Categories
Security

Exploring CVE with CVEMap Command Line Tool

CVEMap is a user-friendly, open-source command-line interface (CLI) tool engineered for seamless exploration of Common Vulnerabilities and Exposures (CVEs). Its purpose is to provide a smooth and intuitive platform for delving into vulnerability databases. However, the tool relies on a free cloud service.

I have tested it, and it’s beneficial to be aware of and include it in my arsenal. I don’t frequently require a comprehensive overview of all CVEs. However, if I do, I now know one method to achieve this.


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/
                               /_/


                projectdiscovery.io

[INF] Current cvemap version v0.0.4 (latest)
[FTL] Error getting CVEs: [:RUNTIME] unauthorized: 401 (get your free api key from https://cloud.projectdiscovery.io)

This is how the website looks. Please do not attempt to use this API key as it is no longer valid.

https://cloud.projectdiscovery.io/ (2024-02-09)

Once you have obtained an API key from the website after signing up, you can start the command-line tool with the ‘-auth’ option and then provide your key to log in. This step is required to use the tool.

PS D:\cvemap_0.0.4_windows_amd64> .\cvemap.exe -auth


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/
                               /_/


                projectdiscovery.io

[INF] Get your free api key by signing up at https://cloud.projectdiscovery.io
[*] Enter PDCP API Key (exit to abort):
[INF] Successfully logged in as (@webperformancech)

This is the help menu displaying some of the options. I haven’t explored all of them yet. What’s really cool is that with the ‘-j’ option, you can have the output formatted as JSON.

.\cvemap.exe -h
Navigate the CVE jungle with ease.

Usage:
  D:\cvemap_0.0.4_windows_amd64\cvemap.exe [flags]

Flags:
CONFIG:
   -auth  configure projectdiscovery cloud (pdcp) api key

OPTIONS:
   -id string[]                    cve to list for given id
   -cwe, -cwe-id string[]          cve to list for given cwe id
   -v, -vendor string[]            cve to list for given vendor
   -p, -product string[]           cve to list for given product
   -eproduct string[]              cves to exclude based on products
   -s, -severity string[]          cve to list for given severity
   -cs, -cvss-score string[]       cve to list for given cvss score
   -c, -cpe string                 cve to list for given cpe
   -es, -epss-score string         cve to list for given epss score
   -ep, -epss-percentile string[]  cve to list for given epss percentile
   -age string                     cve to list published by given age in days
   -a, -assignee string[]          cve to list for given publisher assignee
   -vs, -vstatus value             cve to list for given vulnerability status in cli output. supported: confirmed, unconfirmed, modified, rejected, unknown, new

UPDATE:
   -up, -update                 update cvemap to latest version
   -duc, -disable-update-check  disable automatic cvemap update check

FILTER:
   -q, -search string  search in cve data
   -k, -kev            display cves marked as exploitable vulnerabilities by cisa (default true)
   -t, -template       display cves that has public nuclei templates (default true)
   -poc                display cves that has public published poc (default true)
   -h1, -hackerone     display cves reported on hackerone (default true)
   -re, -remote        display remotely exploitable cves (AV:N & PR:N | PR:L) (default true)

OUTPUT:
   -f, -field value         fields to display in cli output. supported: kev, template, poc, product, vendor, vstatus, age, cwe, epss, assignee
   -fe, -exclude value      fields to exclude from cli output. supported: kev, template, poc, product, vendor, vstatus, age, cwe, epss, assignee
   -lsi, -list-id           list only the cve ids in the output
   -l, -limit int           limit the number of results to display (default 50)
   -offset int              offset the results to display
   -j, -json                return output in json format
   -epk, -enable-page-keys  enable page keys to navigate results

DEBUG:
   -version  Version
   -silent   Silent
   -verbose  Verbose
   -debug    Debug

Usage

The usage of CVE Map is straightforward on the command line. Here are some examples.

