Public/Get-MsrcCvrfCVESummary.ps1
Function Get-MsrcCvrfCVESummary { <# .SYNOPSIS Get the CVE summary from vulnerabilities found in CVRF document .DESCRIPTION This function gathers the CVE Summary from vulnerabilities in a CVRF document. .PARAMETER Vulnerability A vulnerability object or objects from a CVRF document object .EXAMPLE Get-MsrcCvrfDocument -ID 2016-Nov | Get-MsrcCvrfCVESummary Get the CVE summary from a CVRF document using the pipeline. .EXAMPLE $cvrfDocument = Get-MsrcCvrfDocument -ID 2016-Nov Get-MsrcCvrfCVESummary -Vulnerability $cvrfDocument.Vulnerability Get the CVE summary from a CVRF document using a variable and parameters #> [CmdletBinding()] Param ( [Parameter(Mandatory,ValueFromPipelineByPropertyName)] $Vulnerability, [Parameter(Mandatory,ValueFromPipelineByPropertyName)] $ProductTree ) Begin { $MaximumSeverityType = 3 $ThreatsImpactType = 0 Function Get-MaxSeverity { [CmdletBinding()] [OutputType('System.String')] Param($InputObject) Begin {} Process { if ('Critical' -in $InputObject) { 'Critical' } elseif ('Important' -in $InputObject) { 'Important' } elseif ('Moderate' -in $InputObject) { 'Moderate' } elseif ('Low' -in $InputObject) { 'Low' } else { 'Unknown' } } End {} } } Process { $Vulnerability | ForEach-Object { $v = $_ [PSCustomObject]@{ CVE = $v.CVE Weakness = $(if ($v.CWE) { '{0} : {1}' -f "$($v.CWE.ID)","$($v.CWE.Value)"}) Description = $( ($v.Notes | Where-Object { $_.Title -eq 'Description' }).Value ) ; 'Maximum Severity Rating' = $( Get-MaxSeverity ($v.Threats | Where-Object {$_.Type -eq $MaximumSeverityType } ).Description.Value | Select-Object -Unique ) ; 'Vulnerability Impact' = $( ($v.Threats | Where-Object {$_.Type -eq $ThreatsImpactType }).Description.Value | Select-Object -Unique ) ; 'Affected Software' = $( $v.ProductStatuses.ProductID | ForEach-Object { $id = $_ ($ProductTree.FullProductName | Where-Object { $_.ProductID -eq $id}).Value } ) ; } } } End {} } |