Skip to content
  • There are no suggestions because the search field is empty.

Search JIRA for a list of Common Vulnerabilities and Exposures (CVE) values

Issue

This article provides steps to generate a list of all JIRAs that relate to a list of CVEs instead of searching for one at a time.

For example, the Oracle Critical Patch Update Advisory - January 2020 released 6 January 2020, indicates 334 critical patch updates for vulnerabilities. Typically you start searching WebLogic Server (WLS) vulnerabilities, then prioritize those with the highest score. This solution works if you would rather not enter the CVEs one at a time in a JIRA search.

Tasks

Searching for single CVE is simple. To list out JIRAs for several CVEs, you must create a search query in the format below. When done, paste it into JIRA Advanced search.


Resolution

Search for a single CVE in JIRA Advanced Search with the following string:
 
"Vulnerability ID" ~ CVE-2020-2555 ORDER BY key ASC
 
CVE_search1

If you try to search for multiple CVEs at once, JIRA Search is not intelligent enough to parse out a list that the CVEs are IN then OR them, using a comma-delimited search such as:

"Vulnerability ID" in (CVE-2019-5599,CVE-2019-12614,CVE-2017-7612,CVE-2017-8834,CVE-2017-6891,CVE-2019-2729) ORDER BY key ASC
 
A search like this yields no results:
 
CVE_search2

CE created a shell script (See Notes below) that allows a formatted string in JIRA Advanced Search. In order to search for CVE-2019-5599, CVE-2019-12614, CVE-2017-7612, CVE-2017-8834, CVE-2017-6891 and CVE-2019-2729, format the search as follows and paste the text into JIRA Advanced Search:
 
("Vulnerability ID" ~ CVE-2019-5599 OR "Vulnerability ID" ~ CVE-2019-12614 OR "Vulnerability ID" ~ CVE-2017-7612 OR "Vulnerability ID" ~ CVE-2017-8834 OR "Vulnerability ID" ~ CVE-2017-6891 OR "Vulnerability ID" ~ CVE-2019-2729) ORDER BY key ASC
 
CVE_search3

Notes

Shell script
 

Run the script to create the query:

./make-cve-query.sh CVE-2019-5599 CVE-2019-12614 CVE-2017-7612 CVE-2017-8834 CVE-2017-6891 CVE-2019-2729

("Vulnerability ID" ~ CVE-2019-5599 OR "Vulnerability ID" ~ CVE-2019-12614 OR "Vulnerability ID" ~ CVE-2017-7612 OR "Vulnerability ID" ~ CVE-2017-8834 OR "Vulnerability ID" ~ CVE-2017-6891 OR "Vulnerability ID" ~ CVE-2019-2729) ORDER BY key ASC

make-cve-query.sh


%<---------------------------------------------------------------------------------------
#!/bin/bash

if [ $# -lt 1 ]
then
    echo "Usage: Enter a list of vulnerability identifiers separated by blank spaces"
    exit
fi

echo -n "("
while [ $# -gt 1 ]
do
    echo -n "\"Vulnerability ID\" ~ $1 OR "
    shift 1
done
echo "\"Vulnerability ID\" ~ $1) ORDER BY key ASC"
%<---------------------------------------------------------------------------------------

Product Details

RSA Product Set: RSA SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x

Summary

CE provided commands to help search JIRA for a list of Common Vulnerabilities and Exposures (CVE) values.


Approval Reviewer Queue

RSA SecurID Suite Approval Queue