New CVE last 3 days

PS C:\Users\...> .\cvemap.exe -age 3


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/
                               /_/


                projectdiscovery.io

[INF] Current cvemap version v0.0.6 (latest)
╭────────────────┬──────┬──────────┬─────────┬─────────┬─────┬──────────╮
│ ID             │ CVSS │ SEVERITY │ EPSS    │ PRODUCT │ AGE │ TEMPLATE │
├────────────────┼──────┼──────────┼─────────┼─────────┼─────┼──────────┤
│ CVE-2024-51456.3  │ MEDIUM   │ 0.00045 │         │ 3   │ ❌       │
│ CVE-2024-49880    │ N/A      │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-49850    │ N/A      │ 0.00045 │         │ 3   │ ❌       │
│ CVE-2024-49436.4  │ MEDIUM   │ 0.00045 │         │ 3   │ ❌       │
│ CVE-2024-48766.4  │ MEDIUM   │ 0.00053 │         │ 3   │ ❌       │
│ CVE-2024-48754.3  │ MEDIUM   │ 0.00053 │         │ 3   │ ❌       │
│ CVE-2024-47106.4  │ MEDIUM   │ 0.00045 │         │ 3   │ ❌       │
│ CVE-2024-47006.4  │ MEDIUM   │ 0.00068 │         │ 3   │ ❌       │
│ CVE-2024-46956.4  │ MEDIUM   │ 0.0009  │         │ 3   │ ❌       │
│ CVE-2024-46196.4  │ MEDIUM   │ 0.00053 │         │ 3   │ ❌       │
│ CVE-2024-45667.1  │ HIGH     │ 0.0005  │         │ 3   │ ❌       │
│ CVE-2024-45536.4  │ MEDIUM   │ 0.00045 │         │ 3   │ ❌       │
│ CVE-2024-44706.4  │ MEDIUM   │ 0.00053 │         │ 3   │ ❌       │
│ CVE-2024-44429.1  │ CRITICAL │ 0.00045 │         │ 3   │ ❌       │
│ CVE-2024-44355.9  │ MEDIUM   │ 0.00045 │         │ 3   │ ❌       │
│ CVE-2024-44200    │ N/A      │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-43720    │ N/A      │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-43616.4  │ MEDIUM   │ 0.00053 │         │ 3   │ ❌       │
│ CVE-2024-42900    │ N/A      │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-42890    │ N/A      │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-42878.1  │ HIGH     │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-41518.3  │ HIGH     │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-40610    │ N/A      │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-355800    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-355790    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-355780    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-355760    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-355710    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-351955.6  │ MEDIUM   │ 0.00045 │         │ 3   │ ❌       │
│ CVE-2024-351945.3  │ MEDIUM   │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-351925.5  │ MEDIUM   │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-351914.4  │ MEDIUM   │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-349530    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-349520    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-349490    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-349480    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-349470    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-34828.7  │ HIGH     │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-347107.1  │ HIGH     │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-341930    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-339010    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-339000    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-33456.4  │ MEDIUM   │ 0.00053 │         │ 3   │ ❌       │
│ CVE-2024-32685.3  │ MEDIUM   │ 0.00046 │         │ 3   │ ❌       │
│ CVE-2024-317140    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-31556.4  │ MEDIUM   │ 0.00045 │         │ 3   │ ❌       │
│ CVE-2024-296510    │ N/A      │ 0       │         │ 3   │ ❌       │
│ CVE-2024-290007.9  │ HIGH     │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-28358.7  │ HIGH     │ 0.00043 │         │ 3   │ ❌       │
│ CVE-2024-273128.1  │ HIGH     │ 0.00043 │         │ 3   │ ❌       │
╰────────────────┴──────┴──────────┴─────────┴─────────┴─────┴──────────╯

CVE Search

CVE for vendor, example Sitecore

Looking up a vendor is as easy as using -v following the name. A word of advice, however: “Sitecore” will return 0 elements, whereas all lowercase “sitecore” will return a list. So please be cautious with your query here.

PS C:\Users\...> .\cvemap.exe -v "sitecore"


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/
                               /_/


