-id/retrve-toes-by-cve-ids/index.md#track-vendors-affected-by-a-vulnerability) use case discusses how you can use the `GET TOES By CVE` endpoint to retrieve companies and their TOE IDs by a valid CVE ID.

### Track vendors affected by a vulnerability {#track-vendors-affected-by-a-vulnerability}

A vendor has reported a vulnerability that is available in the CVE database. The RiskRecon customer wants to know if other vendors in its portfolio are affected by this vulnerability, whether RiskRecon has assessed the risk of this vulnerability, and how severe it is.

The RiskRecon customer can use the `GET TOES By CVE` endpoint to retrieve the companies and their TOE IDs by the CVE ID of this vulnerability. It can then use the `Paginated Findings API` endpoint to analyze each TOE.

## Endpoint {#endpoint}


API Reference: `GET /v1/toes/by_cve`