{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "typo3/cms-setup versions 10.4.x ant\u00e9rieures \u00e0 10.4.50 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-backend versions 12.4.x ant\u00e9rieures \u00e0 12.4.31 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-core versions 13.4.x ant\u00e9rieures \u00e0 13.4.12 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-setup versions 11.5.x ant\u00e9rieures \u00e0 11.5.44 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-webhooks versions 12.4.x ant\u00e9rieures \u00e0 12.4.31 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-webhooks versions 13.4.x ant\u00e9rieures \u00e0 13.4.12 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-core versions 10.4.x ant\u00e9rieures \u00e0 10.4.50 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-core versions 9.5.x ant\u00e9rieures \u00e0 9.5.51 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-setup versions 9.5.x ant\u00e9rieures \u00e0 9.5.51 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-backend versions 13.4.x ant\u00e9rieures \u00e0 13.4.12 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-setup versions 13.4.x ant\u00e9rieures \u00e0 13.4.12 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-setup versions 12.4.x ant\u00e9rieures \u00e0 12.4.31 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-core versions 12.4.x ant\u00e9rieures \u00e0 12.4.31 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-core versions 11.5.x ant\u00e9rieures \u00e0 11.5.44 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-47940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47940"
    },
    {
      "name": "CVE-2025-47938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47938"
    },
    {
      "name": "CVE-2025-47936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47936"
    },
    {
      "name": "CVE-2025-47939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47939"
    },
    {
      "name": "CVE-2025-47941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47941"
    },
    {
      "name": "CVE-2025-47937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47937"
    }
  ],
  "initial_release_date": "2025-05-20T00:00:00",
  "last_revision_date": "2025-05-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0429",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Typo3. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Typo3",
  "vendor_advisories": [
    {
      "published_at": "2025-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-x8pv-fgxp-8v3x",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-x8pv-fgxp-8v3x"
    },
    {
      "published_at": "2025-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-744g-7qm9-hjh9",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-744g-7qm9-hjh9"
    },
    {
      "published_at": "2025-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-9hq9-cr36-4wpj",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9hq9-cr36-4wpj"
    },
    {
      "published_at": "2025-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-p4xx-m758-3hpx",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-p4xx-m758-3hpx"
    },
    {
      "published_at": "2025-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-3jrg-97f3-rqh9",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3jrg-97f3-rqh9"
    },
    {
      "published_at": "2025-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-6frx-j292-c844",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "typo3/cms-core versions 13.x ant\u00e9rieures \u00e0 13.4.3 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-beuser versions 11.x ant\u00e9rieures \u00e0 11.5.42 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-extensionmanager versions 11.x ant\u00e9rieures \u00e0 11.5.42 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-beuser versions 12.x ant\u00e9rieures \u00e0 12.4.25 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-belog versions 13.x ant\u00e9rieures \u00e0 13.4.3 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-form versions 12.x ant\u00e9rieures \u00e0 12.4.25 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-extensionmanager versions 12.x ant\u00e9rieures \u00e0 12.4.25 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-dashboard versions 11.x ant\u00e9rieures \u00e0 11.5.42 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-extensionmanager versions 13.x ant\u00e9rieures \u00e0 13.4.3 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-form versions 11.x ant\u00e9rieures \u00e0 11.5.42 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-indexed-search versions 13.x ant\u00e9rieures \u00e0 13.4.3 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-belog versions 11.x ant\u00e9rieures \u00e0 11.5.42 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-beuser versions 10.x ant\u00e9rieures \u00e0 10.4.48 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-core versions 9.x ant\u00e9rieures \u00e0 9.5.49 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-dashboard versions 13.x ant\u00e9rieures \u00e0 13.4.3 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-form versions 10.x ant\u00e9rieures \u00e0 10.4.48 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-dashboard versions 10.x ant\u00e9rieures \u00e0 10.4.48 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-dashboard versions 12.x ant\u00e9rieures \u00e0 12.4.25 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-extensionmanager versions 10.x ant\u00e9rieures \u00e0 10.4.48 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-scheduler versions 11.x ant\u00e9rieures \u00e0 11.5.42 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-core versions 11.x ant\u00e9rieures \u00e0 11.5.42 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-beuser versions 13.x ant\u00e9rieures \u00e0 13.4.3 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-install versions 13.x ant\u00e9rieures \u00e0 13.4.3 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-indexed-search versions 12.x ant\u00e9rieures \u00e0 12.4.25 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-belog versions 10.x ant\u00e9rieures \u00e0 10.4.48 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-form versions 13.x ant\u00e9rieures \u00e0 13.4.3 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-lowlevel versions 11.x ant\u00e9rieures \u00e0 11.5.42 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-core versions 12.x ant\u00e9rieures \u00e0 12.4.25 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-indexed-search versions 10.x ant\u00e9rieures \u00e0 10.4.48 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-belog versions 12.x ant\u00e9rieures \u00e0 12.4.25 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-core versions 10.x ant\u00e9rieures \u00e0 10.4.48 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "typo3/cms-indexed-search versions 11.x ant\u00e9rieures \u00e0 11.5.42 pour composer",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-55923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55923"