                projectdiscovery.io

[INF] Current cvemap version v0.0.6 (latest)
╭─────────────────┬──────┬──────────┬─────────┬─────────────────────┬──────┬──────────╮
│ ID              │ CVSS │ SEVERITY │ EPSS    │ PRODUCT             │ AGE  │ TEMPLATE │
├─────────────────┼──────┼──────────┼─────────┼─────────────────────┼──────┼──────────┤
│ CVE-2023-358139.8  │ CRITICAL │ 0.8819  │ experience_commerce │ 341  │ ✅       │
│ CVE-2023-336538.8  │ HIGH     │ 0.00137 │ experience_platform │ 352  │ ❌       │
│ CVE-2023-336528.8  │ HIGH     │ 0.00138 │ experience_platform │ 352  │ ❌       │
│ CVE-2023-336517.5  │ HIGH     │ 0.001   │ experience_commerce │ 352  │ ❌       │
│ CVE-2023-270689.8  │ CRITICAL │ 0.00185 │ experience_platform │ 367  │ ❌       │
│ CVE-2023-270677.5  │ HIGH     │ 0.00248 │ experience_platform │ 367  │ ❌       │
│ CVE-2023-270666.5  │ MEDIUM   │ 0.00112 │ experience_platform │ 367  │ ❌       │
│ CVE-2023-262627.2  │ HIGH     │ 0.00114 │ experience_manager  │ 436  │ ❌       │
│ CVE-2021-422379.8  │ CRITICAL │ 0.97549 │ experience_platform │ 931  │ ✅       │
│ CVE-2021-383668.8  │ HIGH     │ 0.00266 │ sitecore            │ 1015 │ ❌       │
│ CVE-2019-98758.8  │ HIGH     │ 0.01735 │ cms                 │ 1819 │ ❌       │
│ CVE-2019-98749.8  │ CRITICAL │ 0.01639 │ cms                 │ 1819 │ ❌       │
│ CVE-2019-134935.4  │ MEDIUM   │ 0.00091 │ experience_platform │ 1772 │ ❌       │
│ CVE-2019-124409.8  │ CRITICAL │ 0.00372 │ rocks               │ 1821 │ ❌       │
│ CVE-2019-111986.1  │ MEDIUM   │ 0.00175 │ cms                 │ 1753 │ ❌       │
│ CVE-2019-110808.8  │ HIGH     │ 0.04376 │ experience_platform │ 1813 │ ❌       │
│ CVE-2018-76697.5  │ HIGH     │ 0.81986 │ sitecore.net        │ 2218 │ ❌       │
│ CVE-2017-93566.1  │ MEDIUM   │ 0.00074 │ sitecore.net        │ 2527 │ ❌       │
│ CVE-2017-59664.9  │ MEDIUM   │ 0.0035  │ crm                 │ 2558 │ ❌       │
│ CVE-2017-59656.7  │ MEDIUM   │ 0.00256 │ crm                 │ 2558 │ ❌       │
│ CVE-2017-114404.9  │ MEDIUM   │ 0.0013  │ cms                 │ 2501 │ ❌       │
│ CVE-2017-114395.4  │ MEDIUM   │ 0.00115 │ cms                 │ 2501 │ ❌       │
│ CVE-2016-88556.1  │ MEDIUM   │ 0.00116 │ experience_platform │ 2622 │ ❌       │
│ CVE-2014-1000044.3  │ MEDIUM   │ 0.00294 │ cms                 │ 3419 │ ❌       │
│ CVE-2009-43676.8  │ MEDIUM   │ 0.04424 │ staging_module      │ 5267 │ ❌       │
│ CVE-2009-21634.3  │ MEDIUM   │ 0.00149 │ cms                 │ 5449 │ ❌       │
│ CVE-2009-10554    │ MEDIUM   │ 0.00164 │ cms                 │ 5539 │ ❌       │
╰─────────────────┴──────┴──────────┴─────────┴─────────────────────┴──────┴──────────╯

The lookup is case-sensitive and can break your search, returning nothing instead of the expected result.

PS C:\Users\...> .\cvemap.exe -v "Sitecore"


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/
                               /_/


                projectdiscovery.io

[INF] Current cvemap version v0.0.6 (latest)
╭────┬──────┬──────────┬──────┬─────────┬─────┬──────────╮
│ ID │ CVSS │ SEVERITY │ EPSS │ PRODUCT │ AGE │ TEMPLATE │
├────┼──────┼──────────┼──────┼─────────┼─────┼──────────┤
╰────┴──────┴──────────┴──────┴─────────┴─────┴──────────╯

CVE for product, example Atlassian Confluence

PS C:\Users\...> .\cvemap.exe -p "confluence"


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/
                               /_/


