how to map product version from machine with product version in api

[tma-prismo]

from the product id and the product name, how do we map to the information we get from the machine, for example, for product "SQL Server Manage Studio", the api has: { "ProductID": "11784", "Value": "SQL Server Management Studio 18.6" },

"wmic get product name, version, identifyingnumber" return {67FD1BCA-F06F-48F5-86E9-AC4EA982A775} SQL Server Management Studio 15.0.18338.0

the base product name matches, but the api seems to have product id and "external" version number, and the wmic has a build number, GUID, how do we map between these?

in this case the release note has the info, but is there a general method to do the mapping? https://docs.microsoft.com/en-us/sql/ssms/release-notes-ssms?view=sql-server-ver15

[shardgupta]

I am also looking for a general method to do this.

[securevia1]

We also need this mapping. Can anyone suggest how to go about doing the mapping?

[p0w3rsh3ll]

I don't think that there's a general method to do this. Here we deal with the MSRC API that aims at communicating what vulnerabilities are found and fixed. It uses the CVRF industry standard format. There are other products that aim at scanning your devices and tell you what updates are missing. At Microsoft, you've Windows Update (WU), Microsoft Update (MU), WSUS, MBSA. Third party vendors also provide their scanner and some times do a better job at mapping the updates missing and what CVE should be fixed (they also provide their own API). At Microsoft (with the proper license), there's also Microsoft Defender for Endpoint that is able to do this matching for you. It has its own API. See this link. You'll want to explore the vulnerability part of the API. Note that this API is not limitied to Microsoft products. If you've other vulnerable products installed on the device, it'll tell you what vulnerabilities are found (CVE) and what's the known fix.