Refine your search
22 vulnerabilities found for SAP BusinessObjects Business Intelligence by SAP
CERTFR-2025-AVI-0285
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que la vulnérabilité CVE-2025-31324 est activement exploitée.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | S/4HANA (Private Cloud) | S/4HANA (Learning Solution) versions S4HCMGXX 100 et 101 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver Application Server ABAP (applications based on GUI for HTML) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.14 sans le dernier correctif de sécurité | ||
| SAP | SAP BusinessObjects Business Intelligence | BusinessObjects Business Intelligence platform (Central Management Console) versions ENTERPRISE 430 et 2025 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver Application Server ABAP (Virus Scan Interface) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver et ABAP | NetWeaver et ABAP Platform (Service Data Collection) versions ST-PI 2008_1_700, 2008_1_710 et 740 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver versions SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de sécurité | ||
| SAP | S4CORE entity | S4CORE entity versions S4CORE 107 et 108 sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité | ||
| SAP | ERP BW Business Content | ERP BW Business Content versions BI_CONT 707, 737, 747 et 757 sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud (Public Cloud) version COM_CLOUD 2211 sans le dernier correctif de sécurité | ||
| SAP | N/A | Field Logistics versions S4CORE 107 et 108 sans le dernier correctif | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver Application Server ABAP versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89 et 7.93 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver et ABAP | NetWeaver (Visual Composer development server) versions VCFRAMEWORK 7.50 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver et ABAP | NetWeaver et ABAP Platform (Application Server ABAP) versions KRNL64UC 7.53, KERNEL 7.53 et 7.54 sans le dernier correctif de sécurité | ||
| SAP | Solution Manager | Solution Manager versions ST 720, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 914 sans le dernier correctif de sécurité | ||
| SAP | Capital Yield Tax Management | Capital Yield Tax Management versions CYTERP 420_700, CYT 800, IBS 7.0 et CYT4HANA 100 sans le dernier correctif de sécurité | ||
| SAP | SAP BusinessObjects Business Intelligence | BusinessObjects Business Intelligence Platform version ENTERPRISE 430 sans le dernier correctif de sécurité | ||
| SAP | S/4HANA (Private Cloud) | S/4HANA (Private Cloud) versions S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de sécurité | ||
| SAP | CRM | CRM et S/4HANA (Interaction Center) versions S4CRM 100, 200, 204, 205, 206, S4FND 102, 103, 104, 105, 106, 107, 108, S4CEXT 107, 108, BBPCRM 701, 702, 712, 713, 714, WEBCUIF 701, 731, 746, 747, 748, 800 et 801 sans le dernier correctif de sécurité | ||
| SAP | KMC WPC | KMC WPC version KMC-WPC 7.50 sans le dernier correctif de sécurité | ||
| SAP | Landscape Transformation | Landscape Transformation (Analysis Platform) versions DMIS 2011_1_700, 2011_1_710, 2011_1_730 et 2011_1_731 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "S/4HANA (Learning Solution) versions S4HCMGXX 100 et 101 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA (Private Cloud)",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server ABAP (applications based on GUI for HTML) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.14 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence platform (Central Management Console) versions ENTERPRISE 430 et 2025 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server ABAP (Virus Scan Interface) versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver et ABAP Platform (Service Data Collection) versions ST-PI 2008_1_700, 2008_1_710 et 740 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver et ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver versions SAP_ABA 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S4CORE entity versions S4CORE 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S4CORE entity",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "ERP BW Business Content versions BI_CONT 707, 737, 747 et 757 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "ERP BW Business Content",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud (Public Cloud) version COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9\n",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Field Logistics versions S4CORE 107 et 108 sans le dernier correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server ABAP versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89 et 7.93 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver (Visual Composer development server) versions VCFRAMEWORK 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver et ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver et ABAP Platform (Application Server ABAP) versions KRNL64UC 7.53, KERNEL 7.53 et 7.54 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver et ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Solution Manager versions ST 720, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 914 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Solution Manager",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Capital Yield Tax Management versions CYTERP 420_700, CYT 800, IBS 7.0 et CYT4HANA 100 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Capital Yield Tax Management",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform version ENTERPRISE 430 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA (Private Cloud) versions S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA (Private Cloud)",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "CRM et S/4HANA (Interaction Center) versions S4CRM 100, 200, 204, 205, 206, S4FND 102, 103, 104, 105, 106, 107, 108, S4CEXT 107, 108, BBPCRM 701, 702, 712, 713, 714, WEBCUIF 701, 731, 746, 747, 748, 800 et 801 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "CRM",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "KMC WPC version KMC-WPC 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "KMC WPC",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Landscape Transformation (Analysis Platform) versions DMIS 2011_1_700, 2011_1_710, 2011_1_730 et 2011_1_731 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Landscape Transformation",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que la vuln\u00e9rabilit\u00e9 CVE-2025-31324 est activement exploit\u00e9e.",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30015"
},
{
"name": "CVE-2025-31333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31333"
},
{
"name": "CVE-2025-27429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27429"
},
{
"name": "CVE-2025-27428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27428"
},
{
"name": "CVE-2025-0064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0064"
},
{
"name": "CVE-2025-23186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23186"
},
{
"name": "CVE-2025-27435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27435"
},
{
"name": "CVE-2025-26654",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26654"
},
{
"name": "CVE-2025-26653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26653"
},
{
"name": "CVE-2025-31324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31324"
},
{
"name": "CVE-2025-30014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30014"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2025-27437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27437"
},
{
"name": "CVE-2025-30016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30016"
},
{
"name": "CVE-2025-31332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31332"
},
{
"name": "CVE-2025-26657",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26657"
},
{
"name": "CVE-2025-31328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31328"
},
{
"name": "CVE-2025-30013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30013"
},
{
"name": "CVE-2025-30017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30017"
},
{
"name": "CVE-2025-27430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27430"
},
{
"name": "CVE-2025-31331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31331"
},
{
"name": "CVE-2025-31330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31330"
},
{
"name": "CVE-2025-31327",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31327"
}
],
"initial_release_date": "2025-04-08T00:00:00",
"last_revision_date": "2025-04-25T00:00:00",
"links": [
{
"title": "FAQ sur l\u0027exploitation de la vuln\u00e9rabilit\u00e9 CVE-2025-31324",
"url": "https://me.sap.com/notes/3596125"
}
],
"reference": "CERTFR-2025-AVI-0285",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-08T00:00:00.000000"
},
{
"description": "Ajout des vuln\u00e9rabilit\u00e9s CVE-2025-31324, CVE-2025-31328 et CVE-2025-31327",
"revision_date": "2025-04-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2025-04-08",
"title": "Bulletin de s\u00e9curit\u00e9 SAP april-2025",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2025.html"
}
]
}
CERTFR-2024-AVI-0754
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAP pour Oil & Gas | SAP pour Oil & Gas versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807 et 807 sans le dernier correctif de sécurité | ||
| SAP | Commerce Cloud | Commerce Cloud versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 et COM_CLOUD 2211 sans le dernier correctif de sécurité | ||
| SAP | Business Warehouse | Business Warehouse (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité | ||
| SAP | S/4HANA (Manage Incoming Payment Files) | S/4 HANA version 900 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver BW | NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de sécurité | ||
| SAP | SAP NetWeaver AS Java | NetWeaver AS pour Java (Destination Service et Logon Application) version 7.50 sans le dernier correctif de sécurité | ||
| SAP | SAP BusinessObjects Business Intelligence | BusinessObjects Business Intelligence Platform version 430 sans le dernier correctif de sécurité | ||
| SAP | SAP Student Life Cycle Management | Student Life Cycle Management (SLcM) versions 617, 618, 800, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de sécurité | ||
| SAP | SAP BusinessObjects Business Intelligence | BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 440 sans le dernier correctif de sécurité | ||
| SAP | Replication Server | Replication Server versions 16.0.3 et 16.0.4 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server ABAP et ABAP Platform | SAP NetWeaver Application Server pour ABAP et ABAP Platform, Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 sans le dernier correctif de sécurité | ||
| SAP | Production et Revenue Accounting | Production et Revenue Accounting (Tobin interface) versions S4CEXT 106, S4CEXT 107, S4CEXT 108, IS-PRA 605, IS-PRA 606, IS-PRA 616, IS-PRA 617, IS-PRA 618, IS-PRA 800, IS-PRA 801, IS-PRA 802, IS-PRA 803, IS-PRA 804 et IS-PRA 805 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Enterprise Portal | NetWeaver Enterprise Portal version 7.50 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver Application Server pour ABAP (CRM Blueprint Application Builder Panel) versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de sécurité | ||
| SAP | S/4HANA eProcurement | S/4HANA eProcurement versions SAP_APPL 606, SAP_APPL 617, SAP_APPL 618, S4CORE 102, S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107 et S4CORE 108 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP pour Oil \u0026 Gas versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807 et 807 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP pour Oil \u0026 Gas",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Commerce Cloud versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Warehouse (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Business Warehouse",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4 HANA version 900 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA (Manage Incoming Payment Files)",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver BW",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver AS pour Java (Destination Service et Logon Application) version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform version 430 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Student Life Cycle Management (SLcM) versions 617, 618, 800, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP Student Life Cycle Management",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 440 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Replication Server versions 16.0.3 et 16.0.4 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Replication Server",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server pour ABAP et ABAP Platform, Versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, 912 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server ABAP et ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Production et Revenue Accounting (Tobin interface) versions S4CEXT 106, S4CEXT 107, S4CEXT 108, IS-PRA 605, IS-PRA 606, IS-PRA 616, IS-PRA 617, IS-PRA 618, IS-PRA 800, IS-PRA 801, IS-PRA 802, IS-PRA 803, IS-PRA 804 et IS-PRA 805 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Production et Revenue Accounting",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Enterprise Portal version 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server pour ABAP (CRM Blueprint Application Builder Panel) versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H et 75I sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA eProcurement versions SAP_APPL 606, SAP_APPL 617, SAP_APPL 618, S4CORE 102, S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107 et S4CORE 108 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA eProcurement",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45281"
},
{
"name": "CVE-2024-44115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44115"
},
{
"name": "CVE-2024-45279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45279"
},
{
"name": "CVE-2024-44117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44117"
},
{
"name": "CVE-2024-33003",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33003"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45285"
},
{
"name": "CVE-2024-45286",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45286"
},
{
"name": "CVE-2024-44116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44116"
},
{
"name": "CVE-2024-44113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44113"
},
{
"name": "CVE-2024-41729",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41729"
},
{
"name": "CVE-2024-44112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44112"
},
{
"name": "CVE-2024-41728",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41728"
},
{
"name": "CVE-2024-42371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42371"
