How to know which CVEs affect my application?

Question

Let's say I have an old version "V" of an application X.

I would like to know if there's a *simple* way to know all CVEs that affect that application, that is, all CVEs concerning version >= V for the given application.

 

Thanks in advance! :)

Answer 1

Hello,

That is not that easy. You might want to find a vulnerability database which allows to find weaknesses affecting a specific product/version. The following databases allow a filter of this kind:

• http://www.securityfocus.com/bid/
• http://osvdb.org/search/advsearch

If you lookup your software in these databases, you might be able to get a list of all known vulnerabilities. Extracting IDs - and CVE too - is possible.

The limitations are, that not all vulnerability databases and/or contributors are providing the exact data. OSVDB is a good example: Althought the database structure is supporting clear identification of product name and version, most entries don't use these fields. This will cause a lot of false-negatives.

Regards,

Marc