Refine your search
12 vulnerabilities found for Stormshield Management Center by Stormshield
CERTFR-2024-AVI-1089
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Stormshield Management Center. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Management Center | Stormshield Management Center (SMC) versions antérieures à 3.7.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Management Center (SMC) versions ant\u00e9rieures \u00e0 3.7.0",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
}
],
"initial_release_date": "2024-12-17T00:00:00",
"last_revision_date": "2024-12-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1089",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Stormshield Management Center. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits StormShield Management Center",
"vendor_advisories": [
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-32",
"url": "https://advisories.stormshield.eu/2024-32"
}
]
}
CERTFR-2024-AVI-0650
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Stormshield Management Center. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Management Center | Stormshield Management Center (SMC) versions antérieures à 3.6.0 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Management Center (SMC) versions ant\u00e9rieures \u00e0 3.6.0",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
}
],
"initial_release_date": "2024-08-05T00:00:00",
"last_revision_date": "2024-08-05T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0650",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Management Center. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Management Center ",
"vendor_advisories": [
{
"published_at": "2024-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-01",
"url": "https://advisories.stormshield.eu/2024-01"
},
{
"published_at": "2024-07-05",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-027",
"url": "https://advisories.stormshield.eu/2024-027"
}
]
}
CERTFR-2024-AVI-0635
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans StormShield Management Center. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Management Center | Management Center versions antérieures à 3.6.0 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Management Center versions ant\u00e9rieures \u00e0 3.6.0",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
}
],
"initial_release_date": "2024-07-30T00:00:00",
"last_revision_date": "2024-07-30T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0635",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans StormShield Management Center. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans StormShield Management Center",
"vendor_advisories": [
{
"published_at": "2024-07-30",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-022",
"url": "https://advisories.stormshield.eu/2024-022"
},
{
"published_at": "2024-07-30",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-23",
"url": "https://advisories.stormshield.eu/2024-23"
},
{
"published_at": "2024-07-30",
"title": "Bulletin de s\u00e9curit\u00e9 StormShield 2023-036",
"url": "https://advisories.stormshield.eu/2023-036"
}
]
}
CERTFR-2023-AVI-0851
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Management Center. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Management Center | Stormshield Management Center versions 3.3.x antérieures à 3.3.3 | ||
| Stormshield | Stormshield Management Center | Stormshield Management Center versions 3.4.x antérieures à 3.4.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Management Center versions 3.3.x ant\u00e9rieures \u00e0 3.3.3",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Management Center versions 3.4.x ant\u00e9rieures \u00e0 3.4.2",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-44455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44455"
}
],
"initial_release_date": "2023-10-16T00:00:00",
"last_revision_date": "2023-10-16T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0851",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Management Center.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Management Center",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2023-030 du 16 octobre 2023",
"url": "https://advisories.stormshield.eu/2023-030/"
}
]
}
CERTFR-2023-AVI-0169
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Stormshield Management Center. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Management Center | Stormshield Management Center (SMC) versions antérieures à 3.3.3 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Management Center (SMC) versions ant\u00e9rieures \u00e0 3.3.3",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
}
],
"initial_release_date": "2023-02-24T00:00:00",
"last_revision_date": "2023-02-24T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 StormShield\u00a0STORM-2023-016 du 23 f\u00e9vrier 2023",
"url": "https://advisories.stormshield.eu/2023-016/"
}
],
"reference": "CERTFR-2023-AVI-0169",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Stormshield\nManagement Center. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Management Center",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-016 du 23 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-015 du 23 f\u00e9vrier 2023",
"url": "https://advisories.stormshield.eu/2023-015/"
}
]
}
CERTFR-2022-AVI-1041
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.3.x antérieures à 4.3.11 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.7.x antérieures à 3.7.32 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.11.x antérieures à 3.11.20 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.5.x antérieures à 4.5.3 | ||
| Stormshield | Stormshield Management Center | Stormshield Management Center versions antérieures à 3.3.2 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.11",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.7.x ant\u00e9rieures \u00e0 3.7.32",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.20",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.5.x ant\u00e9rieures \u00e0 4.5.3",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Management Center versions ant\u00e9rieures \u00e0 3.3.2",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2022-0696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0696"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2022-0554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0554"
},
{
"name": "CVE-2022-0572",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0572"
},
{
"name": "CVE-2022-0714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0714"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2022-0629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0629"
},
{
"name": "CVE-2022-0729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0729"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2022-0685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0685"
}
],
"initial_release_date": "2022-11-21T00:00:00",
"last_revision_date": "2022-11-21T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1041",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-006 du 17 novembre 2022",
"url": "https://advisories.stormshield.eu/2022-006/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-026 du 18 novembre 2022",
"url": "https://advisories.stormshield.eu/2022-026/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-024 du 28 septembre 2022",
"url": "https://advisories.stormshield.eu/2022-024/"
}
]
}
CERTFR-2022-AVI-780
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Stormshield Stormshield Management Center (SMC). Elles permettent à un attaquant de provoquer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Management Center | Stormshield Management Center (SMC) versions 3.2.x et 3.3.x antérieures à 3.3.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Management Center (SMC) versions 3.2.x et 3.3.x ant\u00e9rieures \u00e0 3.3.1",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2022-32214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
