SQL query - CVE

nicksberger · February 5, 2016, 7:04pm

Anyone have the sql query to extract -
Fixlet ID, Name, CVE Id

I know i can do this via soap/web reports, but need via direct sql query if possible.

Thanks.

gearoid · February 5, 2016, 9:00pm

I’ll probably stand corrected on this but I don’t think the this data is in distinct columns in the database so it’s not going be a straight forward SQL query to get it directly through the SQL alone.

AlanM · February 5, 2016, 11:24pm

Its a bad idea to go to SQL directly as the schema can change at any time on you.

nicksberger · February 8, 2016, 7:59pm

Bad idea maybe, but do you have the query

steve · February 9, 2016, 6:19am

If you’re running 9.2.5 or higher, the query is much more straightforward:

SELECT t.SiteID, t.ContentID, t.Name, f.CVE
  FROM EXTERNAL_FIXLET_TRANSLATIONS t INNER JOIN EXTERNAL_FIXLETS f 
  ON t.SiteID = f.SiteID AND t.ContentID = f.ContentID 
  WHERE t.LangID = 'ENU' AND t.SiteID = 2

This query is for the Patches for Windows site (SiteID 2).

nicksberger · February 9, 2016, 7:37am

awesome, thank you very much !

jgstew · February 12, 2016, 8:03pm

I know you want to get it through SQL, but this is how you would do it with session relevance, which will work through SOAP, WebReports, RESTAPI and other options:

(id of it, name of it, cve id list of it, name of site of it) of bes fixlets whose(exists cve id lists whose(it as trimmed string != "" AND it as trimmed string != "N/A" AND it as trimmed string as lowercase != "unspecified") of it)

All CVEs:

unique values of (it as trimmed string) of (substrings separated by "," of it) of (substrings separated by ";" of it) of cve id lists of bes fixlets whose(exists cve id lists whose(it as trimmed string != "" AND it as trimmed string != "N/A" AND it as trimmed string as lowercase != "unspecified") of it)

nicksberger · April 15, 2016, 3:18pm

Slightly off topic, does anyone have a process to map a cve-id to cvss rating ?
I’m happy to download a file that contains this information, but struggling to find anything workable.
Even better if ibm would add cvss to their fixlet content
Thanks

leewei · April 15, 2016, 3:49pm

I will send you my work-in-progress dashboard to display CVEs along with the CVSS base scores.

nicksberger · April 15, 2016, 4:14pm

I have mailed you, let me know if you didn’t receive it … thanks !

nicksberger · April 20, 2016, 6:35pm

Leewei, this process is sweet. For customers that don’t use console dashboards, is there a way to query the cvss (after your exe has completed) to extract this data directly from SQL ?

gearoid · April 21, 2016, 10:00am

A great place to get some really nice data is on IBM’s X-Force exchange.

Just search for your CVE to get a full rundown with rich data and easy to see details including scores, vectors, impacts, affected products and dependent products here’s an example

nicksberger · April 21, 2016, 12:12pm

Thanks for the info. Leewei has actually developed a fantastic dashboard with all the mitre information I require, my question is how to extract the data he pulls from his executable from the bigfix db directly ?