Refine your search
76 vulnerabilities found for Azure by Microsoft
CERTFR-2025-AVI-0881
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Monitor Agent versions ant\u00e9rieures \u00e0 1.38.1.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Arc Enabled Servers - Azure Connected Machine Agent versions ant\u00e9rieures \u00e0 1.56",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Compute Gallery",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-59292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59292"
},
{
"name": "CVE-2025-59285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59285"
},
{
"name": "CVE-2025-47989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47989"
},
{
"name": "CVE-2025-59494",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59494"
},
{
"name": "CVE-2025-59291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59291"
},
{
"name": "CVE-2025-58724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58724"
}
],
"initial_release_date": "2025-10-15T00:00:00",
"last_revision_date": "2025-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0881",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-47989",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47989"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-59292",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59292"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-58724",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58724"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-59285",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59285"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-59494",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59494"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-59291",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59291"
}
]
}
CERTFR-2025-AVI-0870
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Microsoft Azure. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Confidential Compute VM SKU ECasv6/ECadsv6",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Confidential Compute VM SKU ECasv5/ECadsv5",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Confidential Compute VM SKU DCasv6/DCadsv6",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Confidential Compute VM SKU DCasv5/DCadsv5",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0033"
}
],
"initial_release_date": "2025-10-14T00:00:00",
"last_revision_date": "2025-10-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0870",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Azure. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-10-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-0033",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-0033"
}
]
}
CERTFR-2025-AVI-0688
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure File Sync v19 versions antérieures à 19.2.0.0 | ||
| Microsoft | Azure | Azure Stack Hub versions antérieures à 102.10.2.11 | ||
| Microsoft | Azure | Azure Stack Hub 2501 versions antérieures à 1.2501.1.47 | ||
| Microsoft | Azure | Azure File Sync v20 versions antérieures à 20.1.0.0 | ||
| Microsoft | Azure | Azure File Sync v18 versions antérieures à 18.3.0.0 | ||
| Microsoft | Azure | Azure Stack Hub 2406 versions antérieures à 1.2406.1.23 | ||
| Microsoft | Azure | Azure Stack Hub 2408 versions antérieures à 1.2408.1.50 | ||
| Microsoft | Azure | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack versions antérieures à 13.0.7060.1 | ||
| Microsoft | Azure | Azure File Sync v21 versions antérieures à 21.1.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure File Sync v19 versions ant\u00e9rieures \u00e0 19.2.0.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack Hub versions ant\u00e9rieures \u00e0 102.10.2.11",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack Hub 2501 versions ant\u00e9rieures \u00e0 1.2501.1.47",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v20 versions ant\u00e9rieures \u00e0 20.1.0.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v18 versions ant\u00e9rieures \u00e0 18.3.0.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack Hub 2406 versions ant\u00e9rieures \u00e0 1.2406.1.23",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack Hub 2408 versions ant\u00e9rieures \u00e0 1.2408.1.50",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack versions ant\u00e9rieures \u00e0 13.0.7060.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v21 versions ant\u00e9rieures \u00e0 21.1.0.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-53793",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53793"
},
{
"name": "CVE-2025-53727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53727"
},
{
"name": "CVE-2025-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24999"
},
{
"name": "CVE-2025-53729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53729"
},
{
"name": "CVE-2025-49759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49759"
},
{
"name": "CVE-2025-53781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53781"
},
{
"name": "CVE-2025-49707",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49707"
},
{
"name": "CVE-2025-53765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53765"
},
{
"name": "CVE-2025-49758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49758"
}
],
"initial_release_date": "2025-08-13T00:00:00",
"last_revision_date": "2025-08-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0688",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-53729",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53729"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-53793",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53793"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-53781",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53781"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-53727",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53727"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-53765",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53765"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-49758",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49758"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-49759",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49759"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-49707",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49707"
},
{
"published_at": "2025-08-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-24999",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24999"
}
]
}
CERTFR-2025-AVI-0407
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure AI Document Intelligence Studio versions ant\u00e9rieures \u00e0 1.0.03019.1-official-7241c17a",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v20.0 versions ant\u00e9rieures \u00e0 5041884",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v19.0 versions ant\u00e9rieures \u00e0 26100",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-29973",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29973"
},
{
"name": "CVE-2025-30387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30387"
}
],
"initial_release_date": "2025-05-14T00:00:00",
"last_revision_date": "2025-05-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0407",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-14T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-30387",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30387"
},
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-29973",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29973"
}
]
}
CERTFR-2025-AVI-0364