}
],
"initial_release_date": "2022-08-31T00:00:00",
"last_revision_date": "2022-08-31T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-780",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield\nStormshield Management Center (SMC). Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield SMC",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-018 du 30 ao\u00fbt 2022",
"url": "https://advisories.stormshield.eu/2022-018/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-022 du 30 ao\u00fbt 2022",
"url": "https://advisories.stormshield.eu/2022-022/"
}
]
}
CERTFR-2022-AVI-296
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Management Center. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Management Center | Stormshield Management Center versions antérieures à 3.1.6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Management Center versions ant\u00e9rieures \u00e0 3.1.6",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
}
],
"initial_release_date": "2022-03-31T00:00:00",
"last_revision_date": "2022-03-31T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-296",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Management Center.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Management Center",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2022-011 du 25 mars 2022",
"url": "https://advisories.stormshield.eu/2022-011/"
}
]
}
CERTFR-2021-AVI-885
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Stormshield Management Center. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Management Center | Stormshield Management Center versions antérieures à 3.1.0 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Management Center versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3677"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
}
],
"initial_release_date": "2021-11-18T00:00:00",
"last_revision_date": "2021-11-18T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-885",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield\nManagement Center. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Management Center",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield duits Stormshield STORM-2021-060 du 17 novembre 2021",
"url": "https://advisories.stormshield.eu/2021-060/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield duits Stormshield STORM-2021-058 du 17 novembre 2021",
"url": "https://advisories.stormshield.eu/2021-058/"
}
]
}
CERTFR-2021-AVI-649
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Stormshield Management Center. Elle permet à un attaquant de provoquer un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Management Center | Stormshield Management Center versions antérieures à 3.0.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Management Center versions ant\u00e9rieures \u00e0 3.0.1",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
}
],
"initial_release_date": "2021-08-23T00:00:00",
"last_revision_date": "2021-08-23T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-649",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-08-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Management Center.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Management Center",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-053 du 23 ao\u00fbt 2021",
"url": "https://advisories.stormshield.eu/2021-053/"
}
]
}
CERTFR-2021-AVI-313
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Stormshield Management Center. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Management Center | Stormshield Management Center versions 2.8.x antérieures à 2.8.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Management Center versions 2.8.x ant\u00e9rieures \u00e0 2.8.2",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
}
],
"initial_release_date": "2021-04-26T00:00:00",
"last_revision_date": "2021-04-27T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-313",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-26T00:00:00.000000"
},
{
"description": "R\u00e9paration des liens des avis 15 et 16.",
"revision_date": "2021-04-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield\nManagement Center. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Management Center",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-015 du 09 avril 2021",
"url": "https://advisories.stormshield.eu/2021-015/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-016 du 09 avril 2021",
"url": "https://advisories.stormshield.eu/2021-016/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-013 du 09 avril 2021",
"url": "https://advisories.stormshield.eu/2021-013/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2021-012 du 09 avril 2021",
"url": "https://advisories.stormshield.eu/2021-012/"
}
]
}
CERTFR-2021-AVI-065
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Elles permettent à un attaquant de provoquer un déni de service à distance.
Cet avis remplace l'avis CERTFR-2021-AVI-051 suite à la suppression et la modification des bulletins de sécurité de l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 3.x antérieures à 3.7.15 ou 3.11.3 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 2.x | ||
| Stormshield | N/A | Netasq versions 9.0.9 à 9.10.10 | ||
| Stormshield | Stormshield Management Center | Stormshield Management Center versions antérieures à 2.8.1 | ||
| Stormshield | Stormshield Network Security | Stormshield Network Security versions 4.x antérieures à 4.1.3 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Stormshield Network Security versions 3.x ant\u00e9rieures \u00e0 3.7.15 ou 3.11.3",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 2.x",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Netasq versions 9.0.9 \u00e0 9.10.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Management Center versions ant\u00e9rieures \u00e0 2.8.1",
"product": {
"name": "Stormshield Management Center",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
},
{
"description": "Stormshield Network Security versions 4.x ant\u00e9rieures \u00e0 4.1.3",
"product": {
"name": "Stormshield Network Security",
"vendor": {
"name": "Stormshield",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7469"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2020-8265",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8265"
},
{
"name": "CVE-2020-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8277"
}
],
"initial_release_date": "2021-01-28T00:00:00",
"last_revision_date": "2021-01-29T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-065",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-28T00:00:00.000000"
},
{
"description": "correction \u00e9diteur pour versions SMC affect\u00e9es",
"revision_date": "2021-01-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n\n\u003cstrong\u003eCet avis remplace l\u0027avis CERTFR-2021-AVI-051 suite \u00e0 la suppression et\nla modification des bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur.\u003c/strong\u003e\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-062 du 21 janvier 2021",
"url": "https://advisories.stormshield.eu/2020-062/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-060 du 21 janvier 2021",
"url": "https://advisories.stormshield.eu/2020-060/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-035 du 18 d\u00e9cembre 2020",
"url": "https://advisories.stormshield.eu/2020-035/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-034 du 18 d\u00e9cembre 2020",
"url": "https://advisories.stormshield.eu/2020-034/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2020-061 du 21 janvier 2021",
"url": "https://advisories.stormshield.eu/2020-061/"
}
]
}