Refine your search
59 vulnerabilities found for web by Centreon
CERTFR-2025-AVI-0728
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Centreon Web. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.17",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.11",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions ant\u00e9rieures \u00e0 23.10.27",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [],
"initial_release_date": "2025-08-25T00:00:00",
"last_revision_date": "2025-08-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0728",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Centreon Web. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Centreon Web",
"vendor_advisories": [
{
"published_at": "2025-08-25",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-web-all-versions-high-severity-4935",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-all-versions-high-severity-4935"
}
]
}
CERTFR-2025-AVI-0662
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Certaines d'entre elles permettent à un attaquant de provoquer une injection SQL (SQLi), un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | License Manager | License Manager versions antérieures 24.10.x à 24.10.3 | ||
| Centreon | License Manager | License Manager versions antérieures à 23.10.6 | ||
| Centreon | Web | Centreon versions antérieures à 23.10.26 | ||
| Centreon | Web | Centreon versions antérieures 24.04.x à 24.04.16 | ||
| Centreon | License Manager | License Manager versions antérieures 24.04.x à 24.04.5 | ||
| Centreon | Web | Centreon versions antérieures 24.10.x à 24.10.9 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "License Manager versions ant\u00e9rieures 24.10.x \u00e0 24.10.3",
"product": {
"name": "License Manager",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "License Manager versions ant\u00e9rieures \u00e0 23.10.6",
"product": {
"name": "License Manager",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon versions ant\u00e9rieures \u00e0 23.10.26",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon versions ant\u00e9rieures 24.04.x \u00e0 24.04.16",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "License Manager versions ant\u00e9rieures 24.04.x \u00e0 24.04.5",
"product": {
"name": "License Manager",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon versions ant\u00e9rieures 24.10.x \u00e0 24.10.9",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4650"
},
{
"name": "CVE-2025-6791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6791"
}
],
"initial_release_date": "2025-08-07T00:00:00",
"last_revision_date": "2025-08-07T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0662",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une injection SQL (SQLi), un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2025-08-07",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-6791-centreon-web-all-versions-high-severity-4900",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-6791-centreon-web-all-versions-high-severity-4900"
},
{
"published_at": "2025-08-07",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2025-4650-centreon-web-all-versions-high-severity-4901",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2025-4650-centreon-web-all-versions-high-severity-4901"
},
{
"published_at": "2025-08-07",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-web-all-versions-high-severity-4899",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-web-all-versions-high-severity-4899"
},
{
"published_at": "2025-08-07",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-license-manager-all-versions-high-severity-4904",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-license-manager-all-versions-high-severity-4904"
}
]
}
CERTFR-2025-AVI-0493
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | MBI | MBI Server versions antérieures à 23.04.23 | ||
| Centreon | Map | Map versions antérieures à 23.04.23 | ||
| Centreon | Map | Map versions antérieures à 24.10.5 | ||
| Centreon | MBI | MBI Engine versions antérieures à 24.10.22 | ||
| Centreon | MBI | MBI Server versions antérieures à 23.10.22 | ||
| Centreon | Web | Web versions antérieures à 23.04.27 | ||
| Centreon | Web | Web versions antérieures à 23.10.22 | ||
| Centreon | Map | Map versions antérieures à 23.10.19 | ||
| Centreon | Map | Map versions antérieures à 24.04.11 | ||
| Centreon | MBI | MBI Engine versions antérieures à 23.04.23 | ||
| Centreon | open tickets | open tickets versions antérieures à 23.10.3 | ||
| Centreon | open tickets | open tickets versions antérieures à 23.04.6 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MBI Server versions ant\u00e9rieures \u00e0 23.04.23",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Map versions ant\u00e9rieures \u00e0 23.04.23",
"product": {
"name": "Map",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Map versions ant\u00e9rieures \u00e0 24.10.5",
"product": {
"name": "Map",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI Engine versions ant\u00e9rieures \u00e0 24.10.22",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI Server versions ant\u00e9rieures \u00e0 23.10.22",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions ant\u00e9rieures \u00e0 23.04.27",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions ant\u00e9rieures \u00e0 23.10.22",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Map versions ant\u00e9rieures \u00e0 23.10.19",
"product": {
"name": "Map",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Map versions ant\u00e9rieures \u00e0 24.04.11",
"product": {
"name": "Map",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "MBI Engine versions ant\u00e9rieures \u00e0 23.04.23",
"product": {
"name": "MBI",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "open tickets versions ant\u00e9rieures \u00e0 23.10.3",
"product": {
"name": "open tickets",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "open tickets versions ant\u00e9rieures \u00e0 23.04.6",
"product": {
"name": "open tickets",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-46337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
},
{
"name": "CVE-2024-55573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55573"
},
{
"name": "CVE-2023-28447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28447"
}
],
"initial_release_date": "2025-06-11T00:00:00",
"last_revision_date": "2025-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0493",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2023-28447-centreon-high-severity-4430",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2023-28447-centreon-high-severity-4430"
},
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2022-46337-centreon-mbi-critical-severity-4744",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2022-46337-centreon-mbi-critical-severity-4744"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon centreon-map-critical-severity-4650",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/centreon-map-critical-severity-4650"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2022-46337-centreon-mbi-critical-severity-4649",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2022-46337-centreon-mbi-critical-severity-4649"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon updated-cve-2023-28447-centreon-high-severity-4652",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/updated-cve-2023-28447-centreon-high-severity-4652"
