Problem

You are tasked with implementing a function that retrieves asset data from a Configuration Management Database (CMDB) API and cross-references it with a list of vulnerabilities from a vulnerability scanner. The function should return a list of assets that are vulnerable based on the provided vulnerability data.

Formal Specification

• Input: A list of assets (dictionaries) from the CMDB and a list of vulnerabilities (dictionaries).
• Output: A list of asset IDs that are vulnerable.

Examples

Example 1:

assets = [{'id': 'A1', 'name': 'Server1'}, {'id': 'A2', 'name': 'Server2'}]
 vulnerabilities = [{'id': 'V1', 'asset_id': 'A1'}, {'id': 'V2', 'asset_id': 'A3'}]

Output: ['A1'] Explanation: Only 'A1' has a corresponding vulnerability.

Example 2:

assets = [{'id': 'A1', 'name': 'Server1'}]
vulnerabilities = [{'id': 'V1', 'asset_id': 'A2'}]

Output: [] Explanation: No assets are vulnerable as 'A2' does not exist in the asset list.

Constraints

• 1 <= len(assets) <= 10^4
• 1 <= len(vulnerabilities) <= 10^4
• Each asset and vulnerability has a unique ID.