},
{
"name": "CVE-2024-42380",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42380"
},
{
"name": "CVE-2024-45280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45280"
},
{
"name": "CVE-2024-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45283"
},
{
"name": "CVE-2013-3587",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3587"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2024-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45284"
},
{
"name": "CVE-2024-44114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44114"
},
{
"name": "CVE-2024-41730",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41730"
},
{
"name": "CVE-2024-44121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44121"
},
{
"name": "CVE-2024-42378",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42378"
},
{
"name": "CVE-2024-44120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44120"
}
],
"initial_release_date": "2024-09-10T00:00:00",
"last_revision_date": "2024-09-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0754",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2024-09-09",
"title": "Bulletin de s\u00e9curit\u00e9 SAP",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html"
}
]
}
CERTFR-2024-AVI-0477
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | S/4HANA (Manage Incoming Payment Files) | S/4HANA (Manage Incoming Payment Files) versions S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de sécurité | ||
| SAP | SAP Document Builder | Document Builder versions S4CORE 100, 101, S4FND 102, 103, 104, 105, 106, 107, 108, SAP_BS_FND 702, 731, 746, 747 et 748 sans le dernier correctif de sécurité | ||
| SAP | SAP NetWeaver AS Java | SAP NetWeaver AS Java version GP-CORE 7.5 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server ABAP et ABAP Platform | SAP NetWeaver Application Server ABAP et ABAP Platform versions ST-PI 2008_1_700, 2008_1_710 et 740 sans le dernier correctif de sécurité | ||
| SAP | Central Finance Infrastructure Components | Central Finance Infrastructure Components versions SAP_FIN 720, 730, SAPSCORE 114, S4CORE 100, 101 et 102 sans le dernier correctif de sécurité | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions ENTERPRISE 420, 430 et 440 sans le dernier correctif de sécurité | ||
| SAP | NetWeaver Application Server ABAP et ABAP Platform | SAP NetWeaver Application Server ABAP and ABAP Platform versions SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 795 et SAP_BASIS 796 sans le dernier correctif de sécurité | ||
| SAP | SAP NetWeaver AS Java | SAP NetWeaver AS Java version MMR_SERVER 7.5 sans le dernier correctif de sécurité | ||
| SAP | SAP Financial Consolidation | Financial Consolidation version FINANCE 1010 sans le dernier correctif de sécurité | ||
| SAP | SAP BW/4HANA Transformation et Data Transfer Process | BW/4HANA Transformation et Data Transfer Process versions DW4CORE 200, 300, 400, 796, SAP_BW 740, 750, 751, 752, 753, 754, 755, 756, 757 et 758 sans le dernier correctif de sécurité | ||
| SAP | SAP Student Life Cycle Management | Student Life Cycle Management versions IS-PS-CA 617, 618, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de sécurité | ||
| SAP | SAP CRM WebClient UI | CRM WebClient UI versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF 700, 701, 730, 731, 746, 747, 748, 800 et 801 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "S/4HANA (Manage Incoming Payment Files) versions S4CORE 102, 103, 104, 105, 106, 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "S/4HANA (Manage Incoming Payment Files)",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Document Builder versions S4CORE 100, 101, S4FND 102, 103, 104, 105, 106, 107, 108, SAP_BS_FND 702, 731, 746, 747 et 748 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP Document Builder",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS Java version GP-CORE 7.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server ABAP et ABAP Platform versions ST-PI 2008_1_700, 2008_1_710 et 740 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server ABAP et ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Central Finance Infrastructure Components versions SAP_FIN 720, 730, SAPSCORE 114, S4CORE 100, 101 et 102 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Central Finance Infrastructure Components",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform versions ENTERPRISE 420, 430 et 440 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server ABAP and ABAP Platform versions SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 795 et SAP_BASIS 796 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "NetWeaver Application Server ABAP et ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS Java version MMR_SERVER 7.5 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Financial Consolidation version FINANCE 1010 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP Financial Consolidation",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BW/4HANA Transformation et Data Transfer Process versions DW4CORE 200, 300, 400, 796, SAP_BW 740, 750, 751, 752, 753, 754, 755, 756, 757 et 758 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP BW/4HANA Transformation et Data Transfer Process",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Student Life Cycle Management versions IS-PS-CA 617, 618, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP Student Life Cycle Management",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "CRM WebClient UI versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF 700, 701, 730, 731, 746, 747, 748, 800 et 801 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "SAP CRM WebClient UI",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37176"
},
{
"name": "CVE-2024-34691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34691"
},
{
"name": "CVE-2024-37177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37177"
},
{
"name": "CVE-2024-34686",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34686"
},
{
"name": "CVE-2024-34683",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34683"
},
{
"name": "CVE-2024-34688",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34688"
},
{
"name": "CVE-2024-32733",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32733"
},
{
"name": "CVE-2024-34684",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34684"
},
{
"name": "CVE-2024-33001",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33001"
},
{
"name": "CVE-2024-34690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34690"
},
{
"name": "CVE-2024-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28164"
}
],
"initial_release_date": "2024-06-11T00:00:00",
"last_revision_date": "2024-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0477",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2024-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 SAP june-2024",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2024.html"
}
]
}
CERTFR-2023-AVI-0737
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Business Objects Business Intelligence Platform (CMC) versions 420 et 430 | ||
| SAP | N/A | SAP S/4HANA (Create Single Payment application) versions 100, 101, 102, 103, 104, 105, 106, 107 et 108 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (versions Management System) versions 430 | ||
| SAP | N/A | SAPExtended Application Services and Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00 | ||
| SAP | N/A | SAP NetWeaver Process Integration versions 7.50 | ||
| SAP | N/A | SAPHANA Database versions 2.0 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430 | ||
| SAP | N/A | SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89 | ||
| SAP | N/A | S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106 et 107 | ||
| SAP | N/A | SAP Business Client versions 6.5, 7.0 et 7.70 | ||
| SAP | N/A | SAP NetWeaver AS ABAP (applications based on Unified Rendering) versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702 et SAP_BASIS 731 | ||
| SAP | N/A | SAP NetWeaver (Guided Procedures) versions 7.50 | ||
| SAP | N/A | SAPUI5 versions SAP_UI 750, SAP_UI 753, SAP_UI 754, SAP_UI 755, SAP_UI 756 et UI_700 200 | ||
| SAP | N/A | SAPSSOEXT versions 17 | ||
| SAP | N/A | Product-SAP BusinessObjects Suite (Installer) versions 420 et 430 | ||
| SAP | N/A | SAP Quotation Management Insurance (FS-QUO) versions 400, 510, 700 et 800 | ||
| SAP | N/A | SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106 | ||
| SAP | N/A | SAPHost Agent versions 722 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions 420 | ||
| SAP | N/A | SAPContent Server versions 6.50, 7.53, 7.54 | ||
| SAP | N/A | SAP PowerDesignerClient versions 16.7 | ||
| SAP | N/A | S4 HANA ABAP (Manage checkbook apps) versions 102, 103, 104, 105, 106 et 107 | ||
| SAP | SAP NetWeaver AS Java | SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22 et KERNEL64NUC 7.22EXT |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Business Objects Business Intelligence Platform (CMC) versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Create Single Payment application) versions 100, 101, 102, 103, 104, 105, 106, 107 et 108",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (versions Management System) versions 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPExtended Application Services and Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Process Integration versions 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPHANA Database versions 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106 et 107",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client versions 6.5, 7.0 et 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP (applications based on Unified Rendering) versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702 et SAP_BASIS 731",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Guided Procedures) versions 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions SAP_UI 750, SAP_UI 753, SAP_UI 754, SAP_UI 755, SAP_UI 756 et UI_700 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPSSOEXT versions 17",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Product-SAP BusinessObjects Suite (Installer) versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Quotation Management Insurance (FS-QUO) versions 400, 510, 700 et 800",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPHost Agent versions 722",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions 420",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPContent Server versions 6.50, 7.53, 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP PowerDesignerClient versions 16.7",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S4 HANA ABAP (Manage checkbook apps) versions 102, 103, 104, 105, 106 et 107",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22 et KERNEL64NUC 7.22EXT",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-40309",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40309"
},
{
"name": "CVE-2023-25616",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25616"
},
{
"name": "CVE-2023-40306",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40306"
},
{
"name": "CVE-2021-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41182"
},
{
"name": "CVE-2023-41367",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41367"
},
{
"name": "CVE-2023-40624",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40624"
},
{
"name": "CVE-2023-41369",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41369"
},
{
"name": "CVE-2023-40621",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40621"
},
{
"name": "CVE-2023-41368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41368"
},
{
"name": "CVE-2022-41272",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41272"
},
{
"name": "CVE-2023-37489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37489"
},
{
"name": "CVE-2023-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42472"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2021-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41183"
},
{
"name": "CVE-2023-40308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40308"
},
{
"name": "CVE-2023-40622",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40622"
},
{
"name": "CVE-2023-40625",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40625"
},
{
"name": "CVE-2023-40623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40623"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
}
],
"initial_release_date": "2023-09-13T00:00:00",
"last_revision_date": "2023-09-13T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0737",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2023-09-12",
"title": "Bulletin de s\u00e9curit\u00e9 SAP",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026d=2023-09-13"
}
]
}
CERTFR-2023-AVI-0454
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Knowledge Warehouse versions 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | Master Data Synchronization (MDS COMPARE TOOL) versions SAP_APPL 600, 602, 603, 604, 605, 606 et 616 | ||
| SAP | N/A | SAP CRM (WebClient UI) versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800 et WEBCUIF 80 | ||
| SAP | N/A | SAP CRM ABAP (Grantor Management) version 430 | ||
| SAP | N/A | SAP NetWeaver (Change and Transport System) versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757 | ||
| SAP | N/A | SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106 | ||
| SAP | N/A | SAP NetWeaver (Design Time Repository) version 7.50 | ||
| SAP | N/A | SAP UI5 Variant Management versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions 420 et 430 | ||
| SAP | N/A | SAP Plant Connectivity version 15.5 | ||
| SAP | NetWeaver Enterprise Portal | SAP NetWeaver Enterprise Portal version 7.50 | ||
| SAP | N/A | SAPUI5 versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Knowledge Warehouse versions 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Master Data Synchronization (MDS COMPARE TOOL) versions SAP_APPL 600, 602, 603, 604, 605, 606 et 616",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP CRM (WebClient UI) versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800 et WEBCUIF 80",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP CRM ABAP (Grantor Management) version 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Change and Transport System) versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Design Time Repository) version 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP UI5 Variant Management versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Plant Connectivity version 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Enterprise Portal version 7.50",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-42063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42063"
},
{
"name": "CVE-2023-32115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32115"
},
{
"name": "CVE-2023-33991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33991"
},
{
"name": "CVE-2023-33986",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33986"
},
{
