Closed abunn-r7 closed 4 years ago
@santosomar Is there a better way to get in contact with the team responsible for the backend data?
Hi,
You can always contact psirt@cisco.com to reach our team.
The reason that you are experiencing those symptoms is because we started supporting NX-OS on the software checker and API this year.
The new search capabilities will allow examination of vulnerabilities that were disclosed on or after 01 Jul 2019.
Hope this helps.
Describe the bug There appears to be a significant number of advisories without version information. These advisories sometimes have linked bug pages with some affected versions on them, but this data is not available via the API.
Additionally when one of these affected versions is queried for vulnerabilities via the API the advisories in question do not appear in the API response. This is a false negative (Cisco indicates a version is not affected by a vulnerability via the API, but in fact the version is affected).
This issue extends past the API to the CVRF available for download on the advisory webpages.
To Reproduce Steps to reproduce the behavior:
Use the API to retrieve affected versions for one of the following advisories:
Observe
product_names
attribute only includes"Cisco NX-OS Software "
without version information. Example:Manually retrieve an affected version from a bug page attached to one of these advisories (eg
7.0(3)I6(1)
from CSCvg21120 via cisco-sa-20180117-nxos1. A browser must be used to access this data.Make a call to the API looking for advisories that affect that version
Observe the advisory is not in the response from the API.
Observe data is also missing from CVRF: cisco-sa-20180117-nxos1_cvrf.xml
Expected behavior
Screenshots Please see API responses above.
Client Info
Additional context I made a post on the Cisco Community about this issue and was directed to create an issue here. Please see this discussion for additional context