Refine your search
48 vulnerabilities found for Weblogic by Oracle
CERTFR-2025-AVI-0604
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle Weblogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server version 14.1.2.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server version 12.2.1.4.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server version 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30753"
},
{
"name": "CVE-2025-50064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50064"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-50072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50072"
},
{
"name": "CVE-2025-30762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30762"
},
{
"name": "CVE-2025-50073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50073"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2025-07-18T00:00:00",
"last_revision_date": "2025-07-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0604",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Weblogic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Weblogic",
"vendor_advisories": [
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Weblogic cpujul2025",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html"
}
]
}
CERTFR-2025-AVI-0324
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Oracle Weblogic. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server version 12.2.1.4.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server version 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
}
],
"initial_release_date": "2025-04-16T00:00:00",
"last_revision_date": "2025-04-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0324",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Oracle Weblogic. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Oracle Weblogic",
"vendor_advisories": [
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Weblogic cpuapr2025",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
]
}
CERTFR-2025-AVI-0058
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle Weblogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server version 14.1.2.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server version 12.2.1.4.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server version 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2025-21535",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21535"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-23635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23635"
},
{
"name": "CVE-2025-21549",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21549"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2023-7272",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7272"
}
],
"initial_release_date": "2025-01-22T00:00:00",
"last_revision_date": "2025-01-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0058",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Weblogic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Weblogic",
"vendor_advisories": [
{
"published_at": "2025-01-21",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Weblogic cpujan2025",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
CERTFR-2024-AVI-0888
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle Weblogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server version 12.2.1.4.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server version 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21215"
},
{
"name": "CVE-2024-21274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21274"
},
{
"name": "CVE-2024-21234",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21234"
},
{
"name": "CVE-2024-21260",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21260"
},
{
"name": "CVE-2024-21216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21216"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
}
],
"initial_release_date": "2024-10-16T00:00:00",
"last_revision_date": "2024-10-16T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0888",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Weblogic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Weblogic",
"vendor_advisories": [
{
"published_at": "2024-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Weblogic cpuoct2024",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
CERTFR-2024-AVI-0599
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle WebLogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebLogic Server versions 12.2.1.4.0 et 14.1.1.0.0 sans les derniers correctifs de s\u00e9curit\u00e9\t",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21182"
},
{
"name": "CVE-2024-21175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21175"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2024-21183",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21183"
},
{
"name": "CVE-2024-21181",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21181"
}
],
"initial_release_date": "2024-07-17T00:00:00",
"last_revision_date": "2024-07-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0599",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Weblogic",
"vendor_advisories": [
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2024verbose",
"url": "https://www.oracle.com/security-alerts/cpujul2024verbose.html#FMW"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle pujul2024",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixFMW"
}
]
}
CERTFR-2024-AVI-0323
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle Weblogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server versions 12.2.1.4.0 et 14.1.1.0.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2021-23369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23369"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-23635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23635"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2024-21007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21007"
},
{
"name": "CVE-2024-21006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21006"
}
],
"initial_release_date": "2024-04-18T00:00:00",
"last_revision_date": "2024-04-18T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0323",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Weblogic.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Weblogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
}
]
}
CERTFR-2024-AVI-0049
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle Weblogic Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server versions 12.2.1.4.0 et 14.1.1.0.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20927"
},
{
"name": "CVE-2024-20931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20931"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2023-43643",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43643"
},
{
"name": "CVE-2024-20986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20986"
},
{
"name": "CVE-2023-49093",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49093"
}
],
"initial_release_date": "2024-01-17T00:00:00",
"last_revision_date": "2024-01-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0049",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Weblogic\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Weblogic Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024verbose du 16 janvier 2024",
"url": "https://www.oracle.com/security-alerts/cpujan2024verbose.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024 du 16 janvier 2024",
"url": "https://www.oracle.com/security-alerts/cpujan2024.html"
}
]
}
CERTFR-2023-AVI-0861
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle WebLogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-29599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29599"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2023-22069",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22069"
},
{
"name": "CVE-2023-22086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22086"
},
{
"name": "CVE-2022-29546",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29546"
},
{
"name": "CVE-2021-36374",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36374"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2023-22072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22072"
},
{
"name": "CVE-2022-44729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44729"
},
{
"name": "CVE-2023-22108",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22108"
},
{
"name": "CVE-2023-22089",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22089"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2023-22101",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22101"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
}
],
"initial_release_date": "2023-10-18T00:00:00",
"last_revision_date": "2023-10-18T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0861",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2023 verbose du 17 octobre 2023",
"url": "https://www.oracle.com/security-alerts/cpuoct2023verbose.html#FMW"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2023 du 17 octobre 2023",
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html"
}
]
}
CERTFR-2023-AVI-0567
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle WebLogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebLogic versions 12.2.1.4.0 et 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"name": "CVE-2021-28168",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28168"
},
{
"name": "CVE-2023-22031",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22031"
},
{
"name": "CVE-2023-26119",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26119"
},
{
"name": "CVE-2022-24409",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24409"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2023-20860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
},
{
"name": "CVE-2023-22040",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22040"
}
],
"initial_release_date": "2023-07-19T00:00:00",
"last_revision_date": "2023-07-19T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0567",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023verbose du 18 juillet 2023",
"url": "https://www.oracle.com/security-alerts/cpujul2023verbose.html#FMW"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023 du 18 juillet 2023",
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
}
]
}
CERTFR-2023-AVI-0325
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Java SE | Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 | ||
| Oracle | Database Server | Oracle Database Server 19c, 21c | ||
| Oracle | N/A | Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1 | ||
| Oracle | PeopleSoft | Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2 | ||
| Oracle | Virtualization | Oracle Virtualization versions 6.1.x antérieures à 6.1.44 | ||
| Oracle | MySQL | Oracle MySQL versions 8.0.33 et antérieures | ||
| Oracle | Systems | Oracle Systems versions 10, 11 | ||
| Oracle | Virtualization | Oracle Virtualization versions 7.0.x antérieures à 7.0.8 | ||
| Oracle | MySQL | Oracle MySQL versions 5.7.41 et antérieures | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server 19c, 21c",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Virtualization versions 6.1.x ant\u00e9rieures \u00e0 6.1.44",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 8.0.33 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Systems versions 10, 11",
"product": {
"name": "Systems",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Virtualization versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 5.7.41 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21916"
},
{
"name": "CVE-2023-21985",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21985"
},
{
"name": "CVE-2023-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21979"
},
{
"name": "CVE-2023-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21986"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21940",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21940"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21962"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21917"
},
{
"name": "CVE-2023-21984",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21984"
},
{
"name": "CVE-2023-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21956"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21945"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2023-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21966"
},
{
"name": "CVE-2023-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21947"
},
{
"name": "CVE-2023-22002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22002"
},
{
"name": "CVE-2023-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21981"
},
{
"name": "CVE-2023-21987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21987"
},
{
"name": "CVE-2023-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21977"
},
{
"name": "CVE-2023-21971",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21971"
},
{
"name": "CVE-2023-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21999"
},
{
"name": "CVE-2023-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21928"
},
{
"name": "CVE-2023-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21972"
},
{
"name": "CVE-2023-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21960"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2023-21990",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21990"
},
{
"name": "CVE-2023-22000",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22000"
},
{
"name": "CVE-2023-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21913"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2023-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
},
{
"name": "CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"name": "CVE-2023-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21996"
},
{
"name": "CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"name": "CVE-2023-21953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21953"
},
{
"name": "CVE-2023-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21934"
},
{
"name": "CVE-2023-22003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22003"
},
{
"name": "CVE-2023-21998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21998"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2023-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21946"
},
{
"name": "CVE-2023-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21933"
},
{
"name": "CVE-2023-21931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21931"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-45143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45143"
},
{
"name": "CVE-2023-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21896"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2023-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21964"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21920"
},
{
"name": "CVE-2022-45685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
},
{
"name": "CVE-2023-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21918"
},
{
"name": "CVE-2023-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21992"
},
{
"name": "CVE-2023-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21911"
},
{
"name": "CVE-2023-21976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21976"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21991"
},
{
"name": "CVE-2023-21989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21989"
},
{
"name": "CVE-2023-21982",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21982"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21935"
},
{
"name": "CVE-2020-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25638"
},
{
"name": "CVE-2023-21955",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21955"
},
{
"name": "CVE-2023-21988",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21988"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2022-36033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2023-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21929"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2023-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22001"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2023-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21948"
},
{
"name": "CVE-2023-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21919"
}
],
"initial_release_date": "2023-04-19T00:00:00",
"last_revision_date": "2023-04-20T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0325",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-19T00:00:00.000000"
},
{
"description": "Correction coquilles.",
"revision_date": "2023-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2023 du 18 avril 2023",
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
}
]
}
CERTFR-2023-AVI-0034
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Cluster versions 7.5.28 et antérieures | ||
| Oracle | MySQL | MySQL Shell versions 8.0.31 et antérieures | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise CC Common Application Objects version 9.2 | ||
