Validate by CVE:
SELECT * FROM public_vulnerabilities_cves WHERE cve like '%<CVE-ID>%';
Validating by Xray ID:
SELECT * FROM public.public_vulnerabilities WHERE vuln_id like '%<XRAY-ID>%';
For example, validating the existence of log4j-core in Xray 3.x PSQL database:
By CVE:
SELECT * FROM public_vulnerabilities_cves WHERE cve like '%CVE-2021-44228%';
By Xray ID:
SELECT * FROM public.public_vulnerabilities WHERE vuln_id like '%XRAY-191654%';
Xray 2.X
1. Get the MongoDB password from the MongoDB_Admin_pass.txt file:
cat ~/MongoDB_Admin_pass.txt
2. Login to MongoDB:
3. Switch to Xray database:
4. Search by vulnerability by Xray ID:
5. Search by CVE:
mongo -u xray --authenticationDatabase xray --authenticationMechanism SCRAM-SHA-1 -p <PASSWORD>
3. Switch to Xray database:
use xray
4. Search by vulnerability by Xray ID:
db.vulnerabilities.find({"_id":"<XRAY ID>"})
5. Search by CVE:
db.vulnerabilities.find({"cves.cve" : {$regex: "<CVE>"}})
For example, validating the existence of log4j-core in Xray DB:
By CVE:
db.vulnerabilities.find({"cves.cve" : {$regex: "CVE-2021-44228"}})
By Xray ID:
db.vulnerabilities.find({"_id":"XRAY-191654"})