1

I have a hash table of PSObjects that holds information about widnows patches and CVE numbers, it takes the format:

ID                  : 2022-Sep
InitialRealeaseDate : 13/09/2022 07:00:00
CvrfUrl             : https://api.msrc.microsoft.com/cvrf/v2.0/document/2022-Sep
Severity            :
DocumentTitle       : September 2022 Security Updates
cve                 : CVE-2022-37969
Alias               : 2022-Sep
CurrentReleaseDate  : 04/10/2022 07:00:00

I am trying to extract the record that has a matching CVE. I thought his should work:

$results | where {$results.cve -eq 'CVE-2022-38006'}

but it returns a number of records (including the correct one) but for most the $records.cve element has absolutely nothing in common with the requested filter and I wouldn't expect it to be returned.

ID                  : 2022-Sep
InitialRealeaseDate : 13/09/2022 07:00:00
CvrfUrl             : https://api.msrc.microsoft.com/cvrf/v2.0/document/2022-Sep
Severity            :
DocumentTitle       : September 2022 Security Updates
cve                 : CVE-2022-37969
Alias               : 2022-Sep
CurrentReleaseDate  : 04/10/2022 07:00:00

ID                  : 2022-Sep
InitialRealeaseDate : 13/09/2022 07:00:00
CvrfUrl             : https://api.msrc.microsoft.com/cvrf/v2.0/document/2022-Sep
Severity            :
DocumentTitle       : September 2022 Security Updates
cve                 : CVE-2022-38004
Alias               : 2022-Sep
CurrentReleaseDate  : 04/10/2022 07:00:00

ID                  : 2022-Sep
InitialRealeaseDate : 13/09/2022 07:00:00
CvrfUrl             : https://api.msrc.microsoft.com/cvrf/v2.0/document/2022-Sep
Severity            :
DocumentTitle       : September 2022 Security Updates
cve                 : CVE-2022-38005
Alias               : 2022-Sep
CurrentReleaseDate  : 04/10/2022 07:00:00

ID                  : 2022-Sep
InitialRealeaseDate : 13/09/2022 07:00:00
CvrfUrl             : https://api.msrc.microsoft.com/cvrf/v2.0/document/2022-Sep
Severity            :
DocumentTitle       : September 2022 Security Updates
cve                 : CVE-2022-38006
Alias               : 2022-Sep
CurrentReleaseDate  : 04/10/2022 07:00:00

Get-Member says the CVE element is a string:

PS E:\Scripts\Ian\GIT\XDR> $results | gm

   TypeName: System.Management.Automation.PSCustomObject

Name                MemberType   Definition
----                ----------   ----------
Equals              Method       bool Equals(System.Object obj)
GetHashCode         Method       int GetHashCode()
GetType             Method       type GetType()
ToString            Method       string ToString()
Alias               NoteProperty string Alias=2022-Sep
CurrentReleaseDate  NoteProperty string CurrentReleaseDate=04/10/2022 07:00:00
cve                 NoteProperty string cve=
CvrfUrl             NoteProperty string CvrfUrl=https://api.msrc.microsoft.com/cvrf/v2.0/document/2022-Sep
DocumentTitle       NoteProperty string DocumentTitle=September 2022 Security Updates
ID                  NoteProperty string ID=2022-Sep
InitialRealeaseDate NoteProperty string InitialRealeaseDate=13/09/2022 07:00:00
Severity            NoteProperty string Severity=

What am I doing wrong?

Improve this question

1 Answer 1

Reset to default
2

Rather than:

$results | where {$results.cve -eq 'CVE-2022-38006'}

Try:

$results | where {$_.cve -eq 'CVE-2022-38006'}

Or more simply:

$results | where cve -eq 'CVE-2022-38006'
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you ... sometimes the simplest thing is what catches you out. Ive stared at that for hours this morning.
You can even drop the quotes.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.