| Oracle | MySQL | MySQL Server versions 5.7.40 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.24 et antérieures | ||
| Oracle | Java SE | Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5 et 19.0.1 | ||
| Oracle | MySQL | MySQL Connectors versions 8.0.31 et antérieures | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0 | ||
| Oracle | N/A | Oracle VM VirtualBox versions antérieures à 7.0.6 | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.31 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.32 et antérieures | ||
| Oracle | Database Server | Oracle Database Server versions 19c, 21c [Perl] antérieures à 5.35 | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.31 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.31 et antérieures | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise CS Academic Advisement version 9.2 | ||
| Oracle | N/A | Oracle VM VirtualBox versions antérieures à 6.1.42 | ||
| Oracle | MySQL | MySQL Cluster versions 7.4.38 et antérieures | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise PeopleTools versions 8.58, 8.59 et 8.60 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Cluster versions 7.5.28 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Shell versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise CC Common Application Objects version 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.24 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5 et 19.0.1",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.32 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server versions 19c, 21c [Perl] ant\u00e9rieures \u00e0 5.35",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise CS Academic Advisement version 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 6.1.42",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.4.38 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise PeopleTools versions 8.58, 8.59 et 8.60",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21900"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2023-21893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21893"
},
{
"name": "CVE-2023-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21877"
},
{
"name": "CVE-2023-21885",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21885"
},
{
"name": "CVE-2022-22971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22971"
},
{
"name": "CVE-2023-21865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21865"
},
{
"name": "CVE-2023-21898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21898"
},
{
"name": "CVE-2023-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21881"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2023-21874",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21874"
},
{
"name": "CVE-2023-21838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21838"
},
{
"name": "CVE-2023-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21878"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2023-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21883"
},
{
"name": "CVE-2022-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40153"
},
{
"name": "CVE-2022-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42252"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2023-21889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21889"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2023-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21875"
},
{
"name": "CVE-2023-21872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21872"
},
{
"name": "CVE-2023-21841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21841"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2023-21864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21864"
},
{
"name": "CVE-2023-21840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
},
{
"name": "CVE-2022-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
},
{
"name": "CVE-2022-31692",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31692"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21866"
},
{
"name": "CVE-2023-21842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21842"
},
{
"name": "CVE-2023-21845",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21845"
},
{
"name": "CVE-2022-39429",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39429"
},
{
"name": "CVE-2023-21860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21860"
},
{
"name": "CVE-2023-21844",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21844"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2023-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21871"
},
{
"name": "CVE-2023-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21839"
},
{
"name": "CVE-2023-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21887"
},
{
"name": "CVE-2023-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21835"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2023-21873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21873"
},
{
"name": "CVE-2023-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21863"
},
{
"name": "CVE-2023-21876",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21876"
},
{
"name": "CVE-2020-36242",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
},
{
"name": "CVE-2023-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21867"
},
{
"name": "CVE-2023-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21899"
},
{
"name": "CVE-2023-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21869"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21836"
},
{
"name": "CVE-2023-21827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21827"
},
{
"name": "CVE-2023-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21870"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2023-21879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21879"
},
{
"name": "CVE-2021-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
},
{
"name": "CVE-2023-21882",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21882"
},
{
"name": "CVE-2023-21886",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21886"
},
{
"name": "CVE-2023-21837",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21837"
},
{
"name": "CVE-2023-21831",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21831"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2023-21880",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21880"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2023-21829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21829"
},
{
"name": "CVE-2023-21884",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21884"
},
{
"name": "CVE-2023-21868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21868"
}
],
"initial_release_date": "2023-01-18T00:00:00",
"last_revision_date": "2023-01-18T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0034",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2023 du 18 janvier 2023",
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
}
]
}
CERTFR-2022-AVI-935
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle WebLogic Server. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-22971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22971"
},
{
"name": "CVE-2020-17521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17521"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2022-21616",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21616"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2020-28052",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28052"
}
],
"initial_release_date": "2022-10-19T00:00:00",
"last_revision_date": "2022-10-19T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-935",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2022 du 18 octobre 2022",
"url": "https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixFMW"
}
]
}
CERTFR-2022-AVI-659
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle WebLogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic version 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic version 12.2.1.4.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic version 12.2.1.3.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2021-26291",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26291"
},
{
"name": "CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"name": "CVE-2021-2351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2351"
},
{
"name": "CVE-2022-21560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21560"
},
{
"name": "CVE-2021-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23450"
},
{
"name": "CVE-2020-28491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
},
{
"name": "CVE-2022-24891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24891"
},
{
"name": "CVE-2022-21548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21548"
},
{
"name": "CVE-2022-23457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23457"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2022-21564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21564"
},
{
"name": "CVE-2020-11987",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11987"
},
{
"name": "CVE-2022-24839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24839"
},
{
"name": "CVE-2022-21557",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21557"
},
{
"name": "CVE-2022-29577",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29577"
}
],
"initial_release_date": "2022-07-20T00:00:00",
"last_revision_date": "2022-07-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-659",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixFMW"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#FMW"
}
]
}
CERTFR-2022-AVI-369
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle WebLogic Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21453",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21453"
},
{
"name": "CVE-2021-28170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28170"
},
{
"name": "CVE-2022-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21441"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
}
],
"initial_release_date": "2022-04-20T00:00:00",
"last_revision_date": "2022-04-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-369",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle verbose cpuapr2022 du 19 avril 2022",
"url": "https://www.oracle.com/security-alerts/cpuapr2022verbose.html#FMW"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2022 du 19 avril 2022",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixFMW"
}
]
}
CERTFR-2022-AVI-056
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle WebLogic Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-21371",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21371"
},
{
"name": "CVE-2022-21252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21252"
},
{
"name": "CVE-2020-13956",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
},
{
"name": "CVE-2022-21292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21292"
},
{
"name": "CVE-2020-2934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
},
{
"name": "CVE-2022-21257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21257"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2022-21347",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21347"
},
{
"name": "CVE-2022-21361",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21361"
},
{
"name": "CVE-2022-21260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21260"
},
{
"name": "CVE-2022-21258",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21258"
},
{
"name": "CVE-2021-27568",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
},
{
"name": "CVE-2018-1324",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1324"
},
{
"name": "CVE-2022-21259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21259"
},
{
"name": "CVE-2019-10219",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10219"
},
{
"name": "CVE-2022-21353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21353"
},
{
"name": "CVE-2022-21306",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21306"
},
{
"name": "CVE-2022-21350",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21350"
},
{
"name": "CVE-2022-21262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21262"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2022-21386",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21386"
},
{
"name": "CVE-2022-21261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21261"
},
{
"name": "CVE-2020-5258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5258"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"initial_release_date": "2022-01-19T00:00:00",
"last_revision_date": "2022-01-19T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-056",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic\nServer. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2022.html du 18 janvier 2022",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixFMW"
}
]
}
CERTFR-2021-AVI-300
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle WebLogic. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Weblogic Server 12.1.3.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Weblogic Server 12.2.1.3.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Weblogic Server 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Weblogic Server 12.2.1.4.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-2135",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2135"
},
{
"name": "CVE-2021-2157",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2157"
},
{
"name": "CVE-2021-2211",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2211"
},
{
"name": "CVE-2021-2204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2204"
},
{
"name": "CVE-2019-3740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3740"
},
{
"name": "CVE-2020-5360",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5360"
},
{
"name": "CVE-2021-2294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2294"
},
{
"name": "CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"name": "CVE-2021-2142",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2142"
},
{
"name": "CVE-2021-2214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2214"
},
{
"name": "CVE-2021-2136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2136"
}
],
"initial_release_date": "2021-04-21T00:00:00",
"last_revision_date": "2021-04-21T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-300",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2021 du 20 avril 2021",
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Fusion cpuapr2021 du 20 avril 2021",
"url": "https://www.oracle.com/security-alerts/cpuapr2021verbose.html#FMW"
}
]
}
CERTFR-2021-AVI-047
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle WebLogic. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Weblogic | Oracle WebLogic Server version 12.1.3.0.0 | ||
| Oracle | Weblogic | Oracle WebLogic Server version 12.2.1.4.0 | ||
| Oracle | Weblogic | Oracle WebLogic Server version 10.3.6.0.0 | ||
| Oracle | Weblogic | Oracle WebLogic Server version 12.2.1.3.0 | ||
| Oracle | Weblogic | Oracle WebLogic Server version 14.1.1.0.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server version 12.1.3.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server version 12.2.1.4.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server version 10.3.6.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server version 12.2.1.3.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server version 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-1994",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1994"
},
{
"name": "CVE-2019-17195",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
},
{
"name": "CVE-2021-1995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1995"
},
{
"name": "CVE-2020-5421",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5421"
},
{
"name": "CVE-2021-2047",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2047"
},
{
"name": "CVE-2021-2075",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2075"
},
{
"name": "CVE-2021-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1996"
},
{
"name": "CVE-2021-2108",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2108"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2021-2033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2033"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"name": "CVE-2021-2064",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2064"
},
{
"name": "CVE-2021-2109",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2109"
}
],
"initial_release_date": "2021-01-20T00:00:00",
"last_revision_date": "2021-01-20T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-047",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2021 du 19 janvier 2021",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
CERTFR-2020-AVI-698
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Oracle Weblogic. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 sans le dernier correctif",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14750"
}
],
"initial_release_date": "2020-11-02T00:00:00",