}
]
}
CERTFR-2024-AVI-1011
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Centreon Web. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Web versions 24.10.x antérieures à 24.10.0 | ||
| Centreon | Web | Web versions 23.04.x antérieures à 23.04.23 | ||
| Centreon | Web | Web versions 23.10.x antérieures à 23.10.18 | ||
| Centreon | Web | Web versions 22.10.x antérieures à 22.10.26 | ||
| Centreon | Web | Web versions 24.04.x antérieures à 24.04.8 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web versions 24.10.x ant\u00e9rieures \u00e0 24.10.0",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.04.x ant\u00e9rieures \u00e0 23.04.23",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.18",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 22.10.x ant\u00e9rieures \u00e0 22.10.26",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.8",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-47863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47863"
}
],
"initial_release_date": "2024-11-22T00:00:00",
"last_revision_date": "2024-11-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1011",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Centreon Web. Elle permet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).",
"title": "Vuln\u00e9rabilit\u00e9 dans Centreon Web",
"vendor_advisories": [
{
"published_at": "2024-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon cve-2024-47863-centreon-web-medium-severity-4059?postid=14456#post14456",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-47863-centreon-web-medium-severity-4059?postid=14456#post14456"
}
]
}
CERTFR-2024-AVI-0915
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Centreon. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Centreon Web versions 22.x antérieures à 22.10.24 | ||
| Centreon | BI Server | Centreon BI Server versions 23.10.x antérieures à 23.10.8 | ||
| Centreon | BI Server | Centreon BI Server versions 24.x antérieures à 24.04.3 | ||
| Centreon | BI Server | Centreon BI Server versions 22.x antérieures à 22.10.11 | ||
| Centreon | Web | Centreon Web versions 23.04.x antérieures à 23.04.22 | ||
| Centreon | Web | Centreon Web versions 24.x antérieures à 24.04.7 | ||
| Centreon | Web | Centreon Web versions 23.10.x antérieures à 23.10.17 | ||
| Centreon | BI Server | Centreon BI Server versions 23.04.x antérieures à 23.04.11 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Centreon Web versions 22.x ant\u00e9rieures \u00e0 22.10.24",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon BI Server versions 23.10.x ant\u00e9rieures \u00e0 23.10.8",
"product": {
"name": "BI Server",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon BI Server versions 24.x ant\u00e9rieures \u00e0 24.04.3",
"product": {
"name": "BI Server",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon BI Server versions 22.x ant\u00e9rieures \u00e0 22.10.11",
"product": {
"name": "BI Server",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.04.x ant\u00e9rieures \u00e0 23.04.22",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 24.x ant\u00e9rieures \u00e0 24.04.7",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.17",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon BI Server versions 23.04.x ant\u00e9rieures \u00e0 23.04.11",
"product": {
"name": "BI Server",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-45754",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45754"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
}
],
"initial_release_date": "2024-10-23T00:00:00",
"last_revision_date": "2024-10-23T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0915",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Centreon. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Centreon",
"vendor_advisories": [
{
"published_at": "2024-10-10",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon 13706",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-45754-centreon-mbi-high-severity-3888?postid=13706#post13706"
},
{
"published_at": "2024-10-01",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon 13625",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3855?postid=13625#post13625"
}
]
}
CERTFR-2024-AVI-0743
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Centreon web. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Centreon Web versions 24.04.x ant\u00e9rieures \u00e0 24.04.3",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.04.x ant\u00e9rieures \u00e0 23.04.19",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 22.10.x ant\u00e9rieures \u00e0 22.10.23",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.13",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-32501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32501"
},
{
"name": "CVE-2024-33852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33852"
},
{
"name": "CVE-2024-33853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33853"
},
{
"name": "CVE-2024-33854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33854"
},
{
"name": "CVE-2024-5725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5725"
},
{
"name": "CVE-2024-39841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39841"
}
],
"initial_release_date": "2024-09-05T00:00:00",
"last_revision_date": "2024-09-05T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0743",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Centreon web. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Centreon Web",
"vendor_advisories": [
{
"published_at": "2024-08-22",
"title": "Bulletin de s\u00e9curit\u00e9 Centreon web 3744",
"url": "https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744"
}
]
}
CERTFR-2024-AVI-0009
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Centreon Web. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Centreon Web versions 22.10.x ant\u00e9rieures \u00e0 22.10.17",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.04.x ant\u00e9rieures \u00e0 23.04.13",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions 23.10.x ant\u00e9rieures \u00e0 23.10.5",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Centreon Web versions ant\u00e9rieures \u00e0 22.04.19",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2024-01-05T00:00:00",
"last_revision_date": "2024-01-05T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0009",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Centreon Web. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Centreon Web",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Centreon du 04 janvier 2024",
"url": "https://support.centreon.com/hc/en-us/articles/21413079841809-Security-bulletin-for-Centreon-Web"
}
]
}
CERTFR-2019-AVI-014
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | SRC Series Application Server et Web Administrator versions antérieures à 4.12.0-R1 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1 sur vMX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series | ||