"name": "CVE-2023-2827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2827"
},
{
"name": "CVE-2023-30743",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30743"
},
{
"name": "CVE-2023-33984",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33984"
},
{
"name": "CVE-2023-30742",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30742"
},
{
"name": "CVE-2023-32114",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32114"
},
{
"name": "CVE-2023-31406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31406"
},
{
"name": "CVE-2022-22542",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22542"
},
{
"name": "CVE-2023-33985",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33985"
}
],
"initial_release_date": "2023-06-14T00:00:00",
"last_revision_date": "2023-06-14T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0454",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 13 juin 2023",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1"
}
]
}
CERTFR-2023-AVI-0369
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP 3D Visual Enterprise License Manager version 15 | ||
| SAP | N/A | SAP Commerce versions 2211, 2105 et 2205 | ||
| SAP | N/A | SAP Application Interface Framework (ODATA service) versions 755 et 756 | ||
| SAP | N/A | SAP Commerce (Backoffice) versions 2105 et 2205 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions 420 et 430 | ||
| SAP | SAP CRM WebClient UI | SAP CRM WebClient UI versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800 et WEBCUIF 80 | ||
| SAP | N/A | SAPUI5 versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 20 | ||
| SAP | N/A | SAP GUI pour Windows versions 7.70 et 8.0 | ||
| SAP | N/A | SAP IBP EXCEL ADD-IN versions 2211, 2302 et 2305 | ||
| SAP | N/A | SAP BusinessObjects Intelligence Platform versions 420 et 430 | ||
| SAP | N/A | SAP AS NetWeaver JAVA versions SERVERCORE 7.50, J2EE-FRMW 7.50 et CORE-TOOLS 7.50 | ||
| SAP | N/A | Vendor Master Hierarchy versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618 et S4CORE 100 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Central Management Service) versions 420 et 430 | ||
| SAP | N/A | SAP PowerDesigner (Proxy) version 16.7 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP 3D Visual Enterprise License Manager version 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 2211, 2105 et 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Application Interface Framework (ODATA service) versions 755 et 756",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce (Backoffice) versions 2105 et 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP CRM WebClient UI versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800 et WEBCUIF 80",
"product": {
"name": "SAP CRM WebClient UI",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 20",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP GUI pour Windows versions 7.70 et 8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP IBP EXCEL ADD-IN versions 2211, 2302 et 2305",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Intelligence Platform versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP AS NetWeaver JAVA versions SERVERCORE 7.50, J2EE-FRMW 7.50 et CORE-TOOLS 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Vendor Master Hierarchy versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618 et S4CORE 100",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Central Management Service) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP PowerDesigner (Proxy) version 16.7",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44155"
},
{
"name": "CVE-2023-31407",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31407"
},
{
"name": "CVE-2023-30741",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30741"
},
{
"name": "CVE-2021-44152",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44152"
},
{
"name": "CVE-2022-41966",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
},
{
"name": "CVE-2023-29188",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29188"
},
{
"name": "CVE-2023-29080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29080"
},
{
"name": "CVE-2022-27667",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27667"
},
{
"name": "CVE-2021-44151",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44151"
},
{
"name": "CVE-2023-30744",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30744"
},
{
"name": "CVE-2022-32244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32244"
},
{
"name": "CVE-2023-30740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30740"
},
{
"name": "CVE-2023-30743",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30743"
},
{
"name": "CVE-2021-44153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44153"
},
{
"name": "CVE-2022-39014",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39014"
},
{
"name": "CVE-2023-31404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31404"
},
{
"name": "CVE-2023-30742",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30742"
},
{
"name": "CVE-2023-32113",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32113"
},
{
"name": "CVE-2023-28764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28764"
},
{
"name": "CVE-2023-29111",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29111"
},
{
"name": "CVE-2022-31596",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31596"
},
{
"name": "CVE-2023-31406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31406"
},
{
"name": "CVE-2023-32112",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32112"
},
{
"name": "CVE-2023-32111",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32111"
},
{
"name": "CVE-2023-28762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28762"
},
{
"name": "CVE-2021-44154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44154"
}
],
"initial_release_date": "2023-05-10T00:00:00",
"last_revision_date": "2023-05-10T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0369",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP 2023-05-10 du 10 mai 2023",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1"
}
]
}
CERTFR-2023-AVI-0301
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Web Dispatcher and Internet Communication Manager versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22,7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21,7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82,7.83, KERNEL 7.21, 7.22,7.49, 7.53, 7.73, 7.77, 7.81, 7.82 et 7.83 | ||
| SAP | N/A | SAP NetWeaver Process Integration version 7.50 | ||
| SAP | N/A | SAP Commerce versions 1905, 2005 et 2011 | ||
| SAP | N/A | SAP Application Interface Framework (Message Monitoring and Message Monitoring for Administrators Application versions 600 et 700 | ||
| SAP | N/A | SAP NetWeaver AS for ABAP and ABAP Platform versions 740, 750, 751, 752, 753, 754, 755, 756, 757 et 791 | ||
| SAP | N/A | SAP Landscape Management version 3.0 | ||
| SAP | N/A | SAP Application Interface Framework (ODATA service) versions 755 et 756 | ||
| SAP | N/A | SAP NetWeaver AS for ABAP (Business Server Pages) versions 700, 701, 702, 731, 740,750, 751, 752, 753, 754, 755, 756 et 757 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430 | ||
| SAP | SAP NetWeaver AS Java | SAP NetWeaver AS Java for Deploy Service version 7.50 | ||
| SAP | N/A | SAP Business Client versions 6.5, 7.0 et 7.70 | ||
| SAP | N/A | SAP Application Interface Framework (Log Message View of Message Dashboard) versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D et 75E | ||
| SAP | N/A | SAP CRM versions 700, 701, 702, 712 et 713 | ||
| SAP | N/A | SapSetup (Software Installation Program) version 9.0 | ||
| SAP | N/A | SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector) version 720 | ||
| SAP | N/A | SAP HCM Fiori App My Forms (Fiori 2.0) version 605 | ||
| SAP | NetWeaver Enterprise Portal | SAP NetWeaver Enterprise Portal version 7.50 | ||
| SAP | N/A | SAP CRM (WebClient UI) versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800 et 801 | ||
| SAP | N/A | SAP NetWeaver (BI CONT ADDON) versions 707, 737, 747 et 757 | ||
| SAP | N/A | SAP GUI for HTML versions KERNEL 7.22, 7.53, 7.547.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22 et 7.22EXT | ||
| SAP | N/A | SAP Application Interface Framework (Custom Hint of Message Dashboard Application versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D et 75E | ||
| SAP | N/A | SAP NetWeaver Application Server for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757 et 791 | ||
| SAP | N/A | ABAP Platform and SAP Web Dispatcher versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89 et 7.91 | ||
| SAP | N/A | SAP Fiori apps 1.0 for travel management in SAP ERP (My Travel Requests) version 600 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Web Dispatcher and Internet Communication Manager versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22,7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21,7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82,7.83, KERNEL 7.21, 7.22,7.49, 7.53, 7.73, 7.77, 7.81, 7.82 et 7.83",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Process Integration version 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 1905, 2005 et 2011",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Application Interface Framework (Message Monitoring and Message Monitoring for Administrators Application versions 600 et 700",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS for ABAP and ABAP Platform versions 740, 750, 751, 752, 753, 754, 755, 756, 757 et 791",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Landscape Management version 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Application Interface Framework (ODATA service) versions 755 et 756",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS for ABAP (Business Server Pages) versions 700, 701, 702, 731, 740,750, 751, 752, 753, 754, 755, 756 et 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS Java for Deploy Service version 7.50",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client versions 6.5, 7.0 et 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Application Interface Framework (Log Message View of Message Dashboard) versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D et 75E",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP CRM versions 700, 701, 702, 712 et 713",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SapSetup (Software Installation Program) version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector) version 720",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP HCM Fiori App My Forms (Fiori 2.0) version 605",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Enterprise Portal version 7.50",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP CRM (WebClient UI) versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800 et 801",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (BI CONT ADDON) versions 707, 737, 747 et 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP GUI for HTML versions KERNEL 7.22, 7.53, 7.547.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22 et 7.22EXT",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Application Interface Framework (Custom Hint of Message Dashboard Application versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D et 75E",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757 et 791",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "ABAP Platform and SAP Web Dispatcher versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89 et 7.91",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Fiori apps 1.0 for travel management in SAP ERP (My Travel Requests) version 600",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-24527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24527"
},
{
"name": "CVE-2023-29185",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29185"
},
{
"name": "CVE-2023-29189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29189"
},
{
"name": "CVE-2023-29109",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29109"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-27897",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27897"
},
{
"name": "CVE-2023-29187",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29187"
},
{
"name": "CVE-2022-41272",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41272"
},
{
"name": "CVE-2023-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24528"
},
{
"name": "CVE-2023-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26458"
},
{
"name": "CVE-2023-29186",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29186"
},
{
"name": "CVE-2021-33683",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33683"
},
{
"name": "CVE-2023-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27267"
},
{
"name": "CVE-2023-28763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28763"
},
{
"name": "CVE-2023-29110",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29110"
},
{
"name": "CVE-2023-27499",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27499"
},
{
"name": "CVE-2023-28761",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28761"
},
{
"name": "CVE-2023-27269",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27269"
},
{
"name": "CVE-2023-27497",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27497"
},
{
"name": "CVE-2023-1903",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1903"
},
{
"name": "CVE-2023-29111",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29111"
},
{
"name": "CVE-2023-29108",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29108"
},
{
"name": "CVE-2023-28765",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28765"
},
{
"name": "CVE-2023-29112",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29112"
}
],
"initial_release_date": "2023-04-12T00:00:00",
"last_revision_date": "2023-04-12T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0301",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 11 avril 2023",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1"
}
]
}
CERTFR-2023-AVI-0019
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Central management console) versions 420 et 430 | ||
| SAP | N/A | SAP NetWeaver AS for Java version 7.50 | ||
| SAP | N/A | SAP NetWeaver Process Integration version 7.50 | ||
| SAP | N/A | SAP NetWeaver ABAP Server et ABAP Platform versions SAP_BASIS 700, 701, 702,710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22 et 7.22EXT | ||
| SAP | N/A | SAP NetWeaver AS pour ABAP et ABAP Platform versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence platform (Analysis edition pour OLAP) versions 420 et 430 | ||
| SAP | N/A | SAP BPC MS 10.0 versions 800 et 810 | ||
| SAP | N/A | SAP Bank Account Management (Manage Banks) versions 800 et 900 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Central Management Console et BI Launchpad) versions 4.2 et 4.3 | ||