    },
    {
      "name": "CVE-2024-55945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55945"
    },
    {
      "name": "CVE-2024-55893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55893"
    },
    {
      "name": "CVE-2024-55921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55921"
    },
    {
      "name": "CVE-2024-55924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55924"
    },
    {
      "name": "CVE-2024-55891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55891"
    },
    {
      "name": "CVE-2024-55892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55892"
    },
    {
      "name": "CVE-2024-55894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55894"
    },
    {
      "name": "CVE-2024-55920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55920"
    },
    {
      "name": "CVE-2024-55922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55922"
    }
  ],
  "initial_release_date": "2025-01-14T00:00:00",
  "last_revision_date": "2025-01-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0028",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Typo3. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF) et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Typo3",
  "vendor_advisories": [
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-7835-fcv3-g256",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-7835-fcv3-g256"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-cjfr-9f5r-3q93",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-cjfr-9f5r-3q93"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-38x7-cc6w-j27q",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-38x7-cc6w-j27q"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-7r5q-4qgx-v545",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-7r5q-4qgx-v545"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-ww7h-g2qf-7xv6",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-ww7h-g2qf-7xv6"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-4g52-pq8j-6qv5",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-4g52-pq8j-6qv5"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-6w4x-gcx3-8p7v",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-6w4x-gcx3-8p7v"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-2fx5-pggv-6jjr",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-8mv3-37rc-pvxj",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8mv3-37rc-pvxj"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-qwx7-39pw-2mhr",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-qwx7-39pw-2mhr"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Typo3 versions ant\u00e9rieures \u00e0 10.4.46 ELTS",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 11.x ant\u00e9rieures \u00e0 11.5.40 LTS",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 13.x ant\u00e9rieures \u00e0 13.3.1",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 12.x ant\u00e9rieures \u00e0 12.4.21 LTS",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-34537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34537"
    },
    {
      "name": "CVE-2024-47780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47780"
    }
  ],
  "initial_release_date": "2024-10-08T00:00:00",
  "last_revision_date": "2024-10-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0843",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Typo3. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Typo3",
  "vendor_advisories": [
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-rf5m-h8q9-9w6q",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rf5m-h8q9-9w6q"
    },
    {
      "published_at": "2024-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-ffcv-v6pw-qhrp",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-ffcv-v6pw-qhrp"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Typo3 versions 9.x ant\u00e9rieures \u00e0 9.5.48",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 13.x ant\u00e9rieures \u00e0 13.1.1",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 10.x ant\u00e9rieures \u00e0 10.4.45",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 12.x ant\u00e9rieures \u00e0 12.4.15",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 11.x ant\u00e9rieures \u00e0 11.5.37",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-34355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34355"
    },
    {
      "name": "CVE-2024-34356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34356"
    },
    {
      "name": "CVE-2024-34358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34358"
    },
    {
      "name": "CVE-2024-34357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34357"
    }
  ],
  "initial_release_date": "2024-05-14T00:00:00",
  "last_revision_date": "2024-05-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0394",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-05-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Typo3. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune injection de code indirecte \u00e0 distance (XSS) et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Typo3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-hw6c-6gwq-3m3m du 14 mai 2024",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-36g8-62qv-5957 du 14 mai 2024",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-v6mw-h7w6-59w3 du 14 mai 2024",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-xjwx-78x7-q6jc du 14 mai 2024",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Typo3 versions 13.x ant\u00e9rieures \u00e0 13.0.1",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 11.x ant\u00e9rieures \u00e0 11.5.35",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 12.x ant\u00e9rieures \u00e0 12.4.11",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 9.x ant\u00e9rieures \u00e0 9.5.46",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 8.x ant\u00e9rieures \u00e0 8.7.57",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 10.x ant\u00e9rieures \u00e0 10.4.43",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-30451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30451"