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure AI Bot Service",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Functions",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Machine Learning",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Virtual Desktop",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30392"
},
{
"name": "CVE-2025-33074",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33074"
},
{
"name": "CVE-2025-30390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30390"
},
{
"name": "CVE-2025-21416",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21416"
},
{
"name": "CVE-2025-30389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30389"
}
],
"initial_release_date": "2025-05-02T00:00:00",
"last_revision_date": "2025-05-02T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0364",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-30389",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30389"
},
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-33074",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-33074"
},
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-30390",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30390"
},
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-21416",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21416"
},
{
"published_at": "2025-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-30392",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30392"
}
]
}
CERTFR-2025-AVI-0290
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Stack HCI OS 22H2 versions ant\u00e9rieures \u00e0 10.0.20348.3328",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack HCI OS 23H2 versions ant\u00e9rieures \u00e0 10.0.25398.1486",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Local Cluster versions ant\u00e9rieures \u00e0 2411.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-25002",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25002"
},
{
"name": "CVE-2025-27489",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27489"
},
{
"name": "CVE-2025-26628",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26628"
}
],
"initial_release_date": "2025-04-09T00:00:00",
"last_revision_date": "2025-04-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0290",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-26628",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26628"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-27489",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27489"
},
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-25002",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25002"
}
]
}
CERTFR-2025-AVI-0261
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Health Bot",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Playwright",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-26683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26683"
},
{
"name": "CVE-2025-21384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21384"
}
],
"initial_release_date": "2025-04-01T00:00:00",
"last_revision_date": "2025-04-01T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0261",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-01T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-21384",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-26683",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26683"
}
]
}
CERTFR-2025-AVI-0239
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Microsoft Azure Kubernetes Service. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Microsoft indique que les vulnérabilités CVE-2025-1974 et CVE-2025-1097 n'affectent pas Azure Kubernetes Service.
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Kubernetes Service versions ant\u00e9rieures \u00e0 1.11.5",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Kubernetes Service versions 1.12.x ant\u00e9rieures \u00e0 1.12.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "Microsoft indique que les vuln\u00e9rabilit\u00e9s CVE-2025-1974 et CVE-2025-1097 n\u0027affectent pas Azure Kubernetes Service.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-1097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1097"
},
{
"name": "CVE-2025-24514",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24514"
},
{
"name": "CVE-2025-24513",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24513"
},
{
"name": "CVE-2025-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1974"
},
{
"name": "CVE-2025-1098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1098"
}
],
"initial_release_date": "2025-03-25T00:00:00",
"last_revision_date": "2025-03-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0239",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure Kubernetes Service. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure Kubernetes Service",
"vendor_advisories": [
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-24513",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24513"
},
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-1098",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1098"
},
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-1974",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1974"
},
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-1097",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-1097"
},
{
"published_at": "2025-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2025-24514",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24514"
}
]
}
CERTFR-2024-AVI-1023
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Microsoft Azure. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
La mise à jour a déjà été déployée par Microsoft. Aucune action utilisateur n'est requise.
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Azure Functions",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "La mise \u00e0 jour a d\u00e9j\u00e0 \u00e9t\u00e9 d\u00e9ploy\u00e9e par Microsoft. Aucune action utilisateur n\u0027est requise.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-49052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49052"
}
],
"initial_release_date": "2024-11-27T00:00:00",
"last_revision_date": "2024-11-27T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1023",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-27T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Azure. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2024-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-49052",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49052"
}
]
}
CERTFR-2024-AVI-0994
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Microsoft Azure. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Stack HCI 23H2 versions ant\u00e9rieures \u00e0 2411",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-49060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49060"
}
],
"initial_release_date": "2024-11-18T00:00:00",
"last_revision_date": "2024-11-18T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0994",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-18T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Azure. Elle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-49060",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49060"
}
]
}
CERTFR-2024-AVI-0977
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure Database pour PostgreSQL Flexible Server 13 versions antérieures à 13.16 | ||
| Microsoft | Azure | Azure Database pour PostgreSQL Flexible Server 12 versions antérieures à 12.20 | ||
| Microsoft | Azure | Azure Database pour PostgreSQL Flexible Server 16 versions antérieures à 16.4 | ||
| Microsoft | Azure | Azure Linux 3.0 x64 versions antérieures à 3.3.0-2 | ||
| Microsoft | Azure | Azure Database pour PostgreSQL Flexible Server 14 versions antérieures à 14.13 | ||
