Some users may experience issues accessing the case portal. For more information, please click here.

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
hamish
Level 4
‎May 27, 2020 03:25 AM

Referencing vendor packages from advisories

Lately there have been a lot of advisories coming out that reference the same CVE's that were referenced months (Or even years) ago.

Typically it's because things like Java fixes. i.e. You get separate advisories for Java 1.7, Java 1.8 and Java 11... Yet apart from the subject they're the same.

 

We cant to relate these advisories to fixed (And Affected) packages from the vendor. e.g. RedHat. But RedHat release their errata referencing the CVE's only.

 

So if we match the advisory to a package via the CVE we wind up with 3x advisories having the exact same package list.

 

As an example SA94503 (Java 1.8 openjdk), SA94692 (Java 1.7 openjdk) and SA94526 (java-11-openjdk)

 

Is there data available (Besides the free-form description) that we could use to filter the vendor packages? Or a flexera API call to get either the affected or fix package lists?

 

H

 

 

 

0 Kudos

This thread has been automatically locked due to inactivity.

To continue the discussion, please start a new thread.
1 Reply
arodziewicz
Flexera Alumni
‎Jun 03, 2020 11:21 AM

Hi Hamish,

Thank you for contacting Flexera. To get expected results you would need to submit an idea on our website https://community.flexera.com/t5/Software-Vulnerability/We-Still-Want-Your-Ideas-about-Software-Vulnerability-Management/td-p/95036 as this is an enhancement to the product. Please note that you can view affected products using API but there is no data other than description and title to filter your results.

 

Regards,

Artur Rodziewicz

0 Kudos