    },
    {
      "name": "CVE-2024-25119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25119"
    },
    {
      "name": "CVE-2024-25118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25118"
    },
    {
      "name": "CVE-2024-22188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22188"
    },
    {
      "name": "CVE-2024-25120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25120"
    },
    {
      "name": "CVE-2024-25121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25121"
    }
  ],
  "initial_release_date": "2024-02-13T00:00:00",
  "last_revision_date": "2024-02-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0121",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Typo3\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Typo3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-wf85-8hx9-gj7c du 13 f\u00e9vrier 2024",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-h47m-3f78-qp9g du 13 f\u00e9vrier 2024",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-w6x2-jg8h-p6mp du 13 f\u00e9vrier 2024",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-w6x2-jg8h-p6mp"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-5w2h-59j3-8x5w du 13 f\u00e9vrier 2024",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-38r2-5695-334w du 13 f\u00e9vrier 2024",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-rj3x-wvc6-5j66 du 13 f\u00e9vrier 2024",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Typo3 versions 12.x ant\u00e9rieures \u00e0 12.4.8",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 8.x ant\u00e9rieures \u00e0 8.7.55",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 9.x ant\u00e9rieures \u00e0 9.5.44",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 10.x ant\u00e9rieures \u00e0 10.4.41",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 11.x ant\u00e9rieures \u00e0 11.5.33",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-47127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47127"
    },
    {
      "name": "CVE-2023-47126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47126"
    }
  ],
  "initial_release_date": "2023-11-14T00:00:00",
  "last_revision_date": "2023-11-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0934",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans\u003cspan\nclass=\"textit\"\u003e Typo3\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Typo3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-3vmm-7h4j-69rm du 14 novembre 2023",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-p2jh-95jg-2w55 du 14 novembre 2023",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-p2jh-95jg-2w55"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 cms-core versions 9.x ant\u00e9rieures \u00e0 9.5.40",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 cms-core versions 11.x ant\u00e9rieures \u00e0 11.5.23",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 cms-core versions 8.7.x ant\u00e9rieures \u00e0 8.7.51",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 cms-core versions 10.x ant\u00e9rieures \u00e0 10.4.36",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 cms-core versions 12.x ant\u00e9rieures \u00e0 12.2.0",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-24814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24814"
    }
  ],
  "initial_release_date": "2023-02-08T00:00:00",
  "last_revision_date": "2023-02-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0100",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans TYPO3. Elle permet \u00e0 un\nattaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 du 07 f\u00e9vrier 2023",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Typo3 cms-cors versions 10.x.x ant\u00e9rieures \u00e0 10.4.33",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 cms-cors versions 9.x.x ant\u00e9rieures \u00e0 9.5.38",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 cms-cors versions 8.x.x ant\u00e9rieures \u00e0 8.7.49",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 cms-cors versions 11.x.x ant\u00e9rieures \u00e0 11.5.20",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 cms-cors versions 12.x.x ant\u00e9rieures \u00e0 12.1.1",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-23500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23500"
    },
    {
      "name": "CVE-2022-23504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23504"
    },
    {
      "name": "CVE-2022-23501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23501"
    },
    {
      "name": "CVE-2022-23503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23503"
    },
    {
      "name": "CVE-2022-23502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23502"
    }
  ],
  "initial_release_date": "2022-12-14T00:00:00",
  "last_revision_date": "2022-12-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-1097",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Typo3 cms-core.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Typo3 cms-core",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-jfp7-79g7-89rf du 13 d\u00e9cembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-c5wx-6c2c-f7rm du 13 d\u00e9cembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-8w3p-qh3x-6gjr du 13 d\u00e9cembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-8c28-5mp7-v24h du 13 d\u00e9cembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-mgj2-q8wp-29rr du 13 d\u00e9cembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Typo3 versions 11.5.x ant\u00e9rieures \u00e0 11.5.16",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 9.5.x ant\u00e9rieures \u00e0 9.5.37",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 10.4.x ant\u00e9rieures \u00e0 10.4.32",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 8.7.x ant\u00e9rieures \u00e0 8.7.48",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 7.6.x ant\u00e9rieures \u00e0 7.6.58",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-36104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36104"