| SAP | N/A | SAP Host Agent (Windows) versions 7.21 et 7.22 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform version 420 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP BusinessObjects Business Intelligence Platform (Central management console) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS for Java version 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Process Integration version 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server et ABAP Platform versions SAP_BASIS 700, 701, 702,710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22 et 7.22EXT",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS pour ABAP et ABAP Platform versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence platform (Analysis edition pour OLAP) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BPC MS 10.0 versions 800 et 810",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Bank Account Management (Manage Banks) versions 800 et 900",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Central Management Console et BI Launchpad) versions 4.2 et 4.3",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Host Agent (Windows) versions 7.21 et 7.22",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform version 420",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41203"
},
{
"name": "CVE-2023-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0015"
},
{
"name": "CVE-2023-0022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0022"
},
{
"name": "CVE-2022-41272",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41272"
},
{
"name": "CVE-2022-41271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41271"
},
{
"name": "CVE-2023-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0014"
},
{
"name": "CVE-2023-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0023"
},
{
"name": "CVE-2023-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0012"
},
{
"name": "CVE-2023-0018",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0018"
},
{
"name": "CVE-2023-0017",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0017"
},
{
"name": "CVE-2023-0016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0016"
},
{
"name": "CVE-2023-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0013"
}
],
"initial_release_date": "2023-01-11T00:00:00",
"last_revision_date": "2023-01-11T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0019",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 10 janvier 2023",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1"
}
]
}
CERTFR-2022-AVI-1101
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Sourcing and SAP Contract Lifecycle Management version 1100 | ||
| SAP | N/A | SAP Business Objects Business Intelligence Platform (Web intelligence) versions 420, 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions 420, 430 | ||
| SAP | N/A | SAP Commerce Webservices 2.0 (Swagger UI) versions 1905, 2005, 2105, 2011, 2205 | ||
| SAP | N/A | SAP NetWeaver Process Integration version 7.50 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Program Objects) versions 420, 430 | ||
| SAP | N/A | SAP NetWeaver AS pour Java (Http Provider Service) version 7.50 | ||
| SAP | N/A | SAP Solution Manager (Diagnostic Agent) version 7.20 | ||
| SAP | N/A | SAP Commerce versions 1905, 2005, 2105, 2011, 2205 | ||
| SAP | N/A | SAP Solution Manager (Enterprise Search) versions 740, 750 | ||
| SAP | N/A | SAP Disclosure Management version 10.1 | ||
| SAP | N/A | SAP Business Client versions 6.5, 7.0, 7.70 | ||
| SAP | N/A | SAP NetWeaver AS ABAP (Business ServerPages Test Application IT00) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757 | ||
| SAP | N/A | SAPUI5 versions 754, 755, 756, 757 | ||
| SAP | N/A | SAP Business Planning et Consolidation versions SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 8103229132 | ||
| SAP | N/A | SAPBASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791 | ||
| SAP | N/A | SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750-757, 789, 790 | ||
| SAP | N/A | SAPUI5 CLIENT RUNTIME versions 600, 700, 800, 900, 1000 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Sourcing and SAP Contract Lifecycle Management version 1100",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Objects Business Intelligence Platform (Web intelligence) versions 420, 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform versions 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce Webservices 2.0 (Swagger UI) versions 1905, 2005, 2105, 2011, 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Process Integration version 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Program Objects) versions 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS pour Java (Http Provider Service) version 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Solution Manager (Diagnostic Agent) version 7.20",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 1905, 2005, 2105, 2011, 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Solution Manager (Enterprise Search) versions 740, 750",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Disclosure Management version 10.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client versions 6.5, 7.0, 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP (Business ServerPages Test Application IT00) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions 754, 755, 756, 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Planning et Consolidation versions SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 8103229132",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPBASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750-757, 789, 790",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 CLIENT RUNTIME versions 600, 700, 800, 900, 1000",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41266"
},
{
"name": "CVE-2022-41273",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41273"
},
{
"name": "CVE-2022-41272",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41272"
},
{
"name": "CVE-2022-41263",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41263"
},
{
"name": "CVE-2022-41261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41261"
},
{
"name": "CVE-2022-41264",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41264"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2022-41268",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41268"
},
{
"name": "CVE-2022-41275",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41275"
},
{
"name": "CVE-2022-41271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41271"
},
{
"name": "CVE-2020-6215",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6215"
},
{
"name": "CVE-2022-39013",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39013"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-41262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41262"
},
{
"name": "CVE-2022-41215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41215"
},
{
"name": "CVE-2022-41274",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41274"
},
{
"name": "CVE-2022-41267",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41267"
}
],
"initial_release_date": "2022-12-14T00:00:00",
"last_revision_date": "2022-12-14T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1101",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 13 d\u00e9cembre 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026todaysdate=2022-12-14"
}
]
}
CERTFR-2022-AVI-1020
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP SuccessFactors attachmentAPI pour Mobile Application (Android et iOS) versions antérieures à 8.1.2 | ||
| SAP | N/A | SAP Biller Direct versions-635, 750 | ||
| SAP | N/A | SAP Commerce versions 1905, 2005, 2105, 2011, 2205 | ||
| SAP | N/A | SAP GUI pour Windows version 7.70 | ||
| SAP | N/A | SAP SQL Anywhere version 17.0 | ||
| SAP | SAP Financial Consolidation | SAP Financial Consolidation version 1010 | ||
| SAP | NetWeaver Application Server ABAP et ABAP Platform | SAP NetWeaver Application Server ABAP et ABAP Platform versions 700, 731, 804, 740, 750, 789 | ||
| SAP | N/A | SAP NetWeaver ABAP Server et ABAP Platform versions 700, 731, 740, 750, 789 | ||
| SAP | N/A | SAP 3D Visual Enterprise Author,Version 9.0 | ||
| SAP | N/A | SAP 3D Visual Enterprise Viewer,Version 9.0 | ||
| SAP | N/A | SAPUI5 versions 754, 755, 756, 757 | ||
| SAP | N/A | SAPUI5 CLIENT RUNTIME versions 600, 700, 800, 900, 1000 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Central Management Console et BI Launchpad) versions 4.2, 4.3 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP SuccessFactors attachmentAPI pour Mobile Application (Android et iOS) versions ant\u00e9rieures \u00e0 8.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Biller Direct versions-635, 750",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 1905, 2005, 2105, 2011, 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP GUI pour Windows version 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP SQL Anywhere version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Financial Consolidation version 1010",
"product": {
"name": "SAP Financial Consolidation",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server ABAP et ABAP Platform versions 700, 731, 804, 740, 750, 789",
"product": {
"name": "NetWeaver Application Server ABAP et ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server et ABAP Platform versions 700, 731, 740, 750, 789",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Author,Version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Viewer,Version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 versions 754, 755, 756, 757",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 CLIENT RUNTIME versions 600, 700, 800, 900, 1000",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Central Management Console et BI Launchpad) versions 4.2, 4.3",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35291"
},
{
"name": "CVE-2022-41203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41203"
},
{
"name": "CVE-2022-41259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41259"
},
{
"name": "CVE-2022-41258",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41258"
},
{
"name": "CVE-2022-41214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41214"
},
{
"name": "CVE-2022-41212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41212"
},
{
"name": "CVE-2022-41211",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41211"
},
{
"name": "CVE-2022-41208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41208"
},
{
"name": "CVE-2022-41204",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41204"
},
{
"name": "CVE-2022-41260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41260"
},
{
"name": "CVE-2022-41205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41205"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-41215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41215"
},
{
"name": "CVE-2022-41207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41207"
},
{
"name": "CVE-2021-20223",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20223"
}
],
"initial_release_date": "2022-11-10T00:00:00",
"last_revision_date": "2022-11-10T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1020",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 09 novembre 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026todaysdate=2022-11-09"
}
]
}
CERTFR-2022-AVI-904
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Enable Now version 10 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Version Management System) versions 420 et 430 | ||
| SAP | N/A | Product–SAP Commerce versions 1905, 2005, 2105, 2011, 2205 | ||
| SAP | N/A | SAP Commerce versions 1905, 2005, 2105, 2011 et 2205 | ||
| SAP | N/A | SAP Data Services Management Console versions 4.2 et 4.3 | ||
| SAP | N/A | SAP SQL Anywhere version 17.0 | ||
| SAP | N/A | SAP Customer Data Cloud (Gigya) version 7.4 | ||
| SAP | N/A | SAP 3D Visual Enterprise Viewer version 9 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (BI LaunchPad) versions 420 et 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) versions 420 et 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Program Objects) versions 420 et 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform(Admin Tools/Query Builder) versions 420 et 430 | ||
| SAP | N/A | SAP Business Objects Platform (MonitoringDB) version 430 | ||
| SAP | N/A | SAP Manufacturing Execution versions 15.1, 15.2 et 15.3 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (CommentaryDB) versions 420 et 430 | ||
| SAP | N/A | SAP 3D Visual Enterprise Author version 9 | ||
| SAP | N/A | SAP IQ version 16.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Enable Now version 10",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Version Management System) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Product\u2013SAP Commerce versions 1905, 2005, 2105, 2011, 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 1905, 2005, 2105, 2011 et 2205",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Data Services Management Console versions 4.2 et 4.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP SQL Anywhere version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Customer Data Cloud (Gigya) version 7.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Viewer version 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (BI LaunchPad) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Program Objects) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform(Admin Tools/Query Builder) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Objects Platform (MonitoringDB) version 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Manufacturing Execution versions 15.1, 15.2 et 15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (CommentaryDB) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Author version 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP IQ version 16.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41185"
},
{
"name": "CVE-2022-41206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41206"
},
{
"name": "CVE-2022-39808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39808"
},
{
"name": "CVE-2022-39803",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39803"
},
{
"name": "CVE-2022-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41175"
},
{
"name": "CVE-2022-41168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41168"
},
{
"name": "CVE-2022-41193",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41193"
},
{
"name": "CVE-2022-41174",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41174"
},
{
"name": "CVE-2022-41183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41183"
},
{
"name": "CVE-2022-39807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39807"
},
{
"name": "CVE-2022-41169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41169"
},
{
"name": "CVE-2022-35296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35296"
},
{
"name": "CVE-2022-35297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35297"
},
{
"name": "CVE-2022-41197",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41197"
},
{
"name": "CVE-2022-41189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41189"
},
{