                projectdiscovery.io

[INF] Current cvemap version v0.0.6 (latest)
╭────────────────┬──────┬──────────┬─────────┬────────────┬──────┬──────────╮
│ ID             │ CVSS │ SEVERITY │ EPSS    │ PRODUCT    │ AGE  │ TEMPLATE │
├────────────────┼──────┼──────────┼─────────┼────────────┼──────┼──────────┤
│ CVE-2020-40274.7  │ MEDIUM   │ 0.00105 │ confluence │ 1423 │ ❌       │
│ CVE-2019-33988.8  │ HIGH     │ 0.97045 │ confluence │ 1862 │ ✅       │
│ CVE-2019-33969.8  │ CRITICAL │ 0.97463 │ confluence │ 1886 │ ✅       │
│ CVE-2019-33959.8  │ CRITICAL │ 0.07038 │ confluence │ 1886 │ ❌       │
│ CVE-2019-33948.8  │ HIGH     │ 0.1885  │ confluence │ 1729 │ ❌       │
│ CVE-2019-150066.5  │ MEDIUM   │ 0.00225 │ confluence │ 1618 │ ❌       │
│ CVE-2018-133894.7  │ MEDIUM   │ 0.00103 │ confluence │ 2144 │ ❌       │
│ CVE-2017-95054.3  │ MEDIUM   │ 0.00149 │ confluence │ 2534 │ ❌       │
│ CVE-2017-180866.1  │ MEDIUM   │ 0.00096 │ confluence │ 2302 │ ❌       │
│ CVE-2017-180856.1  │ MEDIUM   │ 0.00096 │ confluence │ 2302 │ ❌       │
│ CVE-2017-180844.8  │ MEDIUM   │ 0.00065 │ confluence │ 2302 │ ❌       │
│ CVE-2017-180835.4  │ MEDIUM   │ 0.00065 │ confluence │ 2302 │ ❌       │
│ CVE-2017-168566.1  │ MEDIUM   │ 0.00096 │ confluence │ 2361 │ ❌       │
│ CVE-2016-62836.1  │ MEDIUM   │ 0.00351 │ confluence │ 2682 │ ❌       │
│ CVE-2016-43175.4  │ MEDIUM   │ 0.00116 │ confluence │ 2601 │ ❌       │
│ CVE-2015-83994.3  │ MEDIUM   │ 0.9655  │ confluence │ 2964 │ ✅       │
│ CVE-2015-83986.1  │ MEDIUM   │ 0.00181 │ confluence │ 2964 │ ❌       │
│ CVE-2005-39674.3  │ MEDIUM   │ 0.00677 │ confluence │ 6746 │ ❌       │
╰────────────────┴──────┴──────────┴─────────┴────────────┴──────┴──────────╯

With the following string it would also be easy to query for Atlassian Jira.

.\cvemap.exe -p "jira"

Advanced Query

It’s possible to combine filters using the -q parameter to match multiple filters. I do not have an example here. I would recommend going to the official documentation that also explains all the fields you can filter and use.

https://docs.projectdiscovery.io/tools/cvemap/running

Look up specific CVE ID

You may want to look up a specific CVE. In that case, you can use the parameter -id.

PS C:\Users\...> .\cvemap.exe -id "CVE-2023-35813"


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/
                               /_/


                projectdiscovery.io

[INF] Current cvemap version v0.0.6 (latest)
╭────────────────┬──────┬──────────┬────────┬─────────────────────┬─────┬──────────╮
│ ID             │ CVSS │ SEVERITY │ EPSS   │ PRODUCT             │ AGE │ TEMPLATE │
├────────────────┼──────┼──────────┼────────┼─────────────────────┼─────┼──────────┤
│ CVE-2023-358139.8  │ CRITICAL │ 0.8819 │ experience_commerce │ 341 │ ✅       │
╰────────────────┴──────┴──────────┴────────┴─────────────────────┴─────┴──────────╯

The green temple marker in this case also means that there is a check for Nuclei, and it will be possible to scan and verify the vulnerability using Nuclei. This can be very powerful for exploring and testing for a given vulnerability.

Expand the default View

The -field parameter can help expand the normally limited view if you would like to see more attributes for the CVE.

PS C:\Users\...> .\cvemap.exe -v "sitecore" -field assignee,vstatus,poc


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/
                               /_/