    },
    {
      "name": "CVE-2022-36107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36107"
    },
    {
      "name": "CVE-2022-36106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36106"
    },
    {
      "name": "CVE-2022-36108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36108"
    },
    {
      "name": "CVE-2022-36020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36020"
    },
    {
      "name": "CVE-2022-36105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36105"
    }
  ],
  "initial_release_date": "2022-09-13T00:00:00",
  "last_revision_date": "2022-09-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-813",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Typo3. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Typo3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-gqqf-g5r7-84vf du 13 septembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-9c6w-55cp-5w25 du 13 septembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-fffr-7x4x-f98q du 13 septembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-5959-4x58-r8c2 du 13 septembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-fv2m-9249-qx85 du 13 septembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 GHSA-m392-235j-9r7r du 13 septembre 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 8.x ant\u00e9rieures \u00e0 8.7.47 ELTS",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 7.x ant\u00e9rieures \u00e0 7.6.57 ELTS",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 9.x ant\u00e9rieures \u00e0 9.5.35 ELTS",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 10.x ant\u00e9rieures \u00e0 10.4.29",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 11.x ant\u00e9rieures \u00e0 11.5.11",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-31046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31046"
    },
    {
      "name": "CVE-2022-31050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31050"
    },
    {
      "name": "CVE-2022-31047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31047"
    },
    {
      "name": "CVE-2022-31049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31049"
    },
    {
      "name": "CVE-2022-31048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31048"
    }
  ],
  "initial_release_date": "2022-06-15T00:00:00",
  "last_revision_date": "2022-06-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-549",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 GHSA-fh99-4pgr-8j99 du 14 juin 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 GHSA-wwjw-r3gj-39fq du 14 juin 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 GHSA-h4mx-xv96-2jgm du 14 juin 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 GHSA-8gmv-9hwg-w89g du 14 juin 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 GHSA-3r95-23jp-mhvg du 14 juin 2022",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Typo3 versions 11.x ant\u00e9rieures \u00e0 11.5.0",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-41113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41113"
    },
    {
      "name": "CVE-2021-41114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41114"
    }
  ],
  "initial_release_date": "2021-10-06T00:00:00",
  "last_revision_date": "2021-10-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-757",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-10-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Typo3. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Typo3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 du 05 octobre 2021",
      "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m2jh-fxw4-gphm"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 4.5.x avant 4.5.37",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 6.2.x avant 6.2.6",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 4.7.x avant 4.7.20",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 6.1.x avant 6.1.12",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-4701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4701"
    }
  ],
  "initial_release_date": "2014-10-27T00:00:00",
  "last_revision_date": "2014-10-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2014-AVI-443",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-10-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eTYPO3\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 du 24 octobre 2014",
      "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-002/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 CMS de la version 6.0.0 \u00e0 la version 6.0.13",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 CMS de la version 4.5.0 \u00e0 la version 4.5.33",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 CMS de la version 6.1.0 \u00e0 la version 6.1.18",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 CMS de la version 4.7.0 \u00e0 la version 4.7.18",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 CMS de la version 6.2.0 \u00e0 la version 6.2.2",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2014-05-23T00:00:00",
  "last_revision_date": "2014-05-23T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 TYPO3-CORE-SA-2014-001 du 22 mai    2014",
      "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/"
    }
  ],
  "reference": "CERTFR-2014-AVI-240",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-05-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eTYPO3 CMS\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3 CMS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 TYPO3-CORE-SA-2014-001 du 22 mai 2014",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions ant\u00e9rieures \u00e0 6.0.12",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions ant\u00e9rieures \u00e0 4.7.17",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions ant\u00e9rieures \u00e0 4.5.32",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions ant\u00e9rieures \u00e0 6.1.7",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions ant\u00e9rieures \u00e0 6.2",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2013-12-13T00:00:00",
