Hi,
Just read a blog over at c0t0d0s0.org regarding searching installed packages by a CVE (Common Vulnerability and Exposures) number.
# pkg search -l CVE-2014-7187
INDEX ACTION VALUE PACKAGE
info.cve set CVE-2014-7187 pkg:/support/critical-patch-update/solaris-11-cpu@2014.10-1
Source here
Bgrds,
FOG