"last_revision_date": "2020-11-02T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-698",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-11-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Oracle Weblogic. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Oracle Weblogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 01 novembre 2020",
"url": "https://www.oracle.com/security-alerts/alert-cve-2020-14750.html"
}
]
}
CERTFR-2020-AVI-667
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle Weblogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Weblogic | Oracle Weblogic Server versions 12.1.3.0.0 sans le dernier correctif de sécurité | ||
| Oracle | Weblogic | Oracle Weblogic Server versions 12.2.1.3.0 sans le dernier correctif de sécurité | ||
| Oracle | Weblogic | Oracle Weblogic Server versions 10.3.6.0.0 sans le dernier correctif de sécurité | ||
| Oracle | Weblogic | Oracle Weblogic Server versions 12.2.1.4.0 sans le dernier correctif de sécurité | ||
| Oracle | Weblogic | Oracle Weblogic Server versions 14.1.1.0.0 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Weblogic Server versions 12.1.3.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Weblogic Server versions 12.2.1.3.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Weblogic Server versions 10.3.6.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Weblogic Server versions 12.2.1.4.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Weblogic Server versions 14.1.1.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14825",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14825"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2020-14859",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14859"
},
{
"name": "CVE-2020-14883",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14883"
},
{
"name": "CVE-2020-14820",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14820"
},
{
"name": "CVE-2020-14882",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14882"
},
{
"name": "CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"name": "CVE-2020-14841",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14841"
},
{
"name": "CVE-2020-14757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14757"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
}
],
"initial_release_date": "2020-10-21T00:00:00",
"last_revision_date": "2020-10-21T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-667",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Weblogic.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Weblogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2020 du 20 octobre 2020",
"url": "https://www.oracle.com/security-alerts/cpuoct2020verbose.html"
}
]
}
CERTFR-2020-AVI-045
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle Weblogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 et 12.2.1.4.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2729"
},
{
"name": "CVE-2020-2549",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2549"
},
{
"name": "CVE-2020-2544",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2544"
},
{
"name": "CVE-2019-2725",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2725"
},
{
"name": "CVE-2020-2551",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2551"
},
{
"name": "CVE-2020-2546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2546"
},
{
"name": "CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"name": "CVE-2020-2548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2548"
},
{
"name": "CVE-2020-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2519"
},
{
"name": "CVE-2020-2552",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2552"
},
{
"name": "CVE-2020-2547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2547"
},
{
"name": "CVE-2020-2550",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2550"
},
{
"name": "CVE-2019-17359",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17359"
}
],
"initial_release_date": "2020-01-17T00:00:00",
"last_revision_date": "2020-01-17T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-045",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-01-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Weblogic.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Weblogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2020 du 14 janvier 2020",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}
CERTFR-2019-AVI-285
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Oracle WebLogic. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0 et 12.2.1.3.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2729"
}
],
"initial_release_date": "2019-06-20T00:00:00",
"last_revision_date": "2019-06-20T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-285",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Oracle WebLogic. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Oracle WebLogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle alert-cve-2019-2729-5570780 du 18 juin 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html"
}
]
}
CERTFR-2019-AVI-189
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Oracle WebLogic. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server version 12.1.3.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server version 10.3.6.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2725",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2725"
}
],
"initial_release_date": "2019-04-29T00:00:00",
"last_revision_date": "2019-05-03T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-189",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-29T00:00:00.000000"
},
{
"description": "Modification des versions vuln\u00e9rables par Oracle le 30 avril 2019.",
"revision_date": "2019-05-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Oracle WebLogic. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Oracle WebLogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cve-2019-2725 du 26 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html"
}
]
}
CERTA-2012-AVI-024
Vulnerability from certfr_avis
Plusieurs vulnérabilités présentes dans de nombreux produits Oracle ont été corrigées.
Description
Plusieurs vulnérabilités dans les produits Oracle peuvent être exploitées, à distance ou depuis le réseau local, afin de porter atteinte à la confidentialité ou à l'intégrité des données présentes sur le système, de réaliser un déni de service ou d'exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise CRM version 8.9 ; | ||
| Oracle | N/A | Oracle Sun Product Suite ; | ||
| Oracle | N/A | Oracle Transportation Management versions 5.5, 6.0, 6.1, 6.2 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4, 10.3.5) ; | ||
| Oracle | N/A | Oracle Database 10g Release 2 versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ; | ||
| Oracle | MySQL | Oracle MySQL Server, versions 5.0, 5.1, 5.5. | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise HCM versions 8.9, 9.0, 9.1 ; | ||
| Oracle | N/A | Oracle Database 10g Release 1 version 10.1.0.5 ; | ||
| Oracle | N/A | Oracle Database 11g Release 2 versions 11.2.0.2, 11.2.0.3 ; | ||
| Oracle | N/A | Oracle VM VirtualBox version 4.1 ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 3 version 10.1.3.5.0 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 11i version 11.5.10.2 ; | ||
| Oracle | N/A | Oracle JDEdwards version 8.98 ; | ||
| Oracle | N/A | Oracle Fusion Middleware 11g Release 1 versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0 ; | ||
| Oracle | N/A | Oracle Outside In Technology versions 8.3.5, 8.3.7 ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise PeopleTools version 8.52 ; | ||
| Oracle | N/A | Oracle Database 11g Release 1 version 11.1.0.7 ; | ||
| Oracle | N/A | Oracle Virtual Desktop Infrastructure version 3.2 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 12 versions 12.1.2, 12.1.3 ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle PeopleSoft Enterprise CRM version 8.9 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Product Suite ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Transportation Management versions 5.5, 6.0, 6.1, 6.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4, 10.3.5) ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 2 versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Server, versions 5.0, 5.1, 5.5.",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise HCM versions 8.9, 9.0, 9.1 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 1 version 10.1.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 2 versions 11.2.0.2, 11.2.0.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle VM VirtualBox version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 3 version 10.1.3.5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 11i version 11.5.10.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JDEdwards version 8.98 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Fusion Middleware 11g Release 1 versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Outside In Technology versions 8.3.5, 8.3.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise PeopleTools version 8.52 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 1 version 11.1.0.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Virtual Desktop Infrastructure version 3.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 12 versions 12.1.2, 12.1.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans les produits Oracle peuvent \u00eatre\nexploit\u00e9es, \u00e0 distance ou depuis le r\u00e9seau local, afin de porter\natteinte \u00e0 la confidentialit\u00e9 ou \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es pr\u00e9sentes sur\nle syst\u00e8me, de r\u00e9aliser un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0487",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0487"
},
{
"name": "CVE-2012-0088",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0088"
},
{
"name": "CVE-2011-2321",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2321"
},
{
"name": "CVE-2011-3192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
},
{
"name": "CVE-2011-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3509"
},
{
"name": "CVE-2012-0109",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0109"
},
{
"name": "CVE-2012-0110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0110"
},
{
"name": "CVE-2012-0115",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0115"
},
{
"name": "CVE-2012-0074",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0074"
},
{
"name": "CVE-2012-0078",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0078"
},
{
"name": "CVE-2012-0485",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0485"
},
{
"name": "CVE-2012-0118",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0118"
},
{
"name": "CVE-2011-2326",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2326"
},
{
"name": "CVE-2012-0491",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0491"
},
{
"name": "CVE-2012-0099",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0099"
},
{
"name": "CVE-2012-0098",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0098"
},
{
"name": "CVE-2012-0119",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0119"
},
{
"name": "CVE-2011-2271",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2271"
},
{
"name": "CVE-2012-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0492"
},
{
"name": "CVE-2012-0096",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0096"
},
{
"name": "CVE-2012-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0494"
},
{
"name": "CVE-2012-0117",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0117"
},
{
"name": "CVE-2012-0105",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0105"
},
{
"name": "CVE-2011-3568",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3568"
},
{
"name": "CVE-2012-0488",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0488"
},
{
"name": "CVE-2011-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3570"
},
{
"name": "CVE-2012-0116",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0116"
},
{
"name": "CVE-2012-0101",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0101"
},
{
"name": "CVE-2012-0489",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0489"
},
{
"name": "CVE-2012-0085",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0085"
},
{
"name": "CVE-2012-0094",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0094"
},
{
"name": "CVE-2012-0087",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0087"
},
{
"name": "CVE-2012-0114",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0114"
},
{
"name": "CVE-2012-0081",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0081"
},
{
"name": "CVE-2012-0072",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0072"
},
{
"name": "CVE-2012-0103",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0103"
},
{
"name": "CVE-2011-3565",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3565"
},
{
"name": "CVE-2011-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4517"
},
{
"name": "CVE-2012-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0075"
},
{
"name": "CVE-2011-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3566"
},
{
"name": "CVE-2011-3569",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3569"
},
{
"name": "CVE-2012-0097",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0097"
},
{
"name": "CVE-2012-0084",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0084"
},
{
"name": "CVE-2011-3574",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3574"
},
{
"name": "CVE-2011-3531",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3531"
},
{
"name": "CVE-2011-3514",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3514"
},
{
"name": "CVE-2011-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3564"
},
{
"name": "CVE-2011-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4516"
},
{
"name": "CVE-2012-0079",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0079"
},
{
"name": "CVE-2011-3524",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3524"
},
{
"name": "CVE-2012-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0076"
},
{
"name": "CVE-2012-0080",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0080"
},
{
"name": "CVE-2011-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3573"
},
{
"name": "CVE-2011-2325",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2325"
},
{
"name": "CVE-2011-2324",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2324"
},
{
"name": "CVE-2012-0486",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0486"
},
{
"name": "CVE-2012-0082",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0082"
},
{
"name": "CVE-2012-0091",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0091"
},
{
"name": "CVE-2012-0104",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0104"
},
{
"name": "CVE-2012-0089",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0089"
},
{
"name": "CVE-2012-0484",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0484"
},
{
"name": "CVE-2012-0113",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0113"
},
{
"name": "CVE-2012-0077",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0077"
},
{
"name": "CVE-2011-2317",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2317"
},
{
"name": "CVE-2012-0073",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0073"
},
{
"name": "CVE-2011-3571",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3571"
},
{
"name": "CVE-2012-0102",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0102"
},
{
"name": "CVE-2012-0100",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0100"
},
{
"name": "CVE-2012-0493",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0493"
},
{
"name": "CVE-2012-0120",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0120"
},
{
"name": "CVE-2012-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0495"
},
{
"name": "CVE-2012-0490",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0490"
},
{
"name": "CVE-2012-0496",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0496"
},
{
"name": "CVE-2012-0112",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0112"
},
{
"name": "CVE-2011-5035",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5035"
},
{
"name": "CVE-2012-0111",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0111"
},
{
"name": "CVE-2012-0083",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0083"
},
{
"name": "CVE-2011-2262",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2262"
}
],
"initial_release_date": "2012-01-18T00:00:00",
"last_revision_date": "2012-01-18T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Critical Patch Update du 17 janvier 2012 :",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
}
],
"reference": "CERTA-2012-AVI-024",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-01-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans de nombreux produits Oracle ont\n\u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Critical Patch Update du 17 janvier 2012",
"url": null
}
]
}
CERTA-2011-AVI-586
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Oracle.