  "last_revision_date": "2013-12-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 TYPO3-CORE-SA-2013-004 du 10    d\u00e9cembre 2013",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"
    }
  ],
  "reference": "CERTA-2013-AVI-675",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eTYPO3 CMS\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3 CMS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 TYPO3-CORE-SA-2013-004 du 10 d\u00e9cembre 2013",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions ant\u00e9rieures \u00e0 4.7.14",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions ant\u00e9rieures \u00e0 6.0.8",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions ant\u00e9rieures \u00e0 6.1.3",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions ant\u00e9rieures \u00e0 4.5.29",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3642"
    },
    {
      "name": "CVE-2013-1464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1464"
    }
  ],
  "initial_release_date": "2013-08-01T00:00:00",
  "last_revision_date": "2013-08-01T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 TYPO3-CORE-SA-2013-002 du 31    juillet 2013",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/"
    }
  ],
  "reference": "CERTA-2013-AVI-455",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-08-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eTYPO3\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une injection\nde code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 TYPO3-CORE-SA-2013-002 du 31 juillet 2013",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions ant\u00e9rieures \u00e0 4.5.23 (pour la branche 4.5.0)",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions ant\u00e9rieures \u00e0 4.6.16 (pour la branche 4.6.0)",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions ant\u00e9rieures \u00e0 4.7.8 (pour la branche 4.7.0)",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions ant\u00e9rieures \u00e0 6.0.2 (pour la branche 6.0.0)",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2013-03-07T00:00:00",
  "last_revision_date": "2013-03-07T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 TYPO3-CORE-SA-2013-001 du 06    mars 2013",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/"
    }
  ],
  "reference": "CERTA-2013-AVI-168",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-03-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eTYPO3\u003c/span\u003e . Elles concernent une injection SQL et une\nredirection de navigation arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 TYPO3-CORE-SA-2013-001 du 06 mars 2013",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Typo3 versions ant\u00e9rieures \u00e0 4.7.6",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions ant\u00e9rieures \u00e0 4.5.21",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions ant\u00e9rieures \u00e0 4.6.14",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2012-11-12T00:00:00",
  "last_revision_date": "2012-11-12T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-641",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eTYPO3\u003c/span\u003e. Elles permettent \u00e0 un attaquant une\ninjection de code SQL \u00e0 distance et une injection de code indirecte \u00e0\ndistance (XSS). Elles concernent les composants \u003cspan\nclass=\"textit\"\u003eBackend History Module\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eBackend API\u003c/span\u003e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 du 08 novembre 2012",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Typo3 version 4.7.3 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 version 4.5.18 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 version 4.6.11 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 version 6.0 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 version 4.5.0.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 version 4.7.0 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2012-09-04T00:00:00",
  "last_revision_date": "2012-09-04T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 typo3-core-sa-2012-004 du 15    ao\u00fbt 2012 :",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
    }
  ],
  "reference": "CERTA-2012-AVI-484",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-09-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eTypo3\u003c/span\u003e. Elles concernent des injection de code\nindirecte \u00e0 distance (XSS), l\u0027acc\u00e8s \u00e0 une cl\u00e9 de chiffrement pouvant\nmener \u00e0 une \u00e9l\u00e9vation de privil\u00e8ges et enfin l\u0027utilisation de la\nfonction \u00ab \u003cspan class=\"textit\"\u003eunserialize\u003c/span\u003e \u00bb pouvant provoquer\nune ex\u00e9cution de code arbitraire sur le serveur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Typo3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Typo3 du 15 ao\u00fbt 2012",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.6.0 \u00e0 4.6.9 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.7.0 \u00e0 4.7.1 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.5.0 \u00e0 4.5.16 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions de d\u00e9veloppement de la branche 6.0.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2012-07-05T00:00:00",
  "last_revision_date": "2012-07-05T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-CORE-SA-2012-003 du 04 juillet    2012 :",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-003/"
    }
  ],
  "reference": "CERTA-2012-AVI-367",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-07-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e.\nElle permet une injection de code indirecte \u00e0 distance (XSS) par\nl\u0027interm\u00e9diaire du param\u00e8tre \u003cspan class=\"textit\"\u003emovieName\u003c/span\u003e du\nfichier \u003cspan class=\"textit\"\u003eswfupload.swf\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-CORE-SA-2012-003 du 04 juillet 2012",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.2.0 \u00e0 4.2.17 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.4.0 \u00e0 4.4.10 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.3.0 \u00e0 4.3.13 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.5.0 \u00e0 4.5.5.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3 :\n\n-   les valeurs des param\u00e8tres ne sont pas correctement remplac\u00e9es, ce\n    qui rend possible une injection SQL (versions 4.5 uniquement) ;\n-   dans certaines configurations, il est possible de remplir les tables\n    de cache de TYPO3.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2011-11-22T00:00:00",