"name": "CVE-2022-41192",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41192"
},
{
"name": "CVE-2022-41180",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41180"
},
{
"name": "CVE-2022-41182",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41182"
},
{
"name": "CVE-2022-41167",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41167"
},
{
"name": "CVE-2022-41191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41191"
},
{
"name": "CVE-2022-39805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39805"
},
{
"name": "CVE-2022-41200",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41200"
},
{
"name": "CVE-2022-41210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41210"
},
{
"name": "CVE-2022-39804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39804"
},
{
"name": "CVE-2022-39800",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39800"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2022-41178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41178"
},
{
"name": "CVE-2022-41170",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41170"
},
{
"name": "CVE-2022-35226",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35226"
},
{
"name": "CVE-2022-41195",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41195"
},
{
"name": "CVE-2022-41201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41201"
},
{
"name": "CVE-2022-32244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32244"
},
{
"name": "CVE-2022-41209",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41209"
},
{
"name": "CVE-2022-41202",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41202"
},
{
"name": "CVE-2022-41172",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41172"
},
{
"name": "CVE-2022-41190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41190"
},
{
"name": "CVE-2022-41204",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41204"
},
{
"name": "CVE-2022-41171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41171"
},
{
"name": "CVE-2022-41199",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41199"
},
{
"name": "CVE-2022-41176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41176"
},
{
"name": "CVE-2022-41198",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41198"
},
{
"name": "CVE-2022-41181",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41181"
},
{
"name": "CVE-2022-41166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41166"
},
{
"name": "CVE-2022-39013",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39013"
},
{
"name": "CVE-2022-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41184"
},
{
"name": "CVE-2022-35292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35292"
},
{
"name": "CVE-2022-39802",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39802"
},
{
"name": "CVE-2022-31596",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31596"
},
{
"name": "CVE-2022-39015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39015"
},
{
"name": "CVE-2022-41196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41196"
},
{
"name": "CVE-2022-41186",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41186"
},
{
"name": "CVE-2022-41187",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41187"
},
{
"name": "CVE-2022-39806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39806"
},
{
"name": "CVE-2022-41177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41177"
},
{
"name": "CVE-2022-41173",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41173"
},
{
"name": "CVE-2022-41188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41188"
},
{
"name": "CVE-2022-41179",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41179"
},
{
"name": "CVE-2022-41194",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41194"
}
],
"initial_release_date": "2022-10-12T00:00:00",
"last_revision_date": "2022-10-12T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-904",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 12 octobre 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1"
}
]
}
CERTFR-2022-AVI-819
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions 420, 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (CMC) versions 430 | ||
| SAP | N/A | SAP Access Control version 12 | ||
| SAP | N/A | SAP Knowledge Warehouse versions 7.30, 7.31, 7.40, 7.50 | ||
| SAP | N/A | SAP NetWeaverASABAP versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.89, 7.54 | ||
| SAP | NetWeaver Enterprise Portal | SAP NetWeaver Enterprise Portal (KMC) version 7.50 | ||
| SAP | N/A | SAP SuccessFactors attachment API for Mobile Application(Android &iOS) versions antérieures à 8.0.5 | ||
| SAP | N/A | SAP Business One version 10.0 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Version Management System) versions 420, 430 | ||
| SAP | N/A | SAP NetWeaverASABAP (SAPGUIfor HTML within the Fiori Launchpad) versions KERNEL 7.77, 7.81, 7.85, 7.89, 7.54 | ||
| SAP | N/A | SAP Business Client versions 6.5, 7.0, 7.70 | ||
| SAP | N/A | SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750-757, 789 | ||
| SAP | N/A | SAP NetWeaver ABAP Server and ABAP Platform versions 740, 750-756, 787 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP BusinessObjects Business Intelligence Platform versions 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (CMC) versions 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Access Control version 12",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Knowledge Warehouse versions 7.30, 7.31, 7.40, 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaverASABAP versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.89, 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Enterprise Portal (KMC) version 7.50",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP SuccessFactors attachment API for Mobile Application(Android \u0026iOS) versions ant\u00e9rieures \u00e0 8.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business One version 10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Version Management System) versions 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaverASABAP (SAPGUIfor HTML within the Fiori Launchpad) versions KERNEL 7.77, 7.81, 7.85, 7.89, 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client versions 6.5, 7.0, 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750-757, 789",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server and ABAP Platform versions 740, 750-756, 787",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35294"
},
{
"name": "CVE-2021-42063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42063"
},
{
"name": "CVE-2022-35291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35291"
},
{
"name": "CVE-2022-39801",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39801"
},
{
"name": "CVE-2022-28214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28214"
},
{
"name": "CVE-2022-28215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28215"
},
{
"name": "CVE-2022-39014",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39014"
},
{
"name": "CVE-2022-35292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35292"
},
{
"name": "CVE-2022-35298",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35298"
},
{
"name": "CVE-2022-39799",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39799"
},
{
"name": "CVE-2022-35295",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35295"
}
],
"initial_release_date": "2022-09-14T00:00:00",
"last_revision_date": "2022-09-14T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-819",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 13 septembre 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026todaysdate=2022-09-14"
}
]
}
CERTFR-2022-AVI-725
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Business Client versions 6.5, 7.0 et 7.70 | ||
| SAP | N/A | SAP Enable Now Manager version 1.0 | ||
| SAP | N/A | SAP Authenticator for Android versions antérieures à 1.2.17 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Open Document) versions 420 et 430 | ||
| SAP | N/A | SAP Business Objects Platform (MonitoringDB) version 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (CommentaryDB) versions 420 et 430 | ||
| SAP | N/A | SAP NetWeaver versions 740 et 750 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Business Client versions 6.5, 7.0 et 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Enable Now Manager version 1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Authenticator for Android versions ant\u00e9rieures \u00e0 1.2.17",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Open Document) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Objects Platform (MonitoringDB) version 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (CommentaryDB) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver versions 740 et 750",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35290",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35290"
},
{
"name": "CVE-2022-32245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32245"
},
{
"name": "CVE-2022-32244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32244"
},
{
"name": "CVE-2022-31596",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31596"
},
{
"name": "CVE-2022-35293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35293"
}
],
"initial_release_date": "2022-08-10T00:00:00",
"last_revision_date": "2022-08-10T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-725",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 08 ao\u00fbt 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1\u0026todaysdate=2022-08-10"
}
]
}
CERTFR-2022-AVI-625
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP S/4HANA versions S4CORE 101, 102, 103, 104, 105, 106 et SAPSCORE 127 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Central management console) versions 420 et 430 | ||
| SAP | N/A | SAP BusinessObjects BW Publisher Service versions 420 et 430 | ||
| SAP | N/A | SAP 3D Visual Enterprise Viewer version 9.0 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Visual Difference Application) versions 420 et 430 | ||
| SAP | N/A | SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106 | ||
| SAP | N/A | SAP Business One version 10.0 | ||
| SAP | N/A | SAP Business One License serviceAPI version 10.0 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions 420 et 430 | ||
| SAP | NetWeaver Enterprise Portal | SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | NetWeaver Enterprise Portal | SAP NetWeaver Enterprise Portal (WPC) versions 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | SAP Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | SAP BusinessObjects version 420 | ||
| SAP | N/A | SAP Adaptive Server Enterprise (ASE) versions KERNEL 7.22, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49 et 7.53 | ||
| SAP | N/A | SAP Enterprise Extension Defense Forces & Public Security (EA-DFPS) versions 605, 606, 616,617,618, 802, 803, 804, 805 et 806 | ||
| SAP | N/A | SAP NetWeaver Application Server for ABAP and ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787 et 788 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (LCM) versions 420 et 430 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP S/4HANA versions S4CORE 101, 102, 103, 104, 105, 106 et SAPSCORE 127",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Central management console) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects BW Publisher Service versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Viewer version 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Visual Difference Application) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business One version 10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business One License serviceAPI version 10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Enterprise Portal (WPC) versions 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects version 420",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Adaptive Server Enterprise (ASE) versions KERNEL 7.22, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49 et 7.53",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Enterprise Extension Defense Forces \u0026 Public Security (EA-DFPS) versions 605, 606, 616,617,618, 802, 803, 804, 805 et 806",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server for ABAP and ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787 et 788",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (LCM) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32246",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32246"
},
{
"name": "CVE-2022-29619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29619"
},
{
"name": "CVE-2022-31598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31598"
},
{
"name": "CVE-2022-35228",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35228"
},
{
"name": "CVE-2022-32249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32249"
},
{
"name": "CVE-2022-35172",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35172"
},
{
"name": "CVE-2022-31597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31597"
},
{
"name": "CVE-2022-35171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35171"
},
{
"name": "CVE-2022-32247",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32247"
},
{
"name": "CVE-2022-35168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35168"
},
{
"name": "CVE-2022-35169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35169"
},
{
"name": "CVE-2022-35227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35227"
},
{
"name": "CVE-2022-31593",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31593"
},
{
"name": "CVE-2022-35224",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35224"
},
{
"name": "CVE-2022-32248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32248"
},
{
"name": "CVE-2022-28771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28771"
},
{
"name": "CVE-2022-35225",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35225"
},
{
"name": "CVE-2022-29611",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29611"
},
{
"name": "CVE-2022-31594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31594"
},
{
"name": "CVE-2022-31592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31592"
},
{
"name": "CVE-2022-22542",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22542"
},
{
"name": "CVE-2022-35170",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35170"
},
{
"name": "CVE-2022-31591",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31591"
}
],
"initial_release_date": "2022-07-12T00:00:00",
"last_revision_date": "2022-07-12T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-625",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 12 juillet 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=10"
}
]
}
CERTFR-2022-AVI-456
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Customer Profitability Analytics version 2 | ||
| SAP | N/A | SAP Netweaver AS for ABAP and Java (ICM) versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, 8.04, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87 et 8.04 | ||
| SAP | N/A | SAP NetWeaver Application Server ABAP versions 753, 754, 755 et 756 | ||