Description
De multiples vulnérabilités ont été corrigées dans les produits Oracle. Elles peuvent notamment être exploitées pour porter atteinte à la confidentialité, l'intégrité ou la disponibilité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle Siebel CRM Core and Apps, versions 8.0.0, 8.1.1 ; | ||
| Oracle | N/A | Oracle Sun Product Suite ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 3, version 10.1.3.5.0 ; | ||
| Oracle | N/A | Oracle Agile Product Supplier Collaboration for Process, versions 5.2.2, 6.0.0.2, 6.0.0.3, 6.0.0.4 ; | ||
| Oracle | N/A | Oracle Outside In Technology, versions 8.3.5, 8.3.7 ; | ||
| Oracle | N/A | Oracle Database 11g Release 2, version 11.2.0.2 ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 2, version 10.1.2.3.0 ; | ||
| Oracle | N/A | Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 11i, version 11.5.10.2 ; | ||
| Oracle | N/A | Oracle Clinical, Remote Data Capture, versions 4.6, 4.6.2 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4, 10.3.5) ; | ||
| Oracle | N/A | Oracle Linux 5 ; | ||
| Oracle | N/A | Oracle Database 10g Release 1, version 10.1.0.5 ; | ||
| Oracle | N/A | Oracle Business Intelligence Enterprise Edition, versions 11.1.1.3, 11.1.1.5 ; | ||
| Oracle | N/A | Oracle Thesaurus Management System, versions 4.6.1, 4.6.2 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.2, 12.1.3 ; | ||
| Oracle | N/A | Oracle Sun Ray ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ; | ||
| Oracle | Weblogic | Oracle WebLogic Portal, versions 9.2.3.0, 10.0.1.0, 10.2.1.0, 10.3.2.0 ; | ||
| Oracle | N/A | Oracle Database 11g Release 1, version 11.1.0.7 ; | ||
| Oracle | N/A | Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0 ; | ||
| Oracle | N/A | Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.3 ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Siebel CRM Core and Apps, versions 8.0.0, 8.1.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Product Suite ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 3, version 10.1.3.5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Agile Product Supplier Collaboration for Process, versions 5.2.2, 6.0.0.2, 6.0.0.3, 6.0.0.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Outside In Technology, versions 8.3.5, 8.3.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 2, version 11.2.0.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Clinical, Remote Data Capture, versions 4.6, 4.6.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server, versions 9.2.4, 10.0.2, 11gR1 (10.3.3, 10.3.4, 10.3.5) ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Linux 5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 1, version 10.1.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Business Intelligence Enterprise Edition, versions 11.1.1.3, 11.1.1.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Thesaurus Management System, versions 4.6.1, 4.6.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.2, 12.1.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Ray ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Portal, versions 9.2.3.0, 10.0.1.0, 10.2.1.0, 10.3.2.0 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 1, version 11.1.0.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle.\nElles peuvent notamment \u00eatre exploit\u00e9es pour porter atteinte \u00e0 la\nconfidentialit\u00e9, l\u0027int\u00e9grit\u00e9 ou la disponibilit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2306",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2306"
},
{
"name": "CVE-2011-3532",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3532"
},
{
"name": "CVE-2011-3192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
},
{
"name": "CVE-2011-3536",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3536"
},
{
"name": "CVE-2011-2292",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2292"
},
{
"name": "CVE-2011-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2312"
},
{
"name": "CVE-2011-2301",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2301"
},
{
"name": "CVE-2011-3522",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3522"
},
{
"name": "CVE-2011-2313",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2313"
},
{
"name": "CVE-2011-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3517"
},
{
"name": "CVE-2011-2255",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2255"
},
{
"name": "CVE-2011-2316",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2316"
},
{
"name": "CVE-2011-3515",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3515"
},
{
"name": "CVE-2011-3511",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3511"
},
{
"name": "CVE-2011-3507",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3507"
},
{
"name": "CVE-2011-3519",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3519"
},
{
"name": "CVE-2011-3513",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3513"
},
{
"name": "CVE-2011-3535",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3535"
},
{
"name": "CVE-2011-2320",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2320"
},
{
"name": "CVE-2011-2308",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2308"
},
{
"name": "CVE-2011-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3510"
},
{
"name": "CVE-2011-2311",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2311"
},
{
"name": "CVE-2011-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3518"
},
{
"name": "CVE-2011-3542",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3542"
},
{
"name": "CVE-2011-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2304"
},
{
"name": "CVE-2011-3508",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3508"
},
{
"name": "CVE-2011-3534",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3534"
},
{
"name": "CVE-2011-2309",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2309"
},
{
"name": "CVE-2011-3530",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3530"
},
{
"name": "CVE-2011-3559",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3559"
},
{
"name": "CVE-2011-3512",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3512"
},
{
"name": "CVE-2011-2302",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2302"
},
{
"name": "CVE-2011-3528",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3528"
},
{
"name": "CVE-2011-2315",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2315"
},
{
"name": "CVE-2011-3506",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3506"
},
{
"name": "CVE-2011-3523",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3523"
},
{
"name": "CVE-2011-2323",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2323"
},
{
"name": "CVE-2011-3526",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3526"
},
{
"name": "CVE-2011-2310",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2310"
},
{
"name": "CVE-2011-2319",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2319"
},
{
"name": "CVE-2011-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3520"
},
{
"name": "CVE-2011-3533",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3533"
},
{
"name": "CVE-2011-2303",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2303"
},
{
"name": "CVE-2011-3543",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3543"
},
{
"name": "CVE-2011-3525",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3525"
},
{
"name": "CVE-2011-2322",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2322"
},
{
"name": "CVE-2011-2314",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2314"
},
{
"name": "CVE-2011-2237",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2237"
},
{
"name": "CVE-2011-3538",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3538"
},
{
"name": "CVE-2011-3527",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3527"
},
{
"name": "CVE-2011-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2327"
},
{
"name": "CVE-2011-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3537"
},
{
"name": "CVE-2011-3539",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3539"
},
{
"name": "CVE-2011-2318",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2318"
},
{
"name": "CVE-2011-2286",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2286"
},
{
"name": "CVE-2011-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3541"
},
{
"name": "CVE-2011-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3529"
}
],
"initial_release_date": "2011-10-21T00:00:00",
"last_revision_date": "2011-10-21T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-586",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-10-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle d\u0027octobre 2011",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html"
}
]
}
CERTA-2011-AVI-238
Vulnerability from certfr_avis
De multiples vulnérabilités présentes dans les produits Oracle ont été corrigées.