  "last_revision_date": "2011-11-22T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-662",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-11-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection SQL"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e permettent de\nr\u00e9aliser un d\u00e9ni de service \u00e0 distance et \u00e9ventuellement une injection\nSQL.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 TYPO3 du 14 septembre 2011",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-003/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 version 4.4.8 et ant\u00e9rieures ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 version 4.3.11 et ant\u00e9rieures ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 version 4.5.3 et ant\u00e9rieures.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3 :\n\n-   plusieurs injections de code indirecte \u00e0 distance sont possibles ;\n-   un utilisateur s\u0027authentifiant avec des identifiants erron\u00e9s recevra\n    des ent\u00eates HTTP diff\u00e9rents selon qu\u0027il ait fourni un nom\n    d\u0027utilisateur correct ou non ;\n-   un utilisateur peut contourner le d\u00e9lai d\u0027attente impos\u00e9 apr\u00e9s avoir\n    fourni des identifiants incorrects ;\n-   la fonctionnalit\u00e9 getText peut \u00eatre utilis\u00e9e pour r\u00e9cup\u00e9rer des\n    donn\u00e9es arbitraires depuis la base de donn\u00e9es TYPO3 ;\n-   une vuln\u00e9rablit\u00e9 li\u00e9e \u00e0 l\u0027utilisation de la fonction Unserialize()\n    permet d\u0027effacer arbitrairement les fichiers auxquels le serveur Web\n    a acc\u00e8s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2011-08-09T00:00:00",
  "last_revision_date": "2011-08-09T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 TYPO3-CORE-SA-2011-001 du 27    juillet 2011 :",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-001/"
    }
  ],
  "reference": "CERTA-2011-AVI-432",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans TYPO3 permettent, entre autres,\nd\u0027effectuer de l\u0027injection de code indirecte \u00e0 distance ou de porter\natteinte \u00e0 la confidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 TYPO3-CORE-SA-2011-001 du 27 juillet 2011",
      "url": null
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.2.15 et ant\u00e9rieures ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.3.8 et ant\u00e9rieures ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.4.4 et ant\u00e9rieures.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3 :\n\n-   une injection de code indirecte est possible dans le frontend si la\n    fonctionnalit\u00e9 caching framework est activ\u00e9e (les versions 4.2.x ne\n    sont pas concern\u00e9es) ;\n-   un utilisateur l\u00e9gitime du backend peut injecter du code HTML ou\n    javascript ;\n-   il est possible de contourner la v\u00e9rification des donn\u00e9es transmises\n    par les utilisateurs (m\u00e9canisme de protection contre les inclusions\n    de fichiers PHP), ce qui permet l\u0027ex\u00e9cution de code arbitraire \u00e0\n    distance ;\n-   un utilisateur l\u00e9gitime pouvant utiliser les outils d\u0027installation\n    peut r\u00e9aliser plusieurs injections de code indirectes ;\n-   des remont\u00e9es de r\u00e9pertoires sont possibles via la biblioth\u00e8que\n    unzip ;\n-   un utilisateur l\u00e9gitime du backend peut r\u00e9aliser injection SQL via\n    le module list ;\n-   dans une configuration SQL particuli\u00e8re (mode NO_BACKSLASH_ESCAPES),\n    il est possible de faire des requ\u00eates LIKE avec des jokers, ce qui\n    permet d\u0027avoir acc\u00e8s \u00e0 des enregistrements th\u00e9oriquement\n    inaccessibles.\n\n## Solution\n\nLes versions 4.2.16, 4.3.9 et 4.4.5 de TYPO3 corrigent ces\nvuln\u00e9rabilit\u00e9s.\n",
  "cves": [],
  "initial_release_date": "2010-12-17T00:00:00",
  "last_revision_date": "2010-12-17T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-614",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e\npermettent, entre autres, d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-SA-2010-022 du 16 d\u00e9cembre 2010",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-022/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.2.x ant\u00e9rieures \u00e0 4.2.15 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.3.x ant\u00e9rieures \u00e0 4.3.7 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.4.x ant\u00e9rieures \u00e0 4.4.4.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3 :\n\n-   une faille permet le contournement du m\u00e9canisme jumpUrl, dont la\n    fonctionnalit\u00e9 est de v\u00e9rifier les droits d\u0027acc\u00e8s \u00e0 des pages ou des\n    fichiers. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9 permet de lire tout\n    fichier auquel le compte ayant lanc\u00e9 le serveur Web a acc\u00e8s ;\n-   une injection de code indirecte est possible via le backend de\n    TYPO3. Il est n\u00e9anmoins n\u00e9cessaire de disposer d\u0027un compte autoris\u00e9\n    \u00e0 se connecter au backend pour pouvoir exploiter cette vuln\u00e9rabilit\u00e9\n    ;\n-   une faille dans le gestionnaire d\u0027extensions permet de lire les\n    fichiers auxquels le serveur Web a acc\u00e8s. Il est n\u00e9cessaire de\n    disposer d\u0027un compte d\u0027administrateur pour pouvoir exploiter cette\n    vuln\u00e9rabilit\u00e9 ;\n-   la t\u00e2che be_user_creation permet de cr\u00e9er des utilisateurs qui sont\n    membres de groupes arbitraires et par ce biais, d\u0027\u00e9lever les\n    privil\u00e8ges. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9 requiert des\n    droits de cr\u00e9ation d\u0027utilisateurs dans le centre de t\u00e2ches ;\n-   un probl\u00e8me dans la fonction PHP filter_var() permet la r\u00e9alisation\n    d\u0027un d\u00e9ni de service \u00e0 distance lorsque la fonction\n    t3lib_div::validEMail() est utilis\u00e9e ;\n-   une injection de code indirecte est possible via la fonction\n    RemoveXSS.\n\n## Solution\n\nMettre \u00e0 jour TYPO3 en version 4.2.15, 4.3.7 ou 4.4.4.\n",
