https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572696#M253 <HTML><HEAD></HEAD><BODY><P>HI Aidan,</P><P></P><P>We just published the OVAL definition for that vulnerability today. It is posted at the <A href="https://tools.cisco.com/security/center/ovalListing.x" title="https://tools.cisco.com/security/center/ovalListing.x">OVAL Repository</A></P><P>and should also be available via the API.</P><P></P><P> Thank you!</P><P>OMar</P></BODY></HTML> Sat, 24 Sep 2016 21:38:59 GMT Omar Santos 2016-09-24T21:38:59Z https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572690#M247 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P>openVuln API does not return all results. For example, the advisory "cisco-sa-20080326-pptp" is not present in both /advisories/oval/all and /advisories/cvrf/all results. Could you please help?</P><DIV data-url="https://communities.cisco.com/discussion/create.jspa?containerType=14&amp;question=true&amp;containerID=5291&amp;subject=openVuln%20API%20does%20not%20return%20all%20results.%20For%20example,%20the%20advisory%20%22cisco-sa-20080326-pptp%22%20is%20not%20present%20in%20both%20advisories/oval/all%20and%20advisories/cvrf/all%20results.%20Could%20you%20please%20help?" style="display: none;">836</DIV></BODY></HTML> Thu, 12 May 2016 17:11:07 GMT https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572690#M247 Andrei Batyrov 2016-05-12T17:11:07Z https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572691#M248 <HTML><HEAD></HEAD><BODY><P>I looked into this a bit and experienced similar results. Playing around with other API calls, I noticed there are no advisories listed with severity "High" after 2010. Hopefully someone from PSIRT team can shed more light on this.</P></BODY></HTML> Fri, 03 Jun 2016 20:41:42 GMT https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572691#M248 eckelcu 2016-06-03T20:41:42Z https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572692#M249 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>OVAL definitions are supported for&nbsp; <STRONG>high</STRONG> and <STRONG>critical</STRONG> <SPAN style="font-size: 13.3333px;">Cisco IOS advisories that starting</SPAN> from 2010.</P><P></P><P>Regards,</P><P></P><P>Omar Santos</P><P>PSIRT</P></BODY></HTML> Fri, 03 Jun 2016 21:52:33 GMT https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572692#M249 Omar Santos 2016-06-03T21:52:33Z https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572693#M250 <HTML><HEAD></HEAD><BODY><P>Hi Omar,</P><P></P><P>Thank you for your explanation.</P><P></P><P>Kind regards,</P><P></P><P>Andrei</P><DIV data-url="https://communities.cisco.com/message/217352" style="display: none;">1130</DIV></BODY></HTML> Sat, 04 Jun 2016 00:45:10 GMT https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572693#M250 Andrei Batyrov 2016-06-04T00:45:10Z https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572694#M251 <HTML><HEAD></HEAD><BODY><P>Hi Omar,</P><P></P><P>I just checked, there's 1882 CVRF and 81 OVAL vulnerabilities available through openVuln API, totaling 1963 vulnerabilities which is even more than it can be found on the official web page <A href="http://tools.cisco.com/security/center/publicationListing.x" title="http://tools.cisco.com/security/center/publicationListing.x">Security Advisories and Alerts</A> - 1948 vulnerabilities. Great progress! Thank you very much!</P></BODY></HTML> Thu, 11 Aug 2016 15:17:13 GMT https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572694#M251 Andrei Batyrov 2016-08-11T15:17:13Z https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572695#M252 <HTML><HEAD></HEAD><BODY><P>Hi Omar</P><P></P><P>forgive my ignorance but should - <SPAN style="font-size: 10pt;">c</SPAN><SPAN style="color: #58585b; font-family: CiscoSansLight; font-size: 12px;">isco-sa-20160916-ikev1 </SPAN><SPAN style="font-size: 10pt;">be found within the oval API. considering it's both created after 2010 and a high cisco vulnerability. Oval looks great, would be keen to use!!</SPAN></P></BODY></HTML> Sat, 24 Sep 2016 09:13:07 GMT https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572695#M252 aidan.houlihan11 2016-09-24T09:13:07Z https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572696#M253 <HTML><HEAD></HEAD><BODY><P>HI Aidan,</P><P></P><P>We just published the OVAL definition for that vulnerability today. It is posted at the <A href="https://tools.cisco.com/security/center/ovalListing.x" title="https://tools.cisco.com/security/center/ovalListing.x">OVAL Repository</A></P><P>and should also be available via the API.</P><P></P><P> Thank you!</P><P>OMar</P></BODY></HTML> Sat, 24 Sep 2016 21:38:59 GMT https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572696#M253 Omar Santos 2016-09-24T21:38:59Z https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572697#M254 <HTML><HEAD></HEAD><BODY><P>Hey Omar. Thanks for the reply.</P><P></P><P>Will vulnerabilities be posted on the oval repository immediately after they’re found in the future? Or is it better to go with the CVSR api, as that appears to be showing all vulnerabilities at the time of posting.</P><P></P><P>Thanks for your help.</P><P>Aidan</P><P></P><P>&lt;http://www.vodafone.co.nz/&gt;</P><P></P><P>Aidan Houlihan</P><P>Discover Graduate</P><P>Graduate Programme</P><P>Vodafone New Zealand Ltd.</P><P>Mobile: +64 27 391 2468</P><P>Email: aidan.houlihan@vodafone.com</P><P></P><P></P><P>Lambton House, 160 Lambton Quay, Wellington, New Zealand</P><P>vodafone.co.nz &lt;http://www.vodafone.co.nz&gt;</P><P></P><P></P><P>This message and any files or documents attached are confidential and may also be legally privileged, protected from disclosure and/or protected by other legal rules. It is intended only for the individual or entity named. If you are not the named addressee or you have received this email in error, please inform the sender immediately, delete it from your system and do not copy or disclose it or its contents or use it for any purpose. Thank you. Please also note that transmission cannot be guaranteed to be secure or error-free.</P></BODY></HTML> Sun, 25 Sep 2016 19:30:36 GMT https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572697#M254 aidan.houlihan11 2016-09-25T19:30:36Z https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572698#M255 <HTML><HEAD></HEAD><BODY><P>Hi Aidan,</P><P></P><P>There are a few differences on the benefits between an OVAL definition and CVRF files:</P><UL><LI>CVRF files are indeed available for all published vulnerabilities at the moment of publication. They are automatically generated when an advisory is published.</LI><LI>OVAL definitions are supported for IOS and IOS-XE high and critical vulnerabilities and they include affected versions and configuration checks. The OVAL standard is designed to do a full assessment of an impact of a vulnerability. </LI><LI>CVRF files do not include configuration checks and complete coverage of all versions affected by a given vulnerability. CVRF was not originally designed as OVAL, it is basically just an XML representation of the advisory and it currently has some limitations for remediation assessment and product family. Just as an FYI, the CVRF standard will go over a major update very soon and it is being transitioned from ICASI to the <A href="https://www.oasis-open.org/">OASIS</A> (<A href="https://www.oasis-open.org/" title="https://www.oasis-open.org/">https://www.oasis-open.org/</A>) standards body, as we speak. A new technical committee will be created within the next couple of months to enhance the standard and include better support for product and version enumeration. More details to come soon.</LI></UL></BODY></HTML> Mon, 26 Sep 2016 12:22:59 GMT https://community.cisco.com/t5/services-discussions/openvuln-api-advisories-lt-oval-cvrf-gt-all-does-not-return-all/m-p/3572698#M255 Omar Santos 2016-09-26T12:22:59Z