Description
De multiples vulnérabilités présentes dans les produits Oracle ont été corrigées. Les détails de ces vulnérabilités n'ont pas été divulgués mais l'une d'entre elles à un niveau de criticité maximal dans l'échelle de l'éditeur (10).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0 ; | ||
| Oracle | N/A | Oracle Siebel CRM Core, versions 7.8.2, 8.0.0, 8.1.1 ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 3, version 10.1.3.5.0 ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise Portal, versions 8.8, 8.9, 9.0, 9.1 ; | ||
| Oracle | N/A | Oracle Database 11g Release 2, version 11.2.0.2 ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 2, version 10.1.2.3.0 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3 ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise HRMS, versions 9.0, 9.1 ; | ||
| Oracle | N/A | Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server, versions 8.1.6, 9.2.3, 9.2.4, 10.0.2, 11gR1 (10.3.2, 10.3.3, 10.3.4) ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 11i, version 11.5.10.2 ; | ||
| Oracle | N/A | Oracle JRockit versions, R27.6.8 et antérieures (JDK/JRE 1.4.2, 5, 6), R28.1.1 et antérieures (JDK/JRE 5, 6) ; | ||
| Oracle | N/A | Oracle Agile Technology platform, versions 9.3.0.2, 9.3.1 ; | ||
| Oracle | N/A | Oracle Audit Vault 10g Release 2, version 10.2.3.2 ; | ||
| Oracle | N/A | Oracle Database 10g Release 1, version 10.1.0.5 ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise CRM, versions 8.9 ; | ||
| Oracle | N/A | Oracle Identity Management 10g, version 10.1.4.0.1, 10.1.4.3 ; | ||
| Oracle | N/A | Oracle JD Edwards OneWorld Tools, versions 24.1.x ; | ||
| Oracle | N/A | Oracle InForm, versions 4.5, 4.6, 5.0. | ||
| Oracle | N/A | Oracle JD Edwards EnterpriseOne Tools, versions 8.98.x ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise ELS, versions 9.0, 9.1 ; | ||
| Oracle | N/A | Oracle Database 11g Release 1, version 11.1.0.7 ; | ||
| Oracle | N/A | Oracle Outside In Technology, version 8.3.2.0, 8.3.5.0 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Siebel CRM Core, versions 7.8.2, 8.0.0, 8.1.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 3, version 10.1.3.5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise Portal, versions 8.8, 8.9, 9.0, 9.1 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 2, version 11.2.0.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise HRMS, versions 9.0, 9.1 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server, versions 8.1.6, 9.2.3, 9.2.4, 10.0.2, 11gR1 (10.3.2, 10.3.3, 10.3.4) ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JRockit versions, R27.6.8 et ant\u00e9rieures (JDK/JRE 1.4.2, 5, 6), R28.1.1 et ant\u00e9rieures (JDK/JRE 5, 6) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Agile Technology platform, versions 9.3.0.2, 9.3.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 1, version 10.1.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise CRM, versions 8.9 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Identity Management 10g, version 10.1.4.0.1, 10.1.4.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JD Edwards OneWorld Tools, versions 24.1.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle InForm, versions 4.5, 4.6, 5.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JD Edwards EnterpriseOne Tools, versions 8.98.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise ELS, versions 9.0, 9.1 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 1, version 11.1.0.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Outside In Technology, version 8.3.2.0, 8.3.5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle ont \u00e9t\u00e9\ncorrig\u00e9es. Les d\u00e9tails de ces vuln\u00e9rabilit\u00e9s n\u0027ont pas \u00e9t\u00e9 divulgu\u00e9s\nmais l\u0027une d\u0027entre elles \u00e0 un niveau de criticit\u00e9 maximal dans l\u0027\u00e9chelle\nde l\u0027\u00e9diteur (10).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0810",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0810"
},
{
"name": "CVE-2011-0828",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0828"
},
{
"name": "CVE-2011-0857",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0857"
},
{
"name": "CVE-2011-0859",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0859"
},
{
"name": "CVE-2011-0805",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0805"
},
{
"name": "CVE-2011-0851",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0851"
},
{
"name": "CVE-2011-0824",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0824"
},
{
"name": "CVE-2010-4452",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4452"
},
{
"name": "CVE-2011-0854",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0854"
},
{
"name": "CVE-2011-0819",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0819"
},
{
"name": "CVE-2011-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0803"
},
{
"name": "CVE-2011-0853",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0853"
},
{
"name": "CVE-2011-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0861"
},
{
"name": "CVE-2011-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0796"
},
{
"name": "CVE-2011-0818",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0818"
},
{
"name": "CVE-2011-0826",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0826"
},
{
"name": "CVE-2011-0833",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0833"
},
{
"name": "CVE-2011-0787",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0787"
},
{
"name": "CVE-2011-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0804"
},
{
"name": "CVE-2011-0856",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0856"
},
{
"name": "CVE-2011-0850",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0850"
},
{
"name": "CVE-2011-0855",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0855"
},
{
"name": "CVE-2011-0827",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0827"
},
{
"name": "CVE-2011-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0795"
},
{
"name": "CVE-2011-0834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0834"
},
{
"name": "CVE-2011-0785",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0785"
},
{
"name": "CVE-2009-3555",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
},
{
"name": "CVE-2011-0808",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0808"
},
{
"name": "CVE-2011-0843",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0843"
},
{
"name": "CVE-2011-0792",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0792"
},
{
"name": "CVE-2011-0791",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0791"
},
{
"name": "CVE-2011-0836",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0836"
},
{
"name": "CVE-2011-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0797"
},
{
"name": "CVE-2011-0860",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0860"
},
{
"name": "CVE-2011-0809",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0809"
},
{
"name": "CVE-2011-0806",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0806"
},
{
"name": "CVE-2011-0823",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0823"
},
{
"name": "CVE-2011-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0798"
},
{
"name": "CVE-2011-0858",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0858"
},
{
"name": "CVE-2011-0825",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0825"
},
{
"name": "CVE-2011-0840",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0840"
},
{
"name": "CVE-2011-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0799"
},
{
"name": "CVE-2011-0794",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0794"
},
{
"name": "CVE-2011-0837",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0837"
},
{
"name": "CVE-2011-0789",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0789"
},
{
"name": "CVE-2011-0793",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0793"
}
],
"initial_release_date": "2011-04-20T00:00:00",
"last_revision_date": "2011-04-20T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-238",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle ont \u00e9t\u00e9\ncorrig\u00e9es.\n",
"title": "Multiples Vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle d\u0027avril 2011",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2011-301950.html"
}
]
}
CERTA-2011-AVI-022
Vulnerability from certfr_avis
De multiples vulnérabilités présentes dans les produits Oracle permettent à un utilisateur malveillant de contourner la politique de sécurité.
Description
De multiples vulnérabilités ont été corrigées dans les produits Oracle tels que Oracle Database, Oracle Application Server ou Oracle Open Office. Certaines de ces vulnérabilités peuvent être exploitées par un utilisateur malveillant distant pour contourner la politique de sécurité ou encore porter atteinte à l'intégrité et/ou la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ; | ||
| Oracle | N/A | Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ; | ||
| Oracle | N/A | Oracle Sun Product Suite ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ; | ||
| Oracle | N/A | Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 2, version 10.1.2.3.0 ; | ||
| Oracle | N/A | Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ; | ||
| Oracle | N/A | Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ; | ||
| Oracle | N/A | Oracle JRockit versions, R27.6.7 et antérieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et antérieures (JDK/JRE 5, 6) ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 11i, version 11.5.10.2 ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ; | ||
| Oracle | N/A | Oracle Audit Vault 10g Release 2, version 10.2.3.2 ; | ||
| Oracle | N/A | Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ; | ||
| Oracle | N/A | Oracle Database 10g Release 1, version 10.1.0.5 ; | ||
| Oracle | N/A | Oracle Outside In Technology, version 8.3.0 ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ; | ||
| Oracle | N/A | Oracle InForm Portal, versions 4.5, 4.6, 5.0 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ; | ||
| Oracle | N/A | Oracle Agile Core, versions 9.3.0.2, 9.3.1 ; | ||
| Oracle | N/A | Oracle Database 11g Release 1, version 11.1.0.7 ; | ||
| Oracle | N/A | Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8. | ||
| Oracle | N/A | Oracle Database 11g Release 2, version 11.2.0.1 ; | ||
| Oracle | N/A | Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ; | ||
| Oracle | N/A | Oracle GoldenGate Veridata, version 3.0.0.4 ; | ||
| Oracle | N/A | Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ; | ||
| Oracle | N/A | Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ; | ||
| Oracle | N/A | Oracle Secure Backup 10g Release 3, version 10.3.0.2 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Product Suite ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JRockit versions, R27.6.7 et ant\u00e9rieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et ant\u00e9rieures (JDK/JRE 5, 6) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 1, version 10.1.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Outside In Technology, version 8.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 1, version 11.1.0.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 2, version 11.2.0.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GoldenGate Veridata, version 3.0.0.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle\ntels que Oracle Database, Oracle Application Server ou Oracle Open\nOffice. Certaines de ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par un\nutilisateur malveillant distant pour contourner la politique de s\u00e9curit\u00e9\nou encore porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et/ou la confidentialit\u00e9 des\ndonn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-4429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4429"
},
{
"name": "CVE-2010-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4415"
},
{
"name": "CVE-2010-4438",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4438"
},
{
"name": "CVE-2010-3586",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3586"
},
{
"name": "CVE-2010-3593",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3593"
},
{
"name": "CVE-2010-4439",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4439"
},
{
"name": "CVE-2010-4421",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4421"
},
{
"name": "CVE-2010-4453",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4453"
},
{
"name": "CVE-2010-4433",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4433"
},
{
"name": "CVE-2010-4419",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4419"
},
{
"name": "CVE-2010-4464",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4464"
},
{
"name": "CVE-2010-4457",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4457"
},
{
"name": "CVE-2010-4432",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4432"
},
{
"name": "CVE-2010-4460",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4460"
},
{
"name": "CVE-2010-3590",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3590"
},
{
"name": "CVE-2010-4416",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4416"
},
{
"name": "CVE-2010-4414",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4414"
},
{
"name": "CVE-2010-4420",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4420"
},
{
"name": "CVE-2010-3592",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3592"
},
{
"name": "CVE-2010-3600",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3600"
},
{
"name": "CVE-2010-4418",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4418"
},
{
"name": "CVE-2010-4456",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4456"
},
{
"name": "CVE-2010-4441",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4441"
},
{
"name": "CVE-2010-4440",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4440"
},
{
"name": "CVE-2010-4436",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4436"
},
{
"name": "CVE-2010-4443",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4443"
},
{
"name": "CVE-2010-4434",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4434"
},
{
"name": "CVE-2010-4437",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4437"
},
{
"name": "CVE-2009-4269",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4269"
},
{
"name": "CVE-2010-2936",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2936"
},
{
"name": "CVE-2010-3588",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3588"
},
{
"name": "CVE-2010-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3510"
},
{
"name": "CVE-2010-4428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4428"
},
{
"name": "CVE-2010-4446",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4446"
},
{
"name": "CVE-2010-4459",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4459"
},
{
"name": "CVE-2010-4426",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4426"
},
{
"name": "CVE-2010-2632",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2632"
},
{
"name": "CVE-2010-4461",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4461"
},
{
"name": "CVE-2010-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3597"
},
{
"name": "CVE-2010-3587",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3587"
},
{
"name": "CVE-2010-4442",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4442"
},
{
"name": "CVE-2010-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3599"
},
{
"name": "CVE-2010-4413",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4413"
},
{
"name": "CVE-2010-3505",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3505"
},
{
"name": "CVE-2010-3594",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3594"
},
{
"name": "CVE-2010-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4449"
},
{
"name": "CVE-2010-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3598"
},
{
"name": "CVE-2010-4445",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4445"
},
{
"name": "CVE-2010-4458",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4458"
},
{
"name": "CVE-2010-4417",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4417"
},
{
"name": "CVE-2010-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3596"
},
{
"name": "CVE-2010-4444",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4444"
},
{
"name": "CVE-2010-4425",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4425"
},
{
"name": "CVE-2010-3591",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3591"
},
{
"name": "CVE-2010-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4423"
},
{
"name": "CVE-2010-4431",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4431"
},
{
"name": "CVE-2010-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4427"
},
{
"name": "CVE-2010-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4435"
},
{
"name": "CVE-2010-3574",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3574"
},
{
"name": "CVE-2010-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4424"
},
{
"name": "CVE-2010-2935",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2935"
},
{
"name": "CVE-2010-4430",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4430"
},
{
"name": "CVE-2010-1227",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1227"
},
{
"name": "CVE-2010-3595",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3595"
},
{
"name": "CVE-2010-3589",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3589"
},
{
"name": "CVE-2010-4455",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4455"
}
],
"initial_release_date": "2011-01-19T00:00:00",
"last_revision_date": "2011-01-19T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-022",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-01-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle\npermettent \u00e0 un utilisateur malveillant de contourner la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle de janvier 2011",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
}
]
}
CERTA-2010-AVI-314
Vulnerability from certfr_avis
De multiples vulnérabilités présentes dans les produits Oracle permettent à un utilisateur distant de provoquer un déni de service ou d'éxecuter du code arbitraire.