| Microsoft | Azure | Azure Database pour PostgreSQL Flexible Server 15 versions antérieures à 15.8 | ||
| Microsoft | Azure | Azure Linux 3.0 ARM versions antérieures à 3.3.0-2 | ||
| Microsoft | Azure | Azure CycleCloud 8.x versions antérieures à 8.6.5 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Database pour PostgreSQL Flexible Server 13 versions ant\u00e9rieures \u00e0 13.16",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Database pour PostgreSQL Flexible Server 12 versions ant\u00e9rieures \u00e0 12.20",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Database pour PostgreSQL Flexible Server 16 versions ant\u00e9rieures \u00e0 16.4",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Linux 3.0 x64 versions ant\u00e9rieures \u00e0 3.3.0-2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Database pour PostgreSQL Flexible Server 14 versions ant\u00e9rieures \u00e0 14.13",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Database pour PostgreSQL Flexible Server 15 versions ant\u00e9rieures \u00e0 15.8",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Linux 3.0 ARM versions ant\u00e9rieures \u00e0 3.3.0-2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.x versions ant\u00e9rieures \u00e0 8.6.5",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-43602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43602"
},
{
"name": "CVE-2024-49042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49042"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-43613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43613"
}
],
"initial_release_date": "2024-11-13T00:00:00",
"last_revision_date": "2024-11-13T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0977",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-43602",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43602"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-5535",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-5535"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-49042",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49042"
},
{
"published_at": "2024-11-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-43613",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43613"
}
]
}
CERTFR-2024-AVI-0856
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure Service Fabric 9.1 pour Linux versions antérieures à 9.1.2498.1 | ||
| Microsoft | Azure | Azure CLI versions antérieures à 2.65.0 | ||
| Microsoft | Azure | Azure Service Connector versions antérieures à 2.65.0 | ||
| Microsoft | Azure | Azure Service Fabric 10.1 pour Linux versions antérieures à 10.1.2308.1 | ||
| Microsoft | Azure | Azure Stack HCI 22H2 versions antérieures à 20349.2762 | ||
| Microsoft | Azure | Azure Service Fabric 10.0 pour Linux versions antérieures à 10.0.2345.1 | ||
| Microsoft | Azure | Azure Stack HCI 23H2 versions antérieures à 25398.1189 | ||
| Microsoft | Azure | Azure Monitor Agent versions antérieures à 1.30.0 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Service Fabric 9.1 pour Linux versions ant\u00e9rieures \u00e0 9.1.2498.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CLI versions ant\u00e9rieures \u00e0 2.65.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Service Connector versions ant\u00e9rieures \u00e0 2.65.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Service Fabric 10.1 pour Linux versions ant\u00e9rieures \u00e0 10.1.2308.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack HCI 22H2 versions ant\u00e9rieures \u00e0 20349.2762",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Service Fabric 10.0 pour Linux versions ant\u00e9rieures \u00e0 10.0.2345.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack HCI 23H2 versions ant\u00e9rieures \u00e0 25398.1189",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Monitor Agent versions ant\u00e9rieures \u00e0 1.30.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38179"
},
{
"name": "CVE-2024-43480",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43480"
},
{
"name": "CVE-2024-38097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38097"
},
{
"name": "CVE-2024-43591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43591"
}
],
"initial_release_date": "2024-10-09T00:00:00",
"last_revision_date": "2024-10-09T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0856",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-43480",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43480"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38097",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38097"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-43591",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43591"
},
{
"published_at": "2024-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38179",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38179"
}
]
}
CERTFR-2024-AVI-0418
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Microsoft Azure Monitor Agent. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Monitor Agent versions ant\u00e9rieures \u00e0 1.26.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-30060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30060"
}
],
"initial_release_date": "2024-05-17T00:00:00",
"last_revision_date": "2024-05-17T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-30060 du 16 mai 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30060"
}
],
"reference": "CERTFR-2024-AVI-0418",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eMicrosoft\nAzure Monitor Agent\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Azure Monitor Agent",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-30060 du 16 mai 2024",
"url": null
}
]
}
CERTFR-2024-AVI-0402
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Microsoft Azure Migrate. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Migrate versions ant\u00e9rieures \u00e0 6.1.294.1008",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-30053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30053"
}
],
"initial_release_date": "2024-05-15T00:00:00",
"last_revision_date": "2024-05-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0402",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Azure Migrate. Elle\npermet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Azure Migrate",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-30053 du 14 mai 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30053"
}
]
}
CERTFR-2024-AVI-0291
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure Arc Cluster microsoft.azurekeyvaultsecretsprovider Extension versions antérieures à 1.5.2 | ||
| Microsoft | Azure | Azure Migrate versions antérieures à 6.1.294.1003 | ||
| Microsoft | Azure | Azure Arc Cluster microsoft.videoindexer Extension versions antérieures à 1.1.2 | ||
| Microsoft | Azure | Azure CycleCloud 8.6.0 versions antérieures à 8.6.1 | ||
| Microsoft | Azure | Azure Arc Cluster microsoft.iotoperations.mq Extension versions antérieures à 0.3.0-preview | ||
| Microsoft | Azure | Azure Compute Gallery | ||
| Microsoft | Azure | Azure Arc Cluster microsoft.azure.hybridnetwork Extension versions antérieures à 1.0.2620-162 | ||
| Microsoft | Azure | Azure Private 5G Core versions antérieures à 2403.0-2 | ||
| Microsoft | Azure | Azure Monitor Agent versions antérieures à 1.24.0 | ||
| Microsoft | Azure | Azure Kubernetes Service Confidential Containers versions antérieures à 0.3.4 | ||
| Microsoft | Azure | Azure Arc Cluster microsoft.openservicemesh Extension versions antérieures à 1.2.6 | ||
| Microsoft | Azure | Azure Arc Cluster microsoft.azstackhci.operator Extension versions antérieures à 5.0.5 | ||
| Microsoft | Azure | Azure Arc Cluster microsoft.networkfabricserviceextension Extension versions antérieures à 5.1.3 | ||