                projectdiscovery.io

[INF] Current cvemap version v0.0.6 (latest)
╭─────────────────┬──────┬──────────┬─────────┬─────────────────────┬──────┬──────────┬───────────────┬───────────┬───────╮
│ ID              │ CVSS │ SEVERITY │ EPSS    │ PRODUCT             │ AGE  │ TEMPLATE │ ASSIGNEE      │ VSTATUS   │ POC   │
├─────────────────┼──────┼──────────┼─────────┼─────────────────────┼──────┼──────────┼───────────────┼───────────┼───────┤
│ CVE-2023-358139.8  │ CRITICAL │ 0.8819  │ experience_commerce │ 341  │ ✅       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2023-336538.8  │ HIGH     │ 0.00137 │ experience_platform │ 352  │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2023-336528.8  │ HIGH     │ 0.00138 │ experience_platform │ 352  │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2023-336517.5  │ HIGH     │ 0.001   │ experience_commerce │ 352  │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2023-270689.8  │ CRITICAL │ 0.00185 │ experience_platform │ 367  │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2023-270677.5  │ HIGH     │ 0.00248 │ experience_platform │ 367  │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2023-270666.5  │ MEDIUM   │ 0.00112 │ experience_platform │ 367  │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2023-262627.2  │ HIGH     │ 0.00114 │ experience_manager  │ 436  │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2021-422379.8  │ CRITICAL │ 0.97549 │ experience_platform │ 931  │ ✅       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2021-383668.8  │ HIGH     │ 0.00266 │ sitecore            │ 1015 │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2019-98758.8  │ HIGH     │ 0.01735 │ cms                 │ 1819 │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2019-98749.8  │ CRITICAL │ 0.01639 │ cms                 │ 1819 │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2019-134935.4  │ MEDIUM   │ 0.00091 │ experience_platform │ 1772 │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2019-124409.8  │ CRITICAL │ 0.00372 │ rocks               │ 1821 │ ❌       │ cve@mitre.org │ CONFIRMED │ FALSE
│ CVE-2019-111986.1  │ MEDIUM   │ 0.00175 │ cms                 │ 1753 │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2019-110808.8  │ HIGH     │ 0.04376 │ experience_platform │ 1813 │ ❌       │ cve@mitre.org │ MODIFIED  │ TRUE
│ CVE-2018-76697.5  │ HIGH     │ 0.81986 │ sitecore.net        │ 2218 │ ❌       │ cve@mitre.org │ MODIFIED  │ TRUE
│ CVE-2017-93566.1  │ MEDIUM   │ 0.00074 │ sitecore.net        │ 2527 │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2017-59664.9  │ MEDIUM   │ 0.0035  │ crm                 │ 2558 │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2017-59656.7  │ MEDIUM   │ 0.00256 │ crm                 │ 2558 │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2017-114404.9  │ MEDIUM   │ 0.0013  │ cms                 │ 2501 │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2017-114395.4  │ MEDIUM   │ 0.00115 │ cms                 │ 2501 │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2016-88556.1  │ MEDIUM   │ 0.00116 │ experience_platform │ 2622 │ ❌       │ cve@mitre.org │ CONFIRMED │ TRUE
│ CVE-2014-1000044.3  │ MEDIUM   │ 0.00294 │ cms                 │ 3419 │ ❌       │ cve@mitre.org │ MODIFIED  │ TRUE
│ CVE-2009-43676.8  │ MEDIUM   │ 0.04424 │ staging_module      │ 5267 │ ❌       │ cve@mitre.org │ MODIFIED  │ TRUE
│ CVE-2009-21634.3  │ MEDIUM   │ 0.00149 │ cms                 │ 5449 │ ❌       │ cve@mitre.org │ MODIFIED  │ TRUE
│ CVE-2009-10554    │ MEDIUM   │ 0.00164 │ cms                 │ 5539 │ ❌       │ cve@mitre.org │ MODIFIED  │ FALSE
╰─────────────────┴──────┴──────────┴─────────┴─────────────────────┴──────┴──────────┴───────────────┴───────────┴───────╯

Output as JSON

With the -j flag, you can return the output as JSON. This can help you process the returned data with automated processes.

It would be best if you also include -silent to mute the header of the tool, so the response only contains the JSON body.

The output formatted as JSON provides more details, including information that might not otherwise be visible, such as the CVSS Vector. However you can also expand this in the regular view with -field.

PS C:\Users\...> .\cvemap.exe -id "CVE-2023-35813" -j


   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/
                               /_/


