Is there a way to create a package to errata correlation?

I am analyzing a system remote to my satellite infrastructure with no internet access to the box itself. I need to come up (for regulatory reasons) with a list of security updates on that box.

Is there any way that I could take a list of packages with versions and come up with a list of RHEL errata? Something like a list of errata with the corresponding packages for each that I could use to correlate each package version with an RHxA indentifier (if there is one), then sort and unique to get a list of errata effectively on that system.

Could I create such a list accessing the PULP database on Satellite (hammer command? python script? I'm open to methodologies).