Description
De multiples vulnérabilités sont présentes dans les produits Oracle comme Oracle Database ou Oracle WebLogic. Elles permettent, entre autres, à un utilisateur distant malintentionné de provoquer un déni de service ou d'éxecuter du code arbitaire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle Secure Backup version 10301 ; | ||
| Oracle | N/A | Oracle Database 9i Release 2, versions 9208, 9208DV ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise PeopleTools, versions 849 et 850 ; | ||
| Oracle | N/A | Oracle JRockit versions R2800 et antérieures (JDK/JRE 5 et 6) ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise FSCM, versions 89, 90 et 91 ; | ||
| Oracle | N/A | Oracle JRockit versions R2766 et antérieures (JDK/JRE 142, 5 et 6) ; | ||
| Oracle | N/A | Oracle Database 11g Release 2, version 11201 ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise HCM, versions 89, 90 et 91 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 100 jusqu'à la version MP2 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 70 jusqu'au Service Pack 7 ; | ||
| Oracle | N/A | Oracle Sun Product Suite. | ||
| Oracle | Weblogic | Oracle WebLogic Server 90, 91, 92 jusqu'à la version MP3 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 11gR1 versions 1031, 1032 et 1033 ; | ||
| Oracle | N/A | Oracle Business Process Management, versions 573, 605, 1031 et 1032 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 12, versions 1204, 1205, 1206, 1211 et 1212 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 81 jusqu'au Service Pack 6 ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise Campus Solutions, version 90 ; | ||
| Oracle | N/A | Oracle Transportation Manager, Versions: 550507, 550600 et 6003 ; | ||
| Oracle | N/A | Oracle Enterprise Manager Grid Control 10g Release 5, version 10205 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 11i, versions 11510 et 115102 ; | ||
| Oracle | N/A | Oracle Application Server, 10gR2, version 101230 ; | ||
| Oracle | N/A | Oracle Identity Management 10g, version 101401 ; | ||
| Oracle | N/A | Oracle Enterprise Manager Grid Control 10g Release 1, version 10106 ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise CRM, versions 90 et 91 ; | ||
| Oracle | N/A | Oracle TimesTen In-Memory Database, versions 7060, 112141 ; | ||
| Oracle | N/A | Oracle Database 10g Release 2, versions 10203, 10204 ; | ||
| Oracle | N/A | Oracle Database 10g, version 10105 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 10gR3 version 1030 ; | ||
| Oracle | N/A | Oracle Database 11g Release 1, version 11107 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Secure Backup version 10301 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 9i Release 2, versions 9208, 9208DV ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise PeopleTools, versions 849 et 850 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JRockit versions R2800 et ant\u00e9rieures (JDK/JRE 5 et 6) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise FSCM, versions 89, 90 et 91 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JRockit versions R2766 et ant\u00e9rieures (JDK/JRE 142, 5 et 6) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 2, version 11201 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise HCM, versions 89, 90 et 91 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 100 jusqu\u0027\u00e0 la version MP2 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 70 jusqu\u0027au Service Pack 7 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Product Suite.",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 90, 91, 92 jusqu\u0027\u00e0 la version MP3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 11gR1 versions 1031, 1032 et 1033 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Business Process Management, versions 573, 605, 1031 et 1032 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 12, versions 1204, 1205, 1206, 1211 et 1212 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 81 jusqu\u0027au Service Pack 6 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise Campus Solutions, version 90 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Transportation Manager, Versions: 550507, 550600 et 6003 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Grid Control 10g Release 5, version 10205 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 11i, versions 11510 et 115102 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server, 10gR2, version 101230 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Identity Management 10g, version 101401 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Grid Control 10g Release 1, version 10106 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise CRM, versions 90 et 91 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle TimesTen In-Memory Database, versions 7060, 112141 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 2, versions 10203, 10204 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g, version 10105 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 10gR3 version 1030 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 1, version 11107 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans les produits Oracle\ncomme Oracle Database ou Oracle WebLogic. Elles permettent, entre\nautres, \u00e0 un utilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni de\nservice ou d\u0027\u00e9xecuter du code arbitaire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-0906",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0906"
},
{
"name": "CVE-2010-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0898"
},
{
"name": "CVE-2010-2380",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2380"
},
{
"name": "CVE-2010-2382",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2382"
},
{
"name": "CVE-2010-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0903"
},
{
"name": "CVE-2010-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0899"
},
{
"name": "CVE-2010-2381",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2381"
},
{
"name": "CVE-2010-2394",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2394"
},
{
"name": "CVE-2010-2373",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2373"
},
{
"name": "CVE-2010-0909",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0909"
},
{
"name": "CVE-2010-0907",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0907"
},
{
"name": "CVE-2010-2392",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2392"
},
{
"name": "CVE-2010-2393",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2393"
},
{
"name": "CVE-2010-0914",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0914"
},
{
"name": "CVE-2010-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0901"
},
{
"name": "CVE-2010-0892",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0892"
},
{
"name": "CVE-2010-2386",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2386"
},
{
"name": "CVE-2010-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0915"
},
{
"name": "CVE-2010-0873",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0873"
},
{
"name": "CVE-2010-0083",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0083"
},
{
"name": "CVE-2009-3763",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3763"
},
{
"name": "CVE-2010-2375",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2375"
},
{
"name": "CVE-2009-3555",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
},
{
"name": "CVE-2008-4247",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4247"
},
{
"name": "CVE-2010-2400",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2400"
},
{
"name": "CVE-2010-0849",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0849"
},
{
"name": "CVE-2010-2384",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2384"
},
{
"name": "CVE-2010-2374",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2374"
},
{
"name": "CVE-2010-2402",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2402"
},
{
"name": "CVE-2010-0912",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0912"
},
{
"name": "CVE-2010-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0913"
},
{
"name": "CVE-2010-2401",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2401"
},
{
"name": "CVE-2009-3764",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3764"
},
{
"name": "CVE-2010-2376",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2376"
},
{
"name": "CVE-2010-0911",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0911"
},
{
"name": "CVE-2010-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2372"
},
{
"name": "CVE-2009-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0217"
},
{
"name": "CVE-2010-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2398"
},
{
"name": "CVE-2010-2399",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2399"
},
{
"name": "CVE-2010-0081",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0081"
},
{
"name": "CVE-2010-2377",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2377"
},
{
"name": "CVE-2010-0916",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0916"
},
{
"name": "CVE-2010-0835",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0835"
},
{
"name": "CVE-2010-2403",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2403"
},
{
"name": "CVE-2010-2378",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2378"
},
{
"name": "CVE-2010-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0900"
},
{
"name": "CVE-2010-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0908"
},
{
"name": "CVE-2010-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2370"
},
{
"name": "CVE-2010-0910",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0910"
},
{
"name": "CVE-2010-0904",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0904"
},
{
"name": "CVE-2010-2383",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2383"
},
{
"name": "CVE-2010-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0902"
},
{
"name": "CVE-2010-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2385"
},
{
"name": "CVE-2009-3762",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3762"
},
{
"name": "CVE-2010-0905",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0905"
},
{
"name": "CVE-2010-0836",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0836"
},
{
"name": "CVE-2010-2371",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2371"
},
{
"name": "CVE-2010-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2379"
},
{
"name": "CVE-2010-2397",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2397"
}
],
"initial_release_date": "2010-07-15T00:00:00",
"last_revision_date": "2010-07-15T00:00:00",
"links": [],
"reference": "CERTA-2010-AVI-314",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle\npermettent \u00e0 un utilisateur distant de provoquer un d\u00e9ni de service ou\nd\u0027\u00e9xecuter du code arbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 13 juillet 2010",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html"
}
]
}
CERTFR-2020-ALE-022
Vulnerability from certfr_alerte
[version du 02 novembre 2020]
L'éditeur a émis une alerte de sécurité afin de signaler que le correctif mis à disposition le 20 octobre ne corrige pas complétement la vulnérabilité CVE-2020-14882. Des patches sont mis à disposition, se référer à l'alerte de l'éditeur pour obtenir les correctifs [1].