  "cves": [
    {
      "name": "CVE-2010-3710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3710"
    },
    {
      "name": "CVE-2010-3715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3715"
    },
    {
      "name": "CVE-2010-3716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3716"
    },
    {
      "name": "CVE-2010-4068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4068"
    },
    {
      "name": "CVE-2010-3717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3717"
    },
    {
      "name": "CVE-2010-3714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3714"
    }
  ],
  "initial_release_date": "2010-10-07T00:00:00",
  "last_revision_date": "2010-10-27T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-474",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-10-07T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2010-10-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e\npermettent un d\u00e9ni de service \u00e0 distance, la lecture de certains\nfichiers du syst\u00e8me, une \u00e9l\u00e9vation de privil\u00e8ges et une injection de\ncode indirecte \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-SA-2010-020 du 06 octobre 2010",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.3.3 et ant\u00e9rieures ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.2.12 et ant\u00e9rieures ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.1.13 et ant\u00e9rieures ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.4 et ant\u00e9rieures.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans le gestionnaire de contenu\n(CMS) TYPO3. Ces failles, au nombre de quinze, permettent, entre autres,\n\u00e0 un utilisateur distant malintentionn\u00e9 de :\n\n-   contourner la politique de s\u00e9curit\u00e9 ;\n-   ex\u00e9cuter du code arbitraire ;\n-   porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es ;\n-   porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es ;\n-   conduire des attaques de type injection de code indirecte \u00e0\n    distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2010-07-30T00:00:00",
  "last_revision_date": "2010-07-30T00:00:00",
  "links": [
    {
      "title": "Site de TYPO3 :",
      "url": "http://www.typo3.org"
    }
  ],
  "reference": "CERTA-2010-AVI-347",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-07-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans TYPO3 permettent, entre autres,\n\u00e0 un utilisateur distant malintentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistant ou de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-SA-2010-012 du 28 juillet 2010",
      "url": "http://www.typo3.org/teams/security/security-bulletins/typo3-sa-2010-012"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.3.0, 4.3.1 et 4.3.2 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions de d\u00e9veloppement de la branche 4.4.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans TYPO3. Un utilisateur\nmalintentionn\u00e9 peut, par l\u0027interm\u00e9diaire d\u0027une requ\u00eate sp\u00e9cifique,\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2010-04-12T00:00:00",
  "last_revision_date": "2010-04-12T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-163",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-04-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e permet\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-SA-2010-008 du 09 avril 2010",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.2.9 et ant\u00e9rieures ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.0.13 et ant\u00e9rieures ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.3.0beta1 et ant\u00e9rieures.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.1.12 et ant\u00e9rieures ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3 :\n\n-   plusieurs probl\u00e8mes affectent le backend. Elles permettent de\n    recalculer la cl\u00e9 de chiffrement, de r\u00e9aliser diverses injections de\n    code indirectes, ou d\u0027ex\u00e9cuter des commandes arbitraires sur le\n    syst\u00e8me. Ces vuln\u00e9rabilit\u00e9s n\u00e9cessitent toutes de disposer d\u0027un\n    compte valide ;\n-   une injection SQL est possible via la fonctionnalit\u00e9 d\u0027\u00e9dition du\n    frontend. Cette vuln\u00e9rabilit\u00e9 requiert un compte valide ;\n-   du code HTML ou JavaScript peut \u00eatre ins\u00e9r\u00e9 via la fonction\n    t3lib_div::quoteJSvalue ;\n-   une injection de code indirecte est possible via l\u0027interface de\n    connexion au frontend (felogin) ;\n-   il est possible de se connecter \u00e0 l\u0027outil d\u0027installation en ne\n    connaissant que l\u0027empreinte MD5 du mot de passe, ainsi que de\n    r\u00e9aliser des injections de code indirectes au travers de ce m\u00eame\n    outil.\n\n## Solution\n\nMettre \u00e0 jour en version 4.1.13, 4.2.10 ou 4.3beta2, conform\u00e9ment au\nbulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation). La\nbranche 4.0 n\u0027est plus maintenue. Le support pour la branche 4.1 ne sera\nplus assur\u00e9 quand la version 4.3 sortira (pr\u00e9vue pour fin novembre\n2009).\n",
  "cves": [],
  "initial_release_date": "2009-10-26T00:00:00",