| Microsoft | Azure | Azure Identity Library pour .NET versions antérieures à 1.11.0 | ||
| Microsoft | Azure | Azure AI Search |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Arc Cluster microsoft.azurekeyvaultsecretsprovider Extension versions ant\u00e9rieures \u00e0 1.5.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Migrate versions ant\u00e9rieures \u00e0 6.1.294.1003",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Arc Cluster microsoft.videoindexer Extension versions ant\u00e9rieures \u00e0 1.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.6.0 versions ant\u00e9rieures \u00e0 8.6.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Arc Cluster microsoft.iotoperations.mq Extension versions ant\u00e9rieures \u00e0 0.3.0-preview",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Compute Gallery",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Arc Cluster microsoft.azure.hybridnetwork Extension versions ant\u00e9rieures \u00e0 1.0.2620-162",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Private 5G Core versions ant\u00e9rieures \u00e0 2403.0-2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Monitor Agent versions ant\u00e9rieures \u00e0 1.24.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Kubernetes Service Confidential Containers versions ant\u00e9rieures \u00e0 0.3.4",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Arc Cluster microsoft.openservicemesh Extension versions ant\u00e9rieures \u00e0 1.2.6",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Arc Cluster microsoft.azstackhci.operator Extension versions ant\u00e9rieures \u00e0 5.0.5",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Arc Cluster microsoft.networkfabricserviceextension Extension versions ant\u00e9rieures \u00e0 5.1.3",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Identity Library pour .NET versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure AI Search",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29063"
},
{
"name": "CVE-2024-29993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29993"
},
{
"name": "CVE-2024-29989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29989"
},
{
"name": "CVE-2024-21424",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21424"
},
{
"name": "CVE-2024-29990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29990"
},
{
"name": "CVE-2024-29992",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29992"
},
{
"name": "CVE-2024-26193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26193"
},
{
"name": "CVE-2024-20685",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20685"
},
{
"name": "CVE-2024-28917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28917"
}
],
"initial_release_date": "2024-04-10T00:00:00",
"last_revision_date": "2024-04-10T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29989 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29989"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28917 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28917"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20685 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20685"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21424 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21424"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29993 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29993"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26193 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26193"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29992 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29992"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29990 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29990"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29063 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29063"
}
],
"reference": "CERTFR-2024-AVI-0291",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure du 09 avril 2024",
"url": null
}
]
}
CERTFR-2024-AVI-0207
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une usurpation d'identité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure Sentinel versions antérieures à OMS Agent pour Linux GA v1.19.0 | ||
| Microsoft | Azure | Azure SDK versions antérieures à 1.29.5 | ||
| Microsoft | Azure | Azure Kubernetes Service Confidential Containers versions antérieures à 0.3.3 | ||
| Microsoft | Azure | Azure Automation Update Management versions antérieures à OMS Agent pour Linux GA v1.19.0 | ||
| Microsoft | Azure | Azure Data Studio versions antérieures à 1.48.0 | ||
| Microsoft | Azure | Azure Security Center versions antérieures à OMS Agent pour Linux GA 1.19.0 | ||
| Microsoft | Azure | Azure Automation versions antérieures à OMS Agent pour Linux GA 1.19.0 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Sentinel versions ant\u00e9rieures \u00e0 OMS Agent pour Linux GA v1.19.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure SDK versions ant\u00e9rieures \u00e0 1.29.5",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Kubernetes Service Confidential Containers versions ant\u00e9rieures \u00e0 0.3.3",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Automation Update Management versions ant\u00e9rieures \u00e0 OMS Agent pour Linux GA v1.19.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Data Studio versions ant\u00e9rieures \u00e0 1.48.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Security Center versions ant\u00e9rieures \u00e0 OMS Agent pour Linux GA 1.19.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Automation versions ant\u00e9rieures \u00e0 OMS Agent pour Linux GA 1.19.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21400",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21400"
},
{
"name": "CVE-2024-21330",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21330"
},
{
"name": "CVE-2024-21421",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21421"
},
{
"name": "CVE-2024-26203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26203"
}
],
"initial_release_date": "2024-03-13T00:00:00",
"last_revision_date": "2024-03-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21400 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21400"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26203 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26203"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21330 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21421 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421"
}
],
"reference": "CERTFR-2024-AVI-0207",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une usurpation d\u0027identit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure du 12 mars 2024",
"url": null
}
]
}
CERTFR-2024-AVI-0130
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges, une exécution de code arbitraire à distance et une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure Connected Machine Agent | ||
| Microsoft | Azure | Azure File Sync v16.0 | ||
| Microsoft | Azure | Azure File Sync v14.0 | ||
| Microsoft | Azure | Microsoft Azure Active Directory B2C | ||
| Microsoft | Azure | Azure Kubernetes Service Confidential Containers | ||
| Microsoft | Azure | Azure File Sync v17.0 | ||
| Microsoft | Azure | Azure DevOps Server 2022.1 | ||
| Microsoft | Azure | Azure DevOps Server 2020.1.2 | ||
| Microsoft | Azure | Azure DevOps Server 2019.1.2 | ||
| Microsoft | Azure | Azure Stack Hub | ||
| Microsoft | Azure | Azure File Sync v15.0 | ||