L'éditeur souligne que les versions qui ne sont plus supportées peuvent être affectées par ces vulnérabilités, il est donc primordial de déployer une version maintenue d'Oracle Weblogic.
Dans le cas où le dernier correctif ne peut pas être déployé rapidement, il est vivement recommandé d'envisager de désactiver temporairement la console Weblogic. Se référer à la documentation de l'éditeur.
[version initiale]
Le 20 octobre 2020, Oracle a publié plusieurs correctifs de sécurité concernant Oracle Weblogic. Parmi les vulnérabilités corrigées, la CVE-2020-14882 permet à un attaquant non authentifié de provoquer une exécution de code arbitraire à distance.
Déclarée comme très simple à exploiter, des codes d'attaque ont été publiés le lendemain et des rapports publiés en source ouverte font état de campagne d'attaques.
Si vous n'avez pas déployé les correctifs mis à disposition par l'éditeur le 20 octobre 2020, il est nécessaire de les appliquer sans délai et d'effectuer des contrôles du système d'information afin de détecter une éventuelle compromission, notamment en investiguant vos journaux systèmes et réseaux afin d’identifier les éventuelles connexions illégitimes et les possibles latéralisation par un ou plusieurs attaquants sur votre infrastructure.
- Les bons réflexes en cas d’intrusion sur un système d’information :
- Le guide d'hygiène informatique : https://www.ssi.gouv.fr/uploads/2017/01/guide_hygiene_informatique_anssi.pdf
La mise à jour d’un produit ou d’un logiciel est une opération délicate qui doit être menée avec prudence. Il est notamment recommander d’effectuer des tests autant que possible. Des dispositions doivent également être prises pour garantir la continuité de service en cas de difficultés lors de l’application des mises à jour comme des correctifs ou des changements de version.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Weblogic | Oracle Weblogic Server versions 12.1.3.0.0 sans le dernier correctif de sécurité | ||
| Oracle | Weblogic | Oracle Weblogic Server versions 12.2.1.3.0 sans le dernier correctif de sécurité | ||
| Oracle | Weblogic | Oracle Weblogic Server versions 10.3.6.0.0 sans le dernier correctif de sécurité | ||
| Oracle | Weblogic | Oracle Weblogic Server versions 12.2.1.4.0 sans le dernier correctif de sécurité | ||
| Oracle | Weblogic | Oracle Weblogic Server versions 14.1.1.0.0 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Weblogic Server versions 12.1.3.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Weblogic Server versions 12.2.1.3.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Weblogic Server versions 10.3.6.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Weblogic Server versions 12.2.1.4.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Weblogic Server versions 14.1.1.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2020-12-17",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14750"
},
{
"name": "CVE-2020-14882",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14882"
}
],
"initial_release_date": "2020-10-30T00:00:00",
"last_revision_date": "2020-12-17T00:00:00",
"links": [
{
"title": "[1] Alerte de s\u00e9curit\u00e9 Oracle du 1er novembre 2020",
"url": "https://www.oracle.com/security-alerts/alert-cve-2020-14750.html"
}
],
"reference": "CERTFR-2020-ALE-022",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-30T00:00:00.000000"
},
{
"description": "Nouveau correctif disponible par l\u0027\u00e9diteur.",
"revision_date": "2020-11-02T00:00:00.000000"
},
{
"description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2020-12-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "\u003cstrong\u003e\\[version du 02 novembre 2020\\]\u003c/strong\u003e\n\nL\u0027\u00e9diteur a \u00e9mis une alerte de s\u00e9curit\u00e9 afin de signaler que le\ncorrectif mis \u00e0 disposition le 20 octobre ne corrige pas compl\u00e9tement la\nvuln\u00e9rabilit\u00e9 CVE-2020-14882. Des patches sont mis \u00e0 disposition, se\nr\u00e9f\u00e9rer \u00e0 l\u0027alerte de l\u0027\u00e9diteur pour obtenir les correctifs \\[1\\].\n\nL\u0027\u00e9diteur souligne que les versions qui ne sont plus support\u00e9es peuvent\n\u00eatre affect\u00e9es par ces vuln\u00e9rabilit\u00e9s, il est donc primordial de\nd\u00e9ployer une version maintenue d\u0027Oracle Weblogic.\n\nDans le cas o\u00f9 le dernier correctif ne peut pas \u00eatre d\u00e9ploy\u00e9 rapidement,\nil est vivement recommand\u00e9 d\u0027envisager de d\u00e9sactiver temporairement la\nconsole Weblogic. Se r\u00e9f\u00e9rer \u00e0 la documentation de l\u0027\u00e9diteur.\n\n\u003cstrong\u003e\\[version initiale\\]\u003c/strong\u003e\n\nLe 20 octobre 2020, Oracle a publi\u00e9 plusieurs correctifs de s\u00e9curit\u00e9\nconcernant Oracle Weblogic. Parmi les vuln\u00e9rabilit\u00e9s corrig\u00e9es, la\nCVE-2020-14882 permet \u00e0 un attaquant non authentifi\u00e9 de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n\nD\u00e9clar\u00e9e comme tr\u00e8s simple \u00e0 exploiter, des codes d\u0027attaque ont \u00e9t\u00e9\npubli\u00e9s le lendemain et des rapports publi\u00e9s en source ouverte font \u00e9tat\nde campagne d\u0027attaques.\n\nSi vous n\u0027avez pas d\u00e9ploy\u00e9 les correctifs mis \u00e0 disposition par\nl\u0027\u00e9diteur le 20 octobre 2020, il est n\u00e9cessaire de les appliquer sans\nd\u00e9lai et d\u0027effectuer des contr\u00f4les du syst\u00e8me d\u0027information afin de\nd\u00e9tecter une \u00e9ventuelle compromission, notamment en investiguant vos\njournaux syst\u00e8mes et r\u00e9seaux afin d\u2019identifier les \u00e9ventuelles\nconnexions ill\u00e9gitimes et les possibles lat\u00e9ralisation par un ou\nplusieurs attaquants sur votre infrastructure.\n\n- Les bons r\u00e9flexes en cas d\u2019intrusion sur un syst\u00e8me d\u2019information :\n \u003c/information/CERTA-2002-INF-002/\u003e\n- Le guide d\u0027hygi\u00e8ne informatique :\n \u003chttps://www.ssi.gouv.fr/uploads/2017/01/guide_hygiene_informatique_anssi.pdf\u003e\n\n\u00a0\n\n------------------------------------------------------------------------\n\nLa mise \u00e0 jour d\u2019un produit ou d\u2019un logiciel est une op\u00e9ration d\u00e9licate\nqui doit \u00eatre men\u00e9e avec prudence. Il est notamment recommander\nd\u2019effectuer des tests autant que possible. Des dispositions doivent\n\u00e9galement \u00eatre prises pour garantir la continuit\u00e9 de service en cas de\ndifficult\u00e9s lors de l\u2019application des mises \u00e0 jour comme des correctifs\nou des changements de version.\n",
"title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9 dans Oracle Weblogic",
"vendor_advisories": [
{
"published_at": null,
"title": "bulletin CERT-FR CERTFR-2020-ACT-009 du 27 octobre 2020",
"url": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2020-ACT-009/"
},
{
"published_at": null,
"title": "avis CERT-FR CERTFR-2020-AVI-667 du 21 octobre 2020",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2020-AVI-667/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 20 octobre 2020",
"url": "https://www.oracle.com/security-alerts/cpuoct2020verbose.html"
}
]
}
CERTFR-2019-ALE-011
Vulnerability from certfr_alerte
Le 18 juin 2019, Oracle a publié un avis de sécurité hors de son cycle
habituel de correctifs pour une vulnérabilité jugée critique.
Cette faille d'identifiant CVE-2019-2729 affecte les serveurs WebLogic
et peut conduire à une exécution de code arbitraire à distance sans
qu'une authentification soit nécessaire.