  "last_revision_date": "2009-10-26T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-454",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-10-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e\npermettent d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance, de r\u00e9aliser\ndiverses injections de code ou d\u0027obtenir un acc\u00e8s \u00e0 l\u0027outil\nd\u0027installation.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-SA-2009-016 du 22 octobre 2009",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.2.0 \u00e0 4.2.3.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.0.0 \u00e0 4.0.9 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.1.0 \u00e0 4.1.7 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3 :\n\n-   la cl\u00e9 de chiffrement utilis\u00e9e par TYPO3 a une faible entropie ;\n-   les jetons de session ne sont pas correctement invalid\u00e9s et peuvent\n    \u00eatre rejou\u00e9s ;\n-   le moteur de recherche index\u00e9e ne filtre pas correctement les\n    param\u00e8tres, ce qui permet une ex\u00e9cution de commandes arbitraires \u00e0\n    distance. Par ailleurs, le nom et le contenu des fichiers \u00e0 indexer\n    ne sont pas non plus correctement filtr\u00e9s, ce qui permet de r\u00e9aliser\n    des attaques de type cross-site scripting ;\n-   des attaques de type cross-site scripting sont possibles via les\n    composants ADOdb et Workspace.\n\n## Solution\n\nMettre \u00e0 jour TYPO3 en version 4.0.10, 4.1.8 ou 4.2.4. L\u0027application des\nmises \u00e0 jour ne suffit pas \u00e0 corriger toutes les vuln\u00e9rabilit\u00e9s, il est\n\u00e9galement n\u00e9cessaire de cr\u00e9er une nouvelle cl\u00e9 de chiffrement. Cette\nproc\u00e9dure est d\u00e9crite dans le bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (voir\nsection Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0257"
    },
    {
      "name": "CVE-2009-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0255"
    },
    {
      "name": "CVE-2009-0256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0256"
    },
    {
      "name": "CVE-2009-0258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0258"
    }
  ],
  "initial_release_date": "2009-01-21T00:00:00",
  "last_revision_date": "2009-01-21T00:00:00",
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0258 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-258"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0257 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-257"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0255 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-255"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0256 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-256"
    }
  ],
  "reference": "CERTA-2009-AVI-024",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injections de code indirectes"
    },
    {
      "description": "Ex\u00e9cution de commandes arbitraires \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e\npermettent une ex\u00e9cution de commandes arbitraires \u00e0 distance, diverses\ninjections de code indirectes ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-SA-2009-001",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.0 \u00e0 4.0.8 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 version 4.2.0.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 3.x ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.1 \u00e0 4.1.6 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3 :\n\n-   la valeur par d\u00e9faut de la variable fileDenyPattern (li\u00e9e\n    configuration TYPO3) permet \u00e0 des utilisateurs authentifi\u00e9s de\n    t\u00e9l\u00e9charger sur le serveur Apache des fichiers de configuration\n    (.htaccess). De plus, si le module mod_mime est activ\u00e9 sur le\n    serveur Apache, les utilisateurs authentifi\u00e9s peuvent installer ou\n    cr\u00e9er des fichiers contenant du code PHP ;\n-   les donn\u00e9es trait\u00e9es par le fichier fe_adminlib.inc ne sont pas\n    correctement filtr\u00e9es. Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e pour\n    r\u00e9aliser des attaques de type cross-site scripting.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2008-06-13T00:00:00",
  "last_revision_date": "2008-06-13T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-311",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte ( cross-site scripting )"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e permettent\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance et la r\u00e9alisation d\u0027attaques\nde type \u003cspan class=\"textit\"\u003ecross-site scripting\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO320080611-1 du 11 juin 2008",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.0 \u00e0 4.0.7 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.1 \u00e0 4.1.3.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 3.x ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans TYPO3. Celle-ci permet\nd\u0027injecter des commandes SQL par l\u0027interm\u00e9diaire de l\u0027extension\nindexed_search. Cependant, il est n\u00e9cessaire de disposer d\u0027un compte\nutilisateur pour pouvoir exploiter la vuln\u00e9rabilit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2007-12-14T00:00:00",
  "last_revision_date": "2007-12-14T00:00:00",
  "links": [],
  "reference": "CERTA-2007-AVI-543",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de commandes SQL"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e permet\nd\u0027injecter des commandes SQL.\n",
  "title": "vuln\u00e9rabilit\u00e9 dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3 20071210-1 du 10 d\u00e9cembre 2007",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "extension rtehtmlarea versions 0.7.5 \u00e0 1.4.2 (sauf 1.1.4, 1.2.1 et 1.3.8).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 versions 4.0 \u00e0 4.0.3 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "Typo3 version 4.1 beta ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nL\u0027extension rtehtmlarea est install\u00e9e par d\u00e9faut dans le gestionnaire de\ncontenu Typo3 dans les versions 4.0 \u00e0 4.0.3 et 4.1 beta. Cette extension\npeut \u00e9galement \u00eatre install\u00e9e en module externe.\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le module\nclass.tx_rtehtmlarea_pi1.php de l\u0027extension rtehtmlarea. Un utilisateur\nmalintentionn\u00e9 peut, par le biais de requ\u00eates HTTP, ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\nL\u0027exploitation de cette vuln\u00e9rabilit\u00e9 ne fonctionne pas si l\u0027option PHP\nsafe_mode a \u00e9t\u00e9 activ\u00e9e.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2006-12-21T00:00:00",
  "last_revision_date": "2006-12-21T00:00:00",
  "links": [],
  "reference": "CERTA-2006-AVI-565",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-12-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 dans Typo3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-20061220-1 du 20 d\u00e9cembre 2006",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-20061220-1/"
    }
  ]
}