| Microsoft | Azure | Azure Site Recovery |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Connected Machine Agent",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v16.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v14.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Azure Active Directory B2C",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Kubernetes Service Confidential Containers",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v17.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2022.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2020.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack Hub",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure File Sync v15.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Site Recovery",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21329"
},
{
"name": "CVE-2024-20667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20667"
},
{
"name": "CVE-2024-21364",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21364"
},
{
"name": "CVE-2024-21376",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21376"
},
{
"name": "CVE-2024-21381",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21381"
},
{
"name": "CVE-2024-21403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21403"
},
{
"name": "CVE-2024-20679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20679"
},
{
"name": "CVE-2024-21397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21397"
}
],
"initial_release_date": "2024-02-14T00:00:00",
"last_revision_date": "2024-02-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21381 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21381"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20667 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20667"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21403 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21403"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21329 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21329"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21376 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21376"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20679 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21364 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21364"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21397 du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21397"
}
],
"reference": "CERTFR-2024-AVI-0130",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code\narbitraire \u00e0 distance et une usurpation d\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 f\u00e9vrier 2024",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2024-AVI-0023
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans Microsoft Azure. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Storage Mover Agent",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20676"
}
],
"initial_release_date": "2024-01-10T00:00:00",
"last_revision_date": "2024-01-10T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-20676 du 09 janvier 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20676"
}
],
"reference": "CERTFR-2024-AVI-0023",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\nAzure\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 janvier 2024",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-1032
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Microsoft Azure. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure DevOps Server 2022.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2020.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21751"
}
],
"initial_release_date": "2023-12-14T00:00:00",
"last_revision_date": "2023-12-14T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-1032",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Microsoft Azure. Elle permet \u00e0\nun attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 d\u00e9cembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21751"
}
]
}
CERTFR-2023-AVI-1024
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Microsoft Azure. Elles permettent à un attaquant de provoquer une usurpation d'identité, une élévation de privilèges et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Connected Machine Agent",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Logic Apps",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Machine Learning SDK",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-35625",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35625"
},
{
"name": "CVE-2023-35624",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35624"
},
{
"name": "CVE-2023-36019",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36019"
}
],
"initial_release_date": "2023-12-13T00:00:00",
"last_revision_date": "2023-12-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35625 du 12 d\u00e9cembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35625"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36019 du 12 d\u00e9cembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36019"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35624 du 12 d\u00e9cembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35624"
}
],
"reference": "CERTFR-2023-AVI-1024",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une usurpation d\u0027identit\u00e9, une \u00e9l\u00e9vation de privil\u00e8ges et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 d\u00e9cembre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0946
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans Microsoft Azure. Elle permet à un attaquant de provoquer une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Pipelines Agent",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36437",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36437"
}
],
"initial_release_date": "2023-11-15T00:00:00",
"last_revision_date": "2023-11-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36437 du 14 novembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36437"
}
],
"reference": "CERTFR-2023-AVI-0946",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\nAzure\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 novembre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0829
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Microsoft Azure. Elles permettent à un attaquant de provoquer un déni de service, une élévation de privilèges et une exécution de code à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure DevOps Server 2020.0.2 | ||
| Microsoft | Azure | Azure Identity SDK pour Python | ||
| Microsoft | Azure | Azure RTOS GUIX Studio Installer Application | ||
| Microsoft | Azure | Azure Identity SDK pour JavaScript | ||
| Microsoft | Azure | Azure Identity SDK pour .NET | ||
| Microsoft | Azure | Azure RTOS GUIX Studio | ||
| Microsoft | Azure | Azure DevOps Server 2022.0.1 | ||
| Microsoft | Azure | Azure HDInsight | ||
| Microsoft | Azure | Azure Network Watcher VM Extension | ||
| Microsoft | Azure | Azure Identity SDK pour Java | ||
| Microsoft | Azure | Azure DevOps Server 2020.1.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure DevOps Server 2020.0.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Identity SDK pour Python",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure RTOS GUIX Studio Installer Application",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Identity SDK pour JavaScript",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Identity SDK pour .NET",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure RTOS GUIX Studio",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2022.0.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure HDInsight",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Network Watcher VM Extension",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Identity SDK pour Java",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2020.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36419",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36419"
