"rhsecapi"
rhsecapi makes it easy to interface with the Red Hat Security Data API.
From the RPM info in the rhsecapi package:
Leverage Red Hat's Security Data API to find CVEs by various attributes (date, severity, scores, package, IAVA, etc). Retrieve customizable details about found CVEs or about specific CVE ids input on cmdline. Parse arbitrary stdin for CVE ids and generate a customized report, optionally sending it straight to pastebin. Searches are done via a single instantaneous http request and CVE retrieval is parallelized, utilizing multiple threads at once. Python requests is used for all remote communication, so proxy support is baked right in. BASH intelligent tab-completion is supported via optional Python argcomplete module. Python2 tested on RHEL6, RHEL7, & Fedora but since it doesn't integrate with RHN/RHSM/yum/Satellite, it can be used on any internet-connected machine. Feedback, feature requests, and code contributions welcome.
This tool make it easy to make a query regarding a CVE against RH suite of products and check how are they affected.
A simple query on a CVE
$rhsecapi CVE-2024-3094
[NOTICE ] rhsda: Found 1 CVEs on cmdline
[NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 1 of 1
CVE-2024-3094
SEVERITY : Critical Impact
DATE : 2024-03-29
BUGZILLA : 2272210
FIX_STATES :
Not affected: Red Hat Enterprise Linux 6 [xz]
Not affected: Red Hat Enterprise Linux 7 [xz]
Not affected: Red Hat Enterprise Linux 8 [xz]
Not affected: Red Hat Enterprise Linux 9 [xz]
Not affected: Red Hat JBoss Enterprise Application Platform 8 [xz]
Another query that also shows the relevant RHSA
rhsecapi CVE-2023-4911 [NOTICE ] rhsda: Found 1 CVEs on cmdline [NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 1 of 1
CVE-2023-4911
SEVERITY : Important Impact
DATE : 2023-10-03
BUGZILLA : 2238352
FIXED_RELEASES :
Red Hat Enterprise Linux 8: [glibc-0:2.28-225.el8_8.6] via RHSA-2023:5455 (2023-10-05)
Red Hat Enterprise Linux 8: [glibc-0:2.28-225.el8_8.6] via RHSA-2023:5455 (2023-10-05)
Red Hat Enterprise Linux 8.6 Extended Update Support: [glibc-0:2.28-189.6.el8_6] via RHSA-2023:5476 (2023-10-05)
Red Hat Enterprise Linux 9: [glibc-0:2.34-60.el9_2.7] via RHSA-2023:5453 (2023-10-05)
Red Hat Enterprise Linux 9: [glibc-0:2.34-60.el9_2.7] via RHSA-2023:5453 (2023-10-05)
Red Hat Enterprise Linux 9.0 Extended Update Support: [glibc-0:2.34-28.el9_0.4] via RHSA-2023:5454 (2023-10-05)
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8: [glibc-0:2.28-189.6.el8_6] via RHSA-2023:5476 (2023-10-05)
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8: [redhat-release-virtualization-host-0:4.5.3-10.el8ev] via RHSA-2024:0033 (2024-01-03)
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8: [redhat-virtualization-host-0:4.5.3-202312060823_8.6] via RHSA-2024:0033 (2024-01-03)
FIX_STATES :
Not affected: Red Hat Enterprise Linux 6 [glibc]
Not affected: Red Hat Enterprise Linux 7 [compat-glibc]
Not affected: Red Hat Enterprise Linux 7 [glibc]
UPDATE : There is a version that supports python3 used in RHEL8/9. You can get it here
One problem is that rhsecapi needs python2 so it is problem getting it to run on anything newer than RHEL7. There is an option to run it in a docker container.
This is the method I ended up using to run rhsecapi.
distrobox which used podman to create a Centos 7 container then install the rhsecapi rpm.
[bogus@myhost ~]$ distrobox enter --root centos7
[bogus@centos7 ~]$ rhsecapi -h
usage: rhsecapi [--q-before YYYY-MM-DD] [--q-after YYYY-MM-DD] [--q-bug BZID] [--q-advisory RHSA] [--q-severity IMPACT] [--q-product PRODUCT] [--q-package PKG] [--q-cwe CWEID] [--q-cvss SCORE] [--q-cvss3 SCORE] [--q-empty] [--q-pagesize PAGESZ] [--q-pagenum PAGENUM] [--q-raw RAWQUERY] [-i YYYY-?-NNNN] [-x] [-0] [-f FIELDS | -a | -m] [-p PRODUCT] [-j] [-u] [-w [WIDTH]] [-c] [-l {debug,info,notice,warning}] [-t THREDS] [-P] [-E [DAYS]] [--dryrun] [-h] [--help] [CVE-YYYY-NNNN [CVE-YYYY-NNNN ...]]
Run rhsecapi --help for full help page
VERSION: rhsecapi v1.0.1 last mod 2017/06/27 See http://github.com/ryran/rhsecapi to report bugs or RFEs