                projectdiscovery.io

[INF] Current cvemap version v0.0.6 (latest)
[
  {
    "cve_id": "CVE-2023-35813",
    "cve_description": "Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.",
    "severity": "critical",
    "cvss_score": 9.8,
    "cvss_metrics": {
      "cvss31": {
        "score": 9.8,
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "severity": "critical"
      }
    },
    "weaknesses": [
      {
        "cwe_id": "NVD-CWE-noinfo"
      }
    ],
    "epss": {
      "epss_score": 0.8819,
      "epss_percentile": 0.98674
    },
    "cpe": {
      "cpe": "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*",
      "vendor": "sitecore",
      "product": "experience_commerce"
    },
    "reference": [
      "https://github.com/aalexpereira/CVE-2023-35813",
      "https://github.com/aalexpereira/pipelines-tricks",
      "https://github.com/nomi-sec/PoC-in-GitHub",
      "https://github.com/BagheeraAltered/CVE-2023-35813-PoC"
    ],
    "poc": [
      {
        "url": "https://github.com/BagheeraAltered/CVE-2023-35813-PoC",
        "source": "gh-nomi-sec",
        "added_at": "2024-01-15T14:14:42Z"
      },
      {
        "url": "https://github.com/aalexpereira/CVE-2023-35813",
        "source": "gh-nomi-sec",
        "added_at": "2023-12-31T05:23:09Z"
      }
    ],
    "vendor_advisory": "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1002979",
    "patch_url": [
      "https://support.sitecore.com/kb?id=kb_article_view\u0026sysparm_article=KB1002979"
    ],
    "is_template": true,
    "nuclei_templates": {
      "template_path": "http/cves/2023/CVE-2023-35813.yaml",
      "template_url": "https://cloud.projectdiscovery.io/public/CVE-2023-35813",
      "created_at": "2023-10-10T23:26:29+05:30",
      "updated_at": "2024-04-08T17:04:33+05:30"
    },
    "is_exploited": false,
    "assignee": "[email protected]",
    "published_at": "2023-06-17T23:15:09.137",
    "updated_at": "2023-06-30T07:38:07.763",
    "hackerone": {
      "rank": 40,
      "count": 104
    },
    "age_in_days": 341,
    "vuln_status": "confirmed",
    "is_poc": true,
    "is_remote": true,
    "is_oss": false,
    "vulnerable_cpe": [
      "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*",
      "cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*",
      "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*",
      "cpe:2.3:a:sitecore:managed_cloud:*:*:*:*:*:*:*:*"
    ]
  }
]

Query CVEMAP with PHP

This is an example to query CVEMAP with PHP (on a windows system). Since interactive auth is not a good option here, the tool offers using an environment variable to provide the API key.

<?php
// web-performance.ch 2024-05-26
putenv("PDCP_API_KEY=your-api-key);

// CVE ID to fetch details for
$cve_id = "CVE-2023-35813";

// Command to execute cvemap with JSON output
$command = __DIR__ . '\cvemap.exe -id ' . escapeshellarg($cve_id) . ' -j -silent  2>&1';

// Execute the command and capture the JSON output
exec($command, $output, $return_var);

// Combine line by line array into a single string
$output = implode("\n",$output);

// Decode the JSON output into an associative array
$data = json_decode($output);

// Check if the decoding was successful
if ($data === null) {
    echo "Failed to decode JSON.";
} else {
    // Display or process the CVE details
    echo "<pre>";
    print_r($data);
    echo "</pre>";

    // $data[0]->cve_id);
}

Here is a screenshot of the output in a browser.

http://localhost/cvemap/cvemap.php (2024-05-26)

Update CVEMAP

The self-updater can take care of keeping the binary up-to-date on your system.

PS C:\Users\...> .\cvemap.exe -up

   ______   _____  ____ ___  ____  ____
  / ___/ | / / _ \/ __ \__ \/ __ \/ __ \
 / /__ | |/ /  __/ / / / / / /_/ / /_/ /
 \___/ |___/\___/_/ /_/ /_/\__,_/ .___/
                               /_/


                projectdiscovery.io

8.97 MiB / 8.97 MiB [--------------------------------------------------------] 100.00% 31.39 MiB p/s
[INF] Verified Integrity of cvemap_0.0.6_windows_amd64.zip

[INF] cvemap sucessfully updated 0.0.4 -> 0.0.6 (latest)


  ## What's Changed

  • Fixed issue with CWE-ID filter input option by @RamanaReddy0M in
  https://github.com/projectdiscovery/cvemap/pull/79
  • Added health check option by @RamanaReddy0M in
  https://github.com/projectdiscovery/cvemap/pull/101

  Full Changelog:
  https://github.com/projectdiscovery/cvemap/compare/v0.0.5...v0.0.6

Pricing of CVEMAP

https://cloud.projectdiscovery.io/settings/billing (2024-05-26)

Upgrading from projectdiscovery free to projectdiscovery PRO for CVEMAP may not seem to provide any additional value. The value of the upgrade lies more in the other tools offered by projectdiscovery.io. I will need to explore the other tools they provide. I am also a user of Nuclei, a fast and customizable vulnerability scanner powered by simple YAML-based templates, where a post is currently in the works.