},
{
"name": "CVE-2023-36414",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36414"
},
{
"name": "CVE-2023-36561",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36561"
},
{
"name": "CVE-2023-36737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36737"
},
{
"name": "CVE-2023-36418",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36418"
},
{
"name": "CVE-2023-36415",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36415"
}
],
"initial_release_date": "2023-10-11T00:00:00",
"last_revision_date": "2023-10-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36415 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36415"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36414 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36414"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36737 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36737"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36419 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36419"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36418 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36418"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36561 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36561"
}
],
"reference": "CERTFR-2023-AVI-0829",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer un d\u00e9ni de service, une \u00e9l\u00e9vation de privil\u00e8ges et une\nex\u00e9cution de code \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0830
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une usurpation d'identité, une exécution de code à distance, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 13 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.7 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 19 pour SQL Server | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (CU 4) | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour C# | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft | Azure | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connect Feature Pack | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (CU 4) | ||
| Microsoft | N/A | Skype pour Business Server 2019 CU7 | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 | ||
| Microsoft | N/A | Skype pour Business Server 2015 CU13 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server on MacOS | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 22) | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server on MacOS | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.0 | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour TypeScript | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 8) | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour Java | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server on Linux | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 18 pour SQL Server | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server on Linux | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (GDR) | ||
| Microsoft | N/A | Microsoft Common Data Model SDK pour Python |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 19 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (CU 4)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour C#",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connect Feature Pack",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (CU 4)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2019 CU7",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2015 CU13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server on MacOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 22)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server on MacOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour TypeScript",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour Java",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server on Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 18 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server on Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Common Data Model SDK pour Python",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36728"
},
{
"name": "CVE-2023-36429",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36429"
},
{
"name": "CVE-2023-36420",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36420"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-36730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36730"
},
{
"name": "CVE-2023-36789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36789"
},
{
"name": "CVE-2023-36778",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36778"
},
{
"name": "CVE-2023-36566",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36566"
},
{
"name": "CVE-2023-36780",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36780"
},
{
"name": "CVE-2023-36786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36786"
},
{
"name": "CVE-2023-36568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36568"
},
{
"name": "CVE-2023-38171",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
},
{
"name": "CVE-2023-36417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36417"
},
{
"name": "CVE-2023-41763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41763"
},
{
"name": "CVE-2023-36416",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36416"
},
{
"name": "CVE-2023-36785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36785"
},
{
"name": "CVE-2023-36433",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36433"
},
{
"name": "CVE-2023-36569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36569"
}
],
"initial_release_date": "2023-10-11T00:00:00",
"last_revision_date": "2023-10-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36728 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36420 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36785 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-41763 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36429 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36429"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36569 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36569"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36568 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36568"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36433 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36433"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36566 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36566"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36786 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36786"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-44487 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36730 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36789 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36789"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36416 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36416"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36778 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38171 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38171"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36417 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36780 du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36780"
}
],
"reference": "CERTFR-2023-AVI-0830",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une usurpation\nd\u0027identit\u00e9, une ex\u00e9cution de code \u00e0 distance, un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 octobre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0742
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Microsoft Azure. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure HDInsights | ||
