-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Search vulnarabilities using a CPE string #334
Comments
Thanks for your issue and the details you provided in it, keeping this feature in the backlog 👍 |
Agree that this feature would be invaluable for doing vuln lookups for a known product + version combination. The public NVD API cves API supports this (partial / complete CPE search), but it is unreliable and has strict rate limits. It would be most useful for my scenario to extend the current API endpoint for this by adding a version spec to the search, e.g. I could do the CPE parsing myself, although it would be nice if a dedicated CPE filter param exists like |
Is your feature request related to a problem?
Actually, vulnerabilities are parsed using criteria like vendor or product string.
As an asset admin role, I would like search for vulnerabilities using a CPE (This code might be stored in my CMDB for example).
The idea is to get notified when a critical CVE match my asset/version database.
Do you have a solution in mind, or a suggestion to improve OpenCVE?
Example : I have a Cisco switch running IOS XE in version 17.9.2
I would like to search in opencve for vulnerabilities database using this pattern.
Are there wulnerabilities that match cpe:2.3:o:cisco:ios_xe:17.9.2 ?
The challenge is to:
=> is CVE has a direct match with cpe:2.3:o:cisco:ios_xe:17.9.2:::::::*
=> is CVE has an wildcard match with cpe:2.3:o:cisco:ios_xe:::::::: and a matchCriteriaId ?
=> is matchCritieriaId contains reference to "cpeName": "cpe:2.3:o:cisco:ios_xe:17.9.2:::::::*" ?
I don't know if it is the right way to do it but it would be very helpfull for people playing this IT role.
Regards,
Guillaume
The text was updated successfully, but these errors were encountered: