Is there a way to find the date when a CVE (identified by the CVE-ID) is detected and the date when a fix/patch is available?
Asked
Active
Viewed 450 times
0
-
1"is detected" -- what does that mean? Something different from the date that is already part of the CVE number? And as for patches, that will be up to the vendor/developer. You don't search the CVE for the patch availability, but the vendor/developer site. – schroeder May 21 '20 at 15:35
-
1related question: https://security.stackexchange.com/questions/35904/source-where-you-can-find-if-a-cve-has-a-patch-or-not?rq=1 – Pedro May 21 '20 at 16:28
1 Answers
2
The best you can do is read the References associated with a CVE. The CVE Date Entry Created isn't useful because, as they point out,
Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
The References section, however, may include announcements of the vulnerability and announcements of fixed versions, which will likely provide the dates you're looking for.
The downside of all this is that it's clearly a manual process, and your success at finding dates will vary from one entry to the next - again, as the MITRE site says, "The [References] list is not intended to be complete."
gowenfawr
- 72,893
- 17
- 165
- 200