| Microsoft | Azure | Azure DevOps Server 2019.0.1 | ||
| Microsoft | Azure | Azure DevOps Server 2020.0.2 | ||
| Microsoft | Azure | Azure Kubernetes Service | ||
| Microsoft | Azure | Azure DevOps Server 2022.0.1 | ||
| Microsoft | Azure | Azure DevOps Server 2020.1.2 | ||
| Microsoft | Azure | Azure DevOps Server 2019.1.2 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure HDInsights",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019.0.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2020.0.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Kubernetes Service",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2022.0.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2020.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-38156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38156"
},
{
"name": "CVE-2023-33136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33136"
},
{
"name": "CVE-2023-38155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38155"
},
{
"name": "CVE-2023-29332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29332"
}
],
"initial_release_date": "2023-09-13T00:00:00",
"last_revision_date": "2023-09-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-33136 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33136"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-29332 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38155 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38155"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38156 du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38156"
}
],
"reference": "CERTFR-2023-AVI-0742",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 septembre 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0644
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Microsoft Azure. Elles permettent à un attaquant de provoquer une élévation de privilèges et une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Arc-Enabled Servers",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure HDInsights",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019.0.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2022.0.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2020.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36877"
},
{
"name": "CVE-2023-35394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35394"
},
{
"name": "CVE-2023-38188",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38188"
},
{
"name": "CVE-2023-36881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36881"
},
{
"name": "CVE-2023-35393",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35393"
},
{
"name": "CVE-2023-36869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36869"
},
{
"name": "CVE-2023-38176",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38176"
}
],
"initial_release_date": "2023-08-09T00:00:00",
"last_revision_date": "2023-08-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35394 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35394"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38188 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38188"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36869 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36869"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-35393 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35393"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36877 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36877"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-38176 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38176"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36881 du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36881"
}
],
"reference": "CERTFR-2023-AVI-0644",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une \u00e9l\u00e9vation de privil\u00e8ges et une usurpation d\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 ao\u00fbt 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0535
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans Microsoft Azure. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Service Fabric 9.0 pour Windows",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Service Fabric 9.1 pour Windows",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-36868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36868"
}
],
"initial_release_date": "2023-07-12T00:00:00",
"last_revision_date": "2023-07-13T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-36868 du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36868"
}
],
"reference": "CERTFR-2023-AVI-0535",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-12T00:00:00.000000"
},
{
"description": "Correction de l\u0027identifiant de l\u0027avis.",
"revision_date": "2023-07-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eMicrosoft\nAzure\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 juillet 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0464
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Microsoft Azure. Elles permettent à un attaquant de provoquer une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure DevOps Server 2022",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2022.0.1",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2020.1.2",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21565"
},
{
"name": "CVE-2023-21569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21569"
}
],
"initial_release_date": "2023-06-14T00:00:00",
"last_revision_date": "2023-06-14T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21569 du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21569"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-21565 du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21565"
}
],
"reference": "CERTFR-2023-AVI-0464",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une usurpation d\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 juin 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0309
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données, une exécution de code à distance, une usurpation d'identité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 18) | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.5 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 19 pour SQL Server | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (CU 4) | ||
| Microsoft | N/A | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 (GDR) | ||
| Microsoft | N/A | Microsoft SQL Server 2008 R2 pour x64-Based Systems Service Pack 3 (QFE) | ||
| Microsoft | N/A | Microsoft SQL Server 2012 pour systèmes 32 bits Service Pack 4 (QFE) | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Raw Image Extension | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (CU 4) | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft Malware Protection Engine | ||
| Microsoft | N/A | Microsoft SQL Server 2008 pour x64-Based Systems Service Pack 4 (QFE) | ||
| Microsoft | N/A | Visual Studio Code | ||
| Microsoft | Azure | Microsoft SQL Server 2016 pour systèmes x64 Service Pack 3 Azure Connectivity Pack | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft SQL Server 2017 pour systèmes x64 (CU 31) | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) | ||
| Microsoft | N/A | Microsoft SQL Server 2008 pour systèmes 32 bits Service Pack 4 (QFE) | ||
| Microsoft | N/A | Microsoft SQL Server 2012 pour systèmes x64 Service Pack 4 (QFE) | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.0 | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server | ||
| Microsoft | N/A | Microsoft OLE DB Driver 18 pour SQL Server | ||