| SAP | N/A | SAP Business One Cloud version 1.1 | ||
| SAP | N/A | SAP NetWeaver and ABAP Platform versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87 et 7.8 | ||
| SAP | N/A | SAP Webdispatcher versions 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.83 et 7.85 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions 420 et 430 | ||
| SAP | N/A | SAP Commerce versions 1905, 2005, 2105 et 2011 | ||
| SAP | N/A | SAP Employee Self Service (Fiori My Leave Request) version 605 | ||
| SAP | N/A | SAP NetWeaver ABAP Server and ABAP Platform versions 740, 750 et 787 | ||
| SAP | N/A | SAP NetWeaver Application Server for ABAP and ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787 et 788 | ||
| SAP | N/A | SAP NetWeaver (ABAP and Java application Servers) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 et 756 | ||
| SAP | N/A | SAP Host Agent version 7.22 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Customer Profitability Analytics version 2",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Netweaver AS for ABAP and Java (ICM) versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, 8.04, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87 et 8.04",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server ABAP versions 753, 754, 755 et 756",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business One Cloud version 1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver and ABAP Platform versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87 et 7.8",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Webdispatcher versions 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.83 et 7.85",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 1905, 2005, 2105 et 2011",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Employee Self Service (Fiori My Leave Request) version 605",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server and ABAP Platform versions 740, 750 et 787",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server for ABAP and ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787 et 788",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (ABAP and Java application Servers) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 et 756",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Host Agent version 7.22",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2022-29610",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29610"
},
{
"name": "CVE-2022-28214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28214"
},
{
"name": "CVE-2022-22541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22541"
},
{
"name": "CVE-2022-29616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29616"
},
{
"name": "CVE-2022-28774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28774"
},
{
"name": "CVE-2022-28215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28215"
},
{
"name": "CVE-2022-29613",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29613"
},
{
"name": "CVE-2022-29611",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29611"
},
{
"name": "CVE-2022-27656",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27656"
},
{
"name": "CVE-2022-22534",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22534"
}
],
"initial_release_date": "2022-05-12T00:00:00",
"last_revision_date": "2022-05-12T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-456",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 10 mai 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=10"
}
]
}
CERTFR-2022-AVI-345
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | NetWeaver Application Server pour ABAP | SAP NetWeaver Application Server pour ABAP (Kernel) et ABAP Platform (Kernel) versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49 | ||
| SAP | NetWeaver Application Server ABAP et ABAP Platform | SAP NetWeaver Application Server ABAP et ABAP Platform versions 700, 710, 711, 730, 731, 740 et 750-756 | ||
| SAP | N/A | SAP Web Dispatcher versions 7.22, 7.49, 7.53, 7.77, 7.81 et 7.83 | ||
| SAP | N/A | SAPS/4HANA(Supplier Factsheet et Enterprise Search pour Business Partner, Supplier et Customer) versions 104, 105 et 106 | ||
| SAP | N/A | SAP Content Server version 7.53 | ||
| SAP | N/A | SAP SQL Anywhere Server version 17.0 | ||
| SAP | N/A | SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86 et 7.87 | ||
| SAP | N/A | SAPUI5, versions 750, 753, 754, 755, 756 et 200 | ||
| SAP | N/A | SAP Manufacturing Integration et Intelligence versions 15.1, 15.2, 15.3 et 15.4 | ||
| SAP | N/A | SAP Powerdesigner Web Portal version 16.7 | ||
| SAP | N/A | SAP Customer Checkout_SVR version 2.0 | ||
| SAP | N/A | SAP NetWeaver (Internet Communication Manager versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85 et 7.86 | ||
| SAP | N/A | SAP Business Client version 6.5 | ||
| SAP | N/A | SAP NetWeaver Application Server pour Java Version 7.50 | ||
| SAP | N/A | SAP Customer Checkout version 2.0 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform versions 420 et 430 | ||
| SAP | N/A | SAP Focused Run (Simple Diagnostics Agent) version 1.0 | ||
| SAP | N/A | SAP 3D Visual Enterprise Viewer version 9 | ||
| SAP | NetWeaver Enterprise Portal | SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | SAP Fiori Launchpad versions 54, 755 et 756 | ||
| SAP | N/A | SAP NetWeaver (EP Web Page Composer) versions 7.20, 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | SAP Web Dispatcher versions 7.53, 7.77, 7.81, 7.85 et 7.86 | ||
| SAP | N/A | SAP Commerce versions 905, 2005, 2105 et 2011 | ||
| SAP | N/A | SAP Innovation Management version 2 | ||
| SAP | N/A | SAP BusinessObjects Enterprise (Central Management Server) versions 420 et 430 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (BI Workspace) version 420 | ||
| SAP | NetWeaver et ABAP | SAP NetWeaver et ABAP Platform versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49 | ||
| SAP | N/A | SAPUI5 (vbm library) versions 750, 753, 754, 755 et 756 | ||
| SAP | N/A | SAP NetWeaver Application Server Java versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49 et 7.53 | ||
| SAP | N/A | SAP NetWeaver (Internet Communication Manager) versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85 et 7.86 | ||
| SAP | N/A | SAP HANA Extended Application Services version 1 | ||
| SAP | N/A | SAP NetWeaver ABAP Server et ABAP Platform versions 740, 750 et 787 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP NetWeaver Application Server pour ABAP (Kernel) et ABAP Platform (Kernel) versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server ABAP et ABAP Platform versions 700, 710, 711, 730, 731, 740 et 750-756",
"product": {
"name": "NetWeaver Application Server ABAP et ABAP Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Web Dispatcher versions 7.22, 7.49, 7.53, 7.77, 7.81 et 7.83",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPS/4HANA(Supplier Factsheet et Enterprise Search pour Business Partner, Supplier et Customer) versions 104, 105 et 106",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Content Server version 7.53",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP SQL Anywhere Server version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81, 7.85, 7.22EXT, 7.86 et 7.87",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5, versions 750, 753, 754, 755, 756 et 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Manufacturing Integration et Intelligence versions 15.1, 15.2, 15.3 et 15.4",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Powerdesigner Web Portal version 16.7",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Customer Checkout_SVR version 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Internet Communication Manager versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85 et 7.86",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client version 6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server pour Java Version 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Customer Checkout version 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Focused Run (Simple Diagnostics Agent) version 1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Viewer version 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Fiori Launchpad versions 54, 755 et 756",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (EP Web Page Composer) versions 7.20, 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Web Dispatcher versions 7.53, 7.77, 7.81, 7.85 et 7.86",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 905, 2005, 2105 et 2011",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Innovation Management version 2",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Enterprise (Central Management Server) versions 420 et 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (BI Workspace) version 420",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver et ABAP Platform versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT et 7.49",
"product": {
"name": "NetWeaver et ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 (vbm library) versions 750, 753, 754, 755 et 756",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server Java versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49 et 7.53",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Internet Communication Manager) versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85 et 7.86",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP HANA Extended Application Services version 1",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver ABAP Server et ABAP Platform versions 740, 750 et 787",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2022-27654",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27654"
},
{
"name": "CVE-2022-22545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22545"
},
{
"name": "CVE-2022-0613",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0613"
},
{
"name": "CVE-2022-26106",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26106"
},
{
"name": "CVE-2022-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22543"
},
{
"name": "CVE-2022-28772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28772"
},
{
"name": "CVE-2022-22536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22536"
},
{
"name": "CVE-2022-23181",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23181"
},
{
"name": "CVE-2022-26107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26107"
},
{
"name": "CVE-2022-28214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28214"
},
{
"name": "CVE-2022-27667",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27667"
},
{
"name": "CVE-2022-28216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28216"
},
{
"name": "CVE-2022-28217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28217"
},
{
"name": "CVE-2022-22541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22541"
},
{
"name": "CVE-2022-27657",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27657"
},
{
"name": "CVE-2022-27671",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27671"
},
{
"name": "CVE-2022-26105",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26105"
},
{
"name": "CVE-2022-28770",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28770"
},
{
"name": "CVE-2022-27658",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27658"
},
{
"name": "CVE-2022-28773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28773"
},
{
"name": "CVE-2022-22532",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22532"
},
{
"name": "CVE-2022-26101",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26101"
},
{
"name": "CVE-2021-21480",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21480"
},
{
"name": "CVE-2022-28213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28213"
},
{
"name": "CVE-2022-28215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28215"
},
{
"name": "CVE-2022-27655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27655"
},
{
"name": "CVE-2022-26109",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26109"
},
{
"name": "CVE-2022-27670",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27670"
},
{
"name": "CVE-2021-38162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38162"
},
{
"name": "CVE-2020-26291",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26291"
},
{
"name": "CVE-2022-26108",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26108"
},
{
"name": "CVE-2021-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27516"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2022-22533",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22533"
},
{
"name": "CVE-2021-3647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3647"
},
{
"name": "CVE-2022-27669",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27669"
},
{
"name": "CVE-2022-22542",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22542"
}
],
"initial_release_date": "2022-04-14T00:00:00",
"last_revision_date": "2022-04-14T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-345",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 12 avril 2022",
"url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=10"
}
]
}
CERTFR-2021-AVI-948
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP UI 700 version 2.0 | ||
| SAP | N/A | SAP Knowledge Warehouse versions 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | SAP GRC Access Control versions V1100_700, V1100_731 et V1200_750 | ||
| SAP | N/A | SAP UI versions 7.5, 7.51, 7.52, 7.53 et 7.54 | ||
| SAP | N/A | SAP Business Client version 6.5 | ||
| SAP | N/A | SAP S/4HANA versions 1511, 1610, 1709, 1809, 1909, 2020 et 2021 | ||
| SAP | N/A | SAP 3D Visual Enterprise Viewer version 9 | ||
| SAP | N/A | SAP Commerce version 2001 | ||
| SAP | N/A | SAP Commerce versions 1905, 2005, 2105 et 2011 | ||
| SAP | N/A | SAP Landscape Transformation version 2.0 | ||
| SAP | N/A | SAF-T Framework versions SAP_FIN 617, 618, 720, 730, SAP_APPL 600, 602, 603, 604, 605, 606, S4CORE 102, 103, 104 et 105 | ||
| SAP | N/A | SAP Web Dispatcher and Internet Communication Manager versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83 | ||
| SAP | N/A | SAP LTRS for S/4HANA version 1.0 | ||
| SAP | N/A | SAP Test Data Migration Server version 4.0 | ||
| SAP | Replication Server | SAP LT Replication Server versions 2.0 et 3.0 | ||
| SAP | N/A | SAP Business One version 10 | ||
| SAP | N/A | SAP ABAP Server & ABAP Platform (Translation Tools) versions 701, 740,750,751,752,753,754,755,756 et 804 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform version 420 | ||