Cette vulnérabilité a été remontée à l'éditeur par plusieurs chercheurs
en sécurité parmi lesquelles l'équipe Knownsec 404.
Dans une publication de blogue le 15 juin 2019 (cf. section
documentation) l'équipe, qui avait par ailleurs rapporté au mois d'avril
2019 une précédente vulnérabilité affectant WebLogic, annonce avoir
identifié l'exploitation de la vulnérabilité actuelle. Cette faille
serait basée sur un contournement du correctif de sécurité déployé par
Oracle en avril 2019 relatif à la vulnérabilité CVE-2019-2725.
Le CERT-FR recommande l'application du correctif de sécurité dans les plus brefs délais.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0 et 12.2.1.3.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2019-07-23",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2725",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2725"
},
{
"name": "CVE-2019-2729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2729"
}
],
"initial_release_date": "2019-06-20T00:00:00",
"last_revision_date": "2019-07-23T00:00:00",
"links": [
{
"title": "Publication de blogue de l\u0027\u00e9quipe Knownsec 404 sur la CVE-2019-2729",
"url": "https://medium.com/@knownsec404team/knownsec-404-team-alert-again-cve-2019-2725-patch-bypassed-32a6a7b7ca15"
},
{
"title": "Avis CERT-FR CERTFR-2019-AVI-285",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-285/"
},
{
"title": "Alerte du CERT-FR CERTFR-2019-ALE-005 du 26 avril 2019 sur la vuln\u00e9rabilit\u00e9 CVE-2019-2725",
"url": "https://www.cert.ssi.gouv.fr/alerte/CERTFR-2019-ALE-005/"
}
],
"reference": "CERTFR-2019-ALE-011",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-20T00:00:00.000000"
},
{
"description": "Cl\u00f4ture de l\u0027alerte.",
"revision_date": "2019-07-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Le 18 juin 2019, Oracle a publi\u00e9 un avis de s\u00e9curit\u00e9 hors de son cycle\nhabituel de correctifs pour une vuln\u00e9rabilit\u00e9 jug\u00e9e critique. \nCette faille d\u0027identifiant CVE-2019-2729 affecte les serveurs WebLogic\net peut conduire \u00e0 une ex\u00e9cution de code arbitraire \u00e0 distance sans\nqu\u0027une authentification soit n\u00e9cessaire.\n\nCette vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 remont\u00e9e \u00e0 l\u0027\u00e9diteur par plusieurs chercheurs\nen s\u00e9curit\u00e9 parmi lesquelles l\u0027\u00e9quipe Knownsec 404. \nDans une publication de blogue le 15 juin 2019 (cf. section\ndocumentation) l\u0027\u00e9quipe, qui avait par ailleurs rapport\u00e9 au mois d\u0027avril\n2019 une pr\u00e9c\u00e9dente vuln\u00e9rabilit\u00e9 affectant WebLogic, annonce avoir\nidentifi\u00e9 l\u0027exploitation de la vuln\u00e9rabilit\u00e9 actuelle. Cette faille\nserait bas\u00e9e sur un contournement du correctif de s\u00e9curit\u00e9 d\u00e9ploy\u00e9 par\nOracle en avril 2019 relatif \u00e0 la vuln\u00e9rabilit\u00e9 CVE-2019-2725.\n\nLe CERT-FR recommande l\u0027application du correctif de s\u00e9curit\u00e9 dans les\nplus brefs d\u00e9lais.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Oracle WebLogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle alert-cve-2019-2729-5570780 du 18 juin 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html"
}
]
}
CERTFR-2019-ALE-005
Vulnerability from certfr_alerte
[Mise à jour du 29 avril 2019] Oracle a publié un correctif de sécurité le 26 avril 2019. Le CERT-FR recommande son application dans les plus brefs délais (cf. section Documentation).
Le 21 avril 2019, l'équipe de chercheurs Knownsec 404 Team a annoncé avoir trouvé une vulnérabilité affectant toutes les versions d’Oracle WebLogic : https://medium.com/@knownseczoomeye/knownsec-404-team-oracle-weblogic-deserialization-rce-vulnerability-0day-alert-90dd9a79ae93
Par une requête HTTP(S) spécialement forgée, un attaquant non authentifié pourrait exécuter du code arbitraire à distance. La vulnérabilité serait déclenchée lors de la dé-sérialisation de la requête dans les composants wls9_async_response.war et wls-wsat.war, qui sont installés par défaut. Le premier composant permet la gestion d'opérations asynchrones par le serveur tandis que le second est un module de gestion de la sécurité.
Aucun correctif n’est disponible pour l’instant et Oracle n’a pas communiqué sur le sujet. Le CERT-FR n'a pu vérifier l’existence de ces vulnérabilités et n'a pas identifié de code d'exploitation sur Internet. De nombreux scans sur les urls vulnérables ont néanmoins été identifiés.
Selon le chercheur, cette vulnérabilité n’a pas encore été exploitée pour exécuter des charges malveillantes.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'application des correctifs de sécurité est toujours préférable aux mesures de contournement.
Une évaluation des risques doit être conduite avant d'envisager les mesures de contournement suivantes :
- Bloquer l’accès aux chemins contenant les motifs /_async/* et
*/wls-wsat/* ;
* - Supprimer les fichiers wls9_async_response.war et wls-wsat.war, puis redémarrer le service.
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server version 12.1.3.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server version 10.3.6.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2019-06-20",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nL\u0027application des correctifs de s\u00e9curit\u00e9 est toujours pr\u00e9f\u00e9rable aux\nmesures de contournement.\n\nUne \u00e9valuation des risques doit \u00eatre conduite avant d\u0027envisager les\nmesures de contournement suivantes :\n\n1. Bloquer l\u2019acc\u00e8s aux chemins contenant les motifs */\\_async/\\** et\n */wls-wsat/\\* ; \n *\n2. Supprimer les fichiers *wls9_async_response.war* et *wls-wsat.war*,\n puis red\u00e9marrer le service.\n",
"cves": [
{
"name": "CVE-2019-2725",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2725"
}
],
"initial_release_date": "2019-04-26T00:00:00",
"last_revision_date": "2019-06-20T00:00:00",
"links": [
{
"title": "Avis CERT-FR CERTFR-2019-AVI-189 du 29 avril 2019",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2019-AVI-189/"
}
],
"reference": "CERTFR-2019-ALE-005",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-26T00:00:00.000000"
},
{
"description": "Ajout du bulletin de s\u00e9curit\u00e9 Oracle cve-2019-2725 du 26 avril 2019",
"revision_date": "2019-04-29T00:00:00.000000"
},
{
"description": "Modification des versions vuln\u00e9rables par Oracle le 30 avril 2019.",
"revision_date": "2019-05-03T00:00:00.000000"
},
{
"description": "Passage de la mesure de contournement dans la section Solution.",
"revision_date": "2019-05-17T00:00:00.000000"
},
{
"description": "Cl\u00f4ture de l\u0027alerte",
"revision_date": "2019-06-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "\u003cstrong\u003e\\[Mise \u00e0 jour du 29 avril 2019\\]\u003c/strong\u003e Oracle a publi\u00e9 un correctif de\ns\u00e9curit\u00e9 le 26 avril 2019. Le CERT-FR recommande son application dans\nles plus brefs d\u00e9lais (cf. section Documentation).\n\n\u00a0\n\nLe 21 avril 2019, l\u0027\u00e9quipe de chercheurs Knownsec 404 Team a annonc\u00e9\navoir trouv\u00e9 une vuln\u00e9rabilit\u00e9 affectant toutes les versions d\u2019Oracle\nWebLogic :\n\u003chttps://medium.com/@knownseczoomeye/knownsec-404-team-oracle-weblogic-deserialization-rce-vulnerability-0day-alert-90dd9a79ae93\u003e\n\nPar une requ\u00eate HTTP(S) sp\u00e9cialement forg\u00e9e, un attaquant non\nauthentifi\u00e9 pourrait ex\u00e9cuter du code arbitraire \u00e0 distance. La\nvuln\u00e9rabilit\u00e9 serait d\u00e9clench\u00e9e lors de la d\u00e9-s\u00e9rialisation de la\nrequ\u00eate dans les composants *wls9_async_response.war* et *wls-wsat.war*,\nqui sont install\u00e9s par d\u00e9faut. Le premier composant permet la gestion\nd\u0027op\u00e9rations asynchrones par le serveur tandis que le second est un\nmodule de gestion de la s\u00e9curit\u00e9.\n\nAucun correctif n\u2019est disponible pour l\u2019instant et Oracle n\u2019a pas\ncommuniqu\u00e9 sur le sujet. Le CERT-FR n\u0027a pu v\u00e9rifier l\u2019existence de ces\nvuln\u00e9rabilit\u00e9s et n\u0027a pas identifi\u00e9 de code d\u0027exploitation sur Internet.\nDe nombreux scans sur les urls vuln\u00e9rables ont n\u00e9anmoins \u00e9t\u00e9 identifi\u00e9s.\n\nSelon le chercheur, cette vuln\u00e9rabilit\u00e9 n\u2019a pas encore \u00e9t\u00e9 exploit\u00e9e\npour ex\u00e9cuter des charges malveillantes.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Oracle WebLogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cve-2019-2725 du 26 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2725-5466295.html"
}
]
}