| Microsoft | N/A | Microsoft SQL Server 2008 R2 pour 32-Bit Systems Service Pack 3 (QFE) | ||
| Microsoft | N/A | Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (GDR) | ||
| Microsoft | N/A | Send Customer Voice survey from Dynamics 365 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 18)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 19 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (CU 4)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2008 R2 pour x64-Based Systems Service Pack 3 (QFE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2012 pour syst\u00e8mes 32 bits Service Pack 4 (QFE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Raw Image Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (CU 4)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Malware Protection Engine",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2008 pour x64-Based Systems Service Pack 4 (QFE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 3 Azure Connectivity Pack",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU 31)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2008 pour syst\u00e8mes 32 bits Service Pack 4 (QFE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2012 pour syst\u00e8mes x64 Service Pack 4 (QFE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 18 pour SQL Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2008 R2 pour 32-Bit Systems Service Pack 3 (QFE)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (GDR)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Send Customer Voice survey from Dynamics 365",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28262",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28262"
},
{
"name": "CVE-2023-23375",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23375"
},
{
"name": "CVE-2023-28287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28287"
},
{
"name": "CVE-2023-24860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24860"
},
{
"name": "CVE-2023-28291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28291"
},
{
"name": "CVE-2023-28313",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28313"
},
{
"name": "CVE-2023-28314",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28314"
},
{
"name": "CVE-2023-28285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28285"
},
{
"name": "CVE-2023-28299",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28299"
},
{
"name": "CVE-2023-28296",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28296"
},
{
"name": "CVE-2023-24893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24893"
},
{
"name": "CVE-2023-28263",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28263"
},
{
"name": "CVE-2023-28292",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28292"
},
{
"name": "CVE-2023-28304",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28304"
},
{
"name": "CVE-2023-28260",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28260"
},
{
"name": "CVE-2023-28295",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28295"
},
{
"name": "CVE-2023-28311",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28311"
},
{
"name": "CVE-2023-23384",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23384"
},
{
"name": "CVE-2023-28309",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28309"
}
],
"initial_release_date": "2023-04-12T00:00:00",
"last_revision_date": "2023-04-12T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28292 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28292"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28287 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28287"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28304 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28304"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28296 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24893 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24893"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28291 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28291"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23375 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23375"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28285 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28285"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-24860 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24860"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28262 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28262"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28314 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28314"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23384 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23384"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28309 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28309"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28260 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28260"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28295 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28295"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28313 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28313"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28263 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28311 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28311"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28299 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299"
}
],
"reference": "CERTFR-2023-AVI-0309",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, une\nusurpation d\u0027identit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0308
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Microsoft Azure. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la fonctionnalité de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Service Connector",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Machine Learning",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28312"
},
{
"name": "CVE-2023-28300",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28300"
}
],
"initial_release_date": "2023-04-12T00:00:00",
"last_revision_date": "2023-04-12T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28300 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28300"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-28312 du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28312"
}
],
"reference": "CERTFR-2023-AVI-0308",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un\ncontournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 avril 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2023-AVI-0233
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Microsoft Azure. Elles permettent à un attaquant de provoquer une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Service Fabric 9.1 pour Ubuntu",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure HDInsights",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Service Fabric 9.1 pour Windows",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-23383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23383"
},
{
"name": "CVE-2023-23408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23408"
}
],
"initial_release_date": "2023-03-15T00:00:00",
"last_revision_date": "2023-03-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23383 du 14 mars 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2023-23408 du 14 mars 2023",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23408"
}
],
"reference": "CERTFR-2023-AVI-0233",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une usurpation d\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mars 2023",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}