| SAP | N/A | SAP NetWeaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 756 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP UI 700 version 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Knowledge Warehouse versions 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP GRC Access Control versions V1100_700, V1100_731 et V1200_750",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP UI versions 7.5, 7.51, 7.52, 7.53 et 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client version 6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA versions 1511, 1610, 1709, 1809, 1909, 2020 et 2021",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Viewer version 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce version 2001",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce versions 1905, 2005, 2105 et 2011",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Landscape Transformation version 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAF-T Framework versions SAP_FIN 617, 618, 720, 730, SAP_APPL 600, 602, 603, 604, 605, 606, S4CORE 102, 103, 104 et 105",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Web Dispatcher and Internet Communication Manager versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP LTRS for S/4HANA version 1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Test Data Migration Server version 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP LT Replication Server versions 2.0 et 3.0",
"product": {
"name": "Replication Server",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business One version 10",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP ABAP Server \u0026 ABAP Platform (Translation Tools) versions 701, 740,750,751,752,753,754,755,756 et 804",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform version 420",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 756",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-21343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
},
{
"name": "CVE-2021-44233",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44233"
},
{
"name": "CVE-2021-42063",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42063"
},
{
"name": "CVE-2021-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
},
{
"name": "CVE-2021-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
},
{
"name": "CVE-2021-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
},
{
"name": "CVE-2021-38176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38176"
},
{
"name": "CVE-2021-44231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44231"
},
{
"name": "CVE-2019-0388",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0388"
},
{
"name": "CVE-2021-44235",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44235"
},
{
"name": "CVE-2021-42061",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42061"
},
{
"name": "CVE-2021-21347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
},
{
"name": "CVE-2021-21346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
},
{
"name": "CVE-2021-33683",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33683"
},
{
"name": "CVE-2021-42069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42069"
},
{
"name": "CVE-2021-21351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
},
{
"name": "CVE-2021-21345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
},
{
"name": "CVE-2021-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42070"
},
{
"name": "CVE-2021-37714",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37714"
},
{
"name": "CVE-2021-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
},
{
"name": "CVE-2021-42064",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42064"
},
{
"name": "CVE-2021-44232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44232"
},
{
"name": "CVE-2021-42068",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42068"
},
{
"name": "CVE-2021-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
},
{
"name": "CVE-2021-42066",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42066"
},
{
"name": "CVE-2021-21350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
}
],
"initial_release_date": "2021-12-14T00:00:00",
"last_revision_date": "2021-12-14T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-948",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 14 d\u00e9cembre 2021",
"url": "https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021"
}
]
}
CERTFR-2021-AVI-770
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP SuccessFactors Mobile Application (pour les équipements Android), Versions - <2108 | ||
| SAP | N/A | SAP NetWeaver AS ABAP et ABAP Platform, Versions - 740, 750, 751, 752, 753, 754, 755 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Crystal Reports), Versions - 420, 430 | ||
| SAP | N/A | SAP Business Client, Version – 6.5 | ||
| SAP | N/A | SAP BusinessObjects Analysis, (édition pour OLAP), Versions - 420, 430 | ||
| SAP | N/A | SAP Environmental Compliance, Version - 3.0 | ||
| SAP | NetWeaver Application Server pour ABAP | SAP NetWeaver Application Server pour ABAP (SAP Cloud Print Manager et SAPSprint), Versions - 7.70, 7.70 PI, 7.70BYD | ||
| SAP | N/A | SAP Business One, Version - 10.0 | ||
| SAP | N/A | SAP NetWeaver, Versions - 700, 701, 702, 730 | ||
| SAP | N/A | SAP NetWeaver AS ABAP et ABAP Platform, Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785 | ||
| SAP | N/A | SAPUI5, Versions - 750, 753, 754 | ||
| SAP | N/A | SAP NetWeaver AS ABAP et ABAP Platform, Versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756 | ||
| SAP | N/A | SAP NetWeaver AS ABAP and ABAP Platform, Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP SuccessFactors Mobile Application (pour les \u00e9quipements Android), Versions - \u003c2108",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP et ABAP Platform, Versions - 740, 750, 751, 752, 753, 754, 755",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Crystal Reports), Versions - 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client, Version \u2013 6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Analysis, (\u00e9dition pour OLAP), Versions - 420, 430",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Environmental Compliance, Version - 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server pour ABAP (SAP Cloud Print Manager et SAPSprint), Versions - 7.70, 7.70 PI, 7.70BYD",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business One, Version - 10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver, Versions - 700, 701, 702, 730",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP et ABAP Platform, Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5, Versions - 750, 753, 754",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP et ABAP Platform, Versions - 700, 701, 702, 710, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP and ABAP Platform, Versions - 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-40498",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40498"
},
{
"name": "CVE-2021-38180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38180"
},
{
"name": "CVE-2020-10683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
},
{
"name": "CVE-2021-40500",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40500"
},
{
"name": "CVE-2021-38179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38179"
},
{
"name": "CVE-2021-23926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23926"
},
{
"name": "CVE-2021-38183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38183"
},
{
"name": "CVE-2021-38181",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38181"
},
{
"name": "CVE-2021-40496",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40496"
},
{
"name": "CVE-2021-40497",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40497"
},
{
"name": "CVE-2021-40495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40495"
},
{
"name": "CVE-2021-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38178"
},
{
"name": "CVE-2021-40499",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40499"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"initial_release_date": "2021-10-12T00:00:00",
"last_revision_date": "2021-10-12T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-770",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP 587169983 du 12 octobre 2021",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983"
}
]
}
CERTFR-2021-AVI-702
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Landscape Transformation, Version - 2.0 | ||
| SAP | N/A | SAP Test Data Migration Server, Version - 4.0 | ||
| SAP | N/A | SAP 3D Visual Enterprise Viewer, Version - 9.0 | ||
| SAP | Replication Server | SAP LT Replication Server, Versions - 2.0, 3.0 | ||
| SAP | N/A | SAP Business Client, Version – 6.5 | ||
| SAP | N/A | SAP Contact Center, Version - 700 | ||
| SAP | N/A | SAP Business Client , Versions - 7.0, 7.70 | ||
| SAP | N/A | SAP Web Dispatcher , Versions - WEBDISP - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 | ||
| SAP | N/A | SAP NetWeaver Knowledge Management XML Forms , Versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (BI Workspace) , Version - 420 | ||
| SAP | N/A | SAP NetWeaver (Visual Composer 7.0 RT) , Versions - 7.30, 7.31, 7.40, 7.50 | ||
| SAP | N/A | SAP LTRS for S/4HANA, Version - 1.0 | ||
| SAP | N/A | SAP NetWeaver Application Server Java (JMS Connector Service) , Versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 | ||
| SAP | N/A | SAP Business One, Versions - 10.0 | ||
| SAP | N/A | SAP Analysis for Microsoft Office , Version - 2.8 | ||
| SAP | N/A | SAP CommonCryptoLib , Versions antérieures à 8.5.38 | ||
| SAP | N/A | SAP S/4HANA, Versions - 1511, 1610, 1709, 1809, 1909, 2020, 2021 | ||
| SAP | NetWeaver Enterprise Portal | SAP NetWeaver Enterprise Portal, Versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 | ||
| SAP | N/A | SAP ERP Financial Accounting (RFOPENPOSTING_FR) , Versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Landscape Transformation, Version - 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Test Data Migration Server, Version - 4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Viewer, Version - 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP LT Replication Server, Versions - 2.0, 3.0",
"product": {
"name": "Replication Server",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client, Version \u2013 6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Contact Center, Version - 700",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Client , Versions - 7.0, 7.70",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Web Dispatcher , Versions - WEBDISP - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.22, 7.22EXT, 7.49, 7.53, KERNEL - 7.22, 7.49, 7.53, 7.77, 7.81, 7.83",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Knowledge Management XML Forms , Versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (BI Workspace) , Version - 420",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Visual Composer 7.0 RT) , Versions - 7.30, 7.31, 7.40, 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP LTRS for S/4HANA, Version - 1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Application Server Java (JMS Connector Service) , Versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business One, Versions - 10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Analysis for Microsoft Office , Version - 2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP CommonCryptoLib , Versions ant\u00e9rieures \u00e0 8.5.38",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA, Versions - 1511, 1610, 1709, 1809, 1909, 2020, 2021",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Enterprise Portal, Versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP ERP Financial Accounting (RFOPENPOSTING_FR) , Versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-33686",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33686"
},
{
"name": "CVE-2021-38163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38163"
},
{
"name": "CVE-2021-33688",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33688"
},
{
"name": "CVE-2021-21489",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21489"
},
{
"name": "CVE-2021-38164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38164"
},
{
"name": "CVE-2021-33685",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33685"
},
{
"name": "CVE-2021-33675",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33675"
},
{
"name": "CVE-2021-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33672"
},
{
"name": "CVE-2021-38175",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38175"
},
{
"name": "CVE-2021-38176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38176"
},
{
"name": "CVE-2021-37532",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37532"
},
{
"name": "CVE-2021-37531",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37531"
},
{
"name": "CVE-2021-38150",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38150"
},
{
"name": "CVE-2021-33698",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33698"
},
{
"name": "CVE-2021-38162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38162"
},
{
"name": "CVE-2021-38174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38174"
},
{
"name": "CVE-2021-33673",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33673"
},
{
"name": "CVE-2021-37535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37535"
},
{
"name": "CVE-2021-33674",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33674"
},
{
"name": "CVE-2021-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38177"
},
{
"name": "CVE-2021-33679",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33679"
}
],
"initial_release_date": "2021-09-14T00:00:00",
"last_revision_date": "2021-09-14T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-702",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP 585106405 du 14 septembre 2021",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405"
}
]
}
CERTFR-2021-AVI-607
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (SAPUI5) versions 420 et 430 | ||
| SAP | N/A | SAP NetWeaver Development Infrastructure (Notification Service) versions 7.31, 7.40 et 7.50 | ||
| SAP | N/A | SAP NetWeaver Development Infrastructure (Component Build Service) versions 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | SAP NetWeaver (Knowledge Management) versions 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | SAP Cloud Connector version 2.0 | ||
| SAP | N/A | SAP Business One version 10.0 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Crystal Report) versions 420 et 430 | ||
| SAP | NetWeaver Enterprise Portal | SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | SAP Fiori Client Native Mobile pour Android version 3.2 | ||
| SAP | N/A | DMIS Mobile Plug-In versions DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752 et 2020 | ||
| SAP | N/A | SAP NetWeaver AS ABAP and ABAP Platform (SRM_RFC_SUBMIT_REPORT) versions 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 et 755 | ||
| SAP | N/A | SAP S/4HANA versions SAPSCORE 125, S4CORE 102, 102, 103, 104 et 105 | ||
