Get general Security Advisories with API Call - get_by_product #84
Description
Looking for a solution to get general SA like (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM) which isn't covered by the product API call.
If I'm using the product name e.g. Cisco Prime Collaboration Provisioning
advisories = query_client.get_by_product(adv_format='default', product_name='Cisco Prime Collaboration Provisioning')
I'm getting this result:
Debugging = True --> /home/devnet/Documents/coding/cisco_check-advisory/cisco_check-advisory/functions.py
title = Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability
title = Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability
title = Vulnerability in Java Deserialization Affecting Cisco Products
title = Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
title = Cisco Prime Collaboration Provisioning Intermittent Hard-Coded Password Vulnerability
title = Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
title = Cisco Prime Collaboration Provisioning Unauthorized Password Change Denial of Service Vulnerability
title = Cisco Prime Collaboration Provisioning Access Control Bypass Vulnerability
title = Cisco Prime Collaboration Provisioning Access Control Deficiency in Batch Function Privilege Escalation Vulnerability
title = Cisco Prime Collaboration Provisioning Cleartext Passwords Written to World-Readable File Vulnerability
title = Cisco Prime Collaboration Provisioning Access Control Vulnerability
title = Cisco Prime Collaboration Provisioning Unauthorized Password Recovery Vulnerability
title = Cisco Prime Collaboration Provisioning Unauthenticated Remote Method Invocation Vulnerability
title = Cisco Prime Collaboration Provisioning SQL Injection Vulnerability
title = Cisco Prime Collaboration Provisioning Unauthorized Password Reset Vulnerability
title = Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products
title = Cisco Prime Collaboration Provisioning Hard-Coded Password Vulnerability
title = Cisco Prime Collaboration Provisioning Tool User Provisioning Tab Cross-Site Scripting Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Web Portal Repeated Bad Login Attempts Denial of Service Vulnerability
title = Multiple Vulnerabilities in OpenSSL (January 2016) Affecting Cisco Products
title = Cisco Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability
title = Cisco Prime Collaboration Provisioning Tool System File Overwrite Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Inventory Management Feature Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Pervasive Cross-Site Request Forgery Vulnerability
title = Cisco Prime Collaboration Provisioning Tool UpgradeManager File Write Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Log File Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Session Hijacking Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Arbitrary File Download Vulnerability
title = Cisco Prime Collaboration Provisioning Tool Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
title = Cisco Prime Collaboration Provisioning Directory Traversal Arbitrary File Deletion Vulnerability
title = Cisco Prime Collaboration Provisioning Directory Traversal Information Disclosure Vulnerability
title = Cisco Prime Collaboration Provisioning Authentication Bypass Vulnerability
title = Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: November 2016
title = Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
title = Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability
title = Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
title = Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: June 2016
title = Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Authentication Bypass Vulnerability
title = Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2016
title = Multiple Vulnerabilities in Network Time Protocol Daemon Affecting Cisco Products: April 2016
title = Multiple Vulnerabilities in OpenSSL (March 2015) Affecting Cisco Products
title = Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products
title = Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products
title = Cisco Prime Collaboration Provisioning SQL Injection Vulnerability
title = OpenSSL Alternative Chains Certificate Forgery Vulnerability (July 2015) Affecting Cisco Products
title = Cisco Prime Collaboration Provisioning Web Framework Access Controls Bypass Vulnerability
I miss the SA "Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021". The SA itself describe that the product "Cisco Prime Collaboration Provisioning" is affected.
If figured out if I use the following API
advisories = query_client.get_by_latest(adv_format='default', latest=25)
I'm getting this result:
title = Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021
first published = 2021-01-29T21:30:00
product_names = ['NA']
But I'm not able to use the product_name 'NA'. 'N A' with a space between the character N A gives me some results but not the right one.
Any advise how to cover general SAs with the API?