| SAP | NetWeaver Enterprise Portal | SAP NetWeaver Enterprise Portal (Application Extensions) versions 7.30, 7.31, 7.40 et 7.50 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP BusinessObjects Business Intelligence Platform (SAPUI5) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Development Infrastructure (Notification Service) versions 7.31, 7.40 et 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Development Infrastructure (Component Build Service) versions 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver (Knowledge Management) versions 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Cloud Connector version 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business One version 10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Crystal Report) versions 420 et 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Fiori Client Native Mobile pour Android version 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "DMIS Mobile Plug-In versions DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752 et 2020",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP and ABAP Platform (SRM_RFC_SUBMIT_REPORT) versions 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 et 755",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP S/4HANA versions SAPSCORE 125, S4CORE 102, 102, 103, 104 et 105",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Enterprise Portal (Application Extensions) versions 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "NetWeaver Enterprise Portal",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-33690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33690"
},
{
"name": "CVE-2021-33705",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33705"
},
{
"name": "CVE-2021-33702",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33702"
},
{
"name": "CVE-2021-33694",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33694"
},
{
"name": "CVE-2021-33697",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33697"
},
{
"name": "CVE-2021-33700",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33700"
},
{
"name": "CVE-2021-33698",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33698"
},
{
"name": "CVE-2021-33695",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33695"
},
{
"name": "CVE-2021-33691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33691"
},
{
"name": "CVE-2021-33703",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33703"
},
{
"name": "CVE-2021-33701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33701"
},
{
"name": "CVE-2021-33707",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33707"
},
{
"name": "CVE-2021-33699",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33699"
},
{
"name": "CVE-2021-33704",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33704"
},
{
"name": "CVE-2021-33696",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33696"
},
{
"name": "CVE-2021-21473",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21473"
},
{
"name": "CVE-2021-33692",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33692"
},
{
"name": "CVE-2021-33693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33693"
}
],
"initial_release_date": "2021-08-10T00:00:00",
"last_revision_date": "2021-08-10T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-607",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-08-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 10 ao\u00fbt 2021",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806"
}
]
}
CERTFR-2021-AVI-017
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Business Client versions antérieures à 6.5 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence platform (Web Intelligence HTML interface) versions antérieures à 410 et 420 | ||
| SAP | Business Warehouse | SAP Business Warehouse versions antérieures à 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 782 | ||
| SAP | N/A | SAP NetWeaver Master Data Management versions antérieures à 7.10, 7.10.750 et 710 | ||
| SAP | N/A | SAP NetWeaver AS ABAP versions antérieures à 740, 750, 751, 752, 753, 754 et 755 | ||
| SAP | N/A | SAP BW4HANA versions antérieures à 100 et 200 | ||
| SAP | N/A | SAP 3D Visual Enterprise Viewer versions antérieures à 9.0 | ||
| SAP | Commerce Cloud | SAP Commerce Cloud versions antérieures à 1808, 1811, 1905, 2005 et 2011 | ||
| SAP | SAP NetWeaver AS Java | SAP NetWeaver AS JAVA versions antérieures à 7.20, 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | SAP EPM ADD-IN versions antérieures à 2.8 et 1010 | ||
| SAP | SAP NetWeaver AS Java | SAP NetWeaver AS JAVA (Key Storage Service) versions antérieures à 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40 et 7.50 | ||
| SAP | N/A | Automated Note Search Tool (SAP Basis) versions antérieures à 7.0, 7.01,7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 et 7.54 | ||
| SAP | SAP NetWeaver AS Java | SAP NetWeaver AS Java (HTTP Service) versions antérieures à 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50 | ||
| SAP | Business Warehouse | SAP Business Warehouse versions antérieures à 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 et 782 | ||
| SAP | Business Warehouse | SAP Business Warehouse versions antérieures à 700, 701, 702, 711, 730, 731, 740, 750 et 782 | ||
| SAP | N/A | SAP Banking Services (Generic Market Data) versions antérieures à 400, 450 et 500 | ||
| SAP | N/A | SAP Master Data Governance versions antérieures à 748, 749, 750, 751, 752, 800, 801, 802, 803 et 804 | ||
| SAP | N/A | SAP GUI FOR WINDOWS versions antérieures à 7.60 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Business Client versions ant\u00e9rieures \u00e0 6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence platform (Web Intelligence HTML interface) versions ant\u00e9rieures \u00e0 410 et 420",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Warehouse versions ant\u00e9rieures \u00e0 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 et 782",
"product": {
"name": "Business Warehouse",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Master Data Management versions ant\u00e9rieures \u00e0 7.10, 7.10.750 et 710",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS ABAP versions ant\u00e9rieures \u00e0 740, 750, 751, 752, 753, 754 et 755",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BW4HANA versions ant\u00e9rieures \u00e0 100 et 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP 3D Visual Enterprise Viewer versions ant\u00e9rieures \u00e0 9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Commerce Cloud versions ant\u00e9rieures \u00e0 1808, 1811, 1905, 2005 et 2011",
"product": {
"name": "Commerce Cloud",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS JAVA versions ant\u00e9rieures \u00e0 7.20, 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP EPM ADD-IN versions ant\u00e9rieures \u00e0 2.8 et 1010",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS JAVA (Key Storage Service) versions ant\u00e9rieures \u00e0 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Automated Note Search Tool (SAP Basis) versions ant\u00e9rieures \u00e0 7.0, 7.01,7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 et 7.54",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver AS Java (HTTP Service) versions ant\u00e9rieures \u00e0 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
"product": {
"name": "SAP NetWeaver AS Java",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Warehouse versions ant\u00e9rieures \u00e0 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 et 782",
"product": {
"name": "Business Warehouse",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Business Warehouse versions ant\u00e9rieures \u00e0 700, 701, 702, 711, 730, 731, 740, 750 et 782",
"product": {
"name": "Business Warehouse",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Banking Services (Generic Market Data) versions ant\u00e9rieures \u00e0 400, 450 et 500",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Master Data Governance versions ant\u00e9rieures \u00e0 748, 749, 750, 751, 752, 800, 801, 802, 803 et 804",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP GUI FOR WINDOWS versions ant\u00e9rieures \u00e0 7.60",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-21446",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21446"
},
{
"name": "CVE-2021-21449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21449"
},
{
"name": "CVE-2020-6307",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6307"
},
{
"name": "CVE-2021-21467",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21467"
},
{
"name": "CVE-2021-21466",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21466"
},
{
"name": "CVE-2020-26816",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26816"
},
{
"name": "CVE-2020-26838",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26838"
},
{
"name": "CVE-2020-6224",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6224"
},
{
"name": "CVE-2021-21451",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21451"
},
{
"name": "CVE-2021-21464",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21464"
},
{
"name": "CVE-2021-21468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21468"
},
{
"name": "CVE-2020-6256",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6256"
},
{
"name": "CVE-2021-21459",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21459"
},
{
"name": "CVE-2021-21462",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21462"
},
{
"name": "CVE-2020-26820",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26820"
},
{
"name": "CVE-2021-21460",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21460"
},
{
"name": "CVE-2021-21445",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21445"
},
{
"name": "CVE-2021-21453",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21453"
},
{
"name": "CVE-2021-21448",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21448"
},
{
"name": "CVE-2021-21456",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21456"
},
{
"name": "CVE-2021-21450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21450"
},
{
"name": "CVE-2021-21470",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21470"
},
{
"name": "CVE-2021-21447",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21447"
},
{
"name": "CVE-2021-21465",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21465"
},
{
"name": "CVE-2021-21458",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21458"
},
{
"name": "CVE-2021-21463",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21463"
},
{
"name": "CVE-2021-21455",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21455"
},
{
"name": "CVE-2021-21454",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21454"
},
{
"name": "CVE-2021-21461",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21461"
},
{
"name": "CVE-2021-21457",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21457"
},
{
"name": "CVE-2021-21452",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21452"
},
{
"name": "CVE-2021-21469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21469"
}
],
"initial_release_date": "2021-01-12T00:00:00",
"last_revision_date": "2021-01-12T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-017",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 12 janvier 2021",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476"
}
]
}
CERTFR-2019-AVI-514
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans plusieurs produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Note : Les scores CVSS pour les CVE-2019-0379 et CVE-2019-0380 ne sont pas correctement représentés sur le site du NVD. Le bulletin de SAP fournit les bonnes métriques.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | N/A | SAP Landscape Management enterprise edition, Version - 3.0 | ||
| SAP | N/A | SAP Process Integration, business-to-business add-on, Versions - 1.0, 2.0 | ||
| SAP | N/A | SAP Dynamic Tiering, Version - 1.0, 2.0 | ||
| SAP | N/A | SAP IQ, Version - 16.1 | ||
| SAP | SAP Financial Consolidation | SAP Financial Consolidation, Versions - 10.0, 10.1 | ||
| SAP | N/A | SAP Kernel (RFC), Versions - KRNL32NUC, KRNL32UC and KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL 7.21, 7.49, 7.53, 7.73, 7.76 | ||
| SAP | SAP BusinessObjects Business Intelligence | SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), Versions - 420, 430 | ||
| SAP | N/A | SAP Customer Relationship Management (Email Management), Versions - S4CRM 100, 200 | ||
| SAP | N/A | SAP SQL Anywhere, Version - 17.0 | ||
| SAP | N/A | SAP NetWeaver Process Integration (B2B Toolkit), Versions - 1.0, 2.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SAP Landscape Management enterprise edition, Version - 3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Process Integration, business-to-business add-on, Versions - 1.0, 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Dynamic Tiering, Version - 1.0, 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP IQ, Version - 16.1",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Financial Consolidation, Versions - 10.0, 10.1",
"product": {
"name": "SAP Financial Consolidation",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Kernel (RFC), Versions - KRNL32NUC, KRNL32UC and KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73 and KERNEL 7.21, 7.49, 7.53, 7.73, 7.76",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), Versions - 420, 430",
"product": {
"name": "SAP BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP Customer Relationship Management (Email Management), Versions - S4CRM 100, 200",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP SQL Anywhere, Version - 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAP NetWeaver Process Integration (B2B Toolkit), Versions - 1.0, 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0378"
},
{
"name": "CVE-2019-0376",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0376"
},
{
"name": "CVE-2019-0365",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0365"
},
{
"name": "CVE-2019-0381",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0381"
},
{
"name": "CVE-2019-0369",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0369"
},
{
"name": "CVE-2019-0368",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0368"
},
{
"name": "CVE-2019-0374",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0374"
},
{
"name": "CVE-2019-0367",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0367"
},
{
"name": "CVE-2019-0379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0379"
},
{
"name": "CVE-2019-0380",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0380"
},
{
"name": "CVE-2019-0370",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0370"
},
{
"name": "CVE-2019-0375",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0375"
},
{
"name": "CVE-2019-0377",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0377"
}
],
"initial_release_date": "2019-10-16T00:00:00",
"last_revision_date": "2019-10-16T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-514",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans plusieurs produits\nSAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nd\u00e9ni de service \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nNote : Les scores CVSS pour les CVE-2019-0379 et CVE-2019-0380 ne sont\npas correctement repr\u00e9sent\u00e9s sur le site du NVD. Le bulletin de SAP\nfournit les bonnes m\u00e9triques.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans plusieurs produits SAP",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SAP du 11 octobre 2019",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050"
}
]
}