| Juniper Networks | Junos OS | Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75 | ||
| N/A | N/A | Juniper ATP | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series | ||
| Juniper Networks | Junos OS | Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series | ||
| Juniper Networks | Junos OS | Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series | ||
| Juniper Networks | Junos Space | Junos Space | ||
| Juniper Networks | Junos OS | Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series | ||
| Juniper Networks | Junos OS | Tous produits et toutes plateformes exécutant Junos OS | ||
| Juniper Networks | Junos OS | Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SRC Series Application Server et Web Administrator versions ant\u00e9rieures \u00e0 4.12.0-R1",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1 sur vMX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53, 16.1, 17.1, 17.2, 17.3, 17.4, 18.1 sur EX2300/EX3400, EX2300/EX3400 series, EX4600, QFX3K series, QFX5200/QFX5110 series et QFX5k series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 14.1X53, 15.1, 15.1X53 sur EX Virtual Chassis Platforms, MX Virtual Chassis Platforms et QFX Virtual Chassis Platforms",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3, 12.3X48, 14.1X53, 15.1, 15.1F, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.2X75, 17.3, 17.4, 18.1, 18.2 et 18.2X75",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper ATP",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X53, 18.1, 18.2 sur EX2300 et EX3400 series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2 sur MX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.3X48, 15.1X49, 17.3, 17.4, 18.1 et 18.2 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 12.1X46, 12.3X48, 15.1X49 sur SRX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Tous produits et toutes plateformes ex\u00e9cutant Junos OS",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.2X75, 17.4, 18.1 et 18.2 sur QFX et PTX Series",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0010"
},
{
"name": "CVE-2018-10901",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10901"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2019-0003",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0003"
},
{
"name": "CVE-2019-0007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0007"
},
{
"name": "CVE-2018-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2017-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0861"
},
{
"name": "CVE-2018-7566",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7566"
},
{
"name": "CVE-2019-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0027"
},
{
"name": "CVE-2019-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0030"
},
{
"name": "CVE-2017-1000379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000379"
},
{
"name": "CVE-2019-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0001"
},
{
"name": "CVE-2018-14634",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14634"
},
{
"name": "CVE-2019-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0002"
},
{
"name": "CVE-2019-0013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0013"
},
{
"name": "CVE-2019-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0023"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2018-10675",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10675"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2017-3137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3137"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2017-3142",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3142"
},
{
"name": "CVE-2018-10872",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10872"
},
{
"name": "CVE-2019-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0015"
},
{
"name": "CVE-2019-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0005"
},
{
"name": "CVE-2019-0009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0009"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2019-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0024"
},
{
"name": "CVE-2019-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0025"
},
{
"name": "CVE-2017-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3143"
},
{
"name": "CVE-2018-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2019-0011",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0011"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2017-15265",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15265"
},
{
"name": "CVE-2019-0012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0012"
},
{
"name": "CVE-2017-11610",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11610"
},
{
"name": "CVE-2018-5748",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5748"
},
{
"name": "CVE-2019-0004",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0004"
},
{
"name": "CVE-2019-0017",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0017"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-3665",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3665"
},
{
"name": "CVE-2017-1000366",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000366"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2018-12020",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
},
{
"name": "CVE-2018-5390",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5390"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2019-0021",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0021"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2019-0016",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0016"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-8897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8897"
},
{
"name": "CVE-2019-0022",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0022"
},
{
"name": "CVE-2017-1000364",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000364"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-1050",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1050"
},
{
"name": "CVE-2019-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0014"
},
{
"name": "CVE-2018-3693",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3693"
},
{
"name": "CVE-2018-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10911"
},
{
"name": "CVE-2019-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0026"
},
{
"name": "CVE-2019-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0029"
},
{
"name": "CVE-2019-0020",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0020"
},
{
"name": "CVE-2018-5740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5740"
},
{
"name": "CVE-2017-2619",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2619"
},
{
"name": "CVE-2019-0018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0018"
},
{
"name": "CVE-2018-1000004",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000004"
},
{
"name": "CVE-2019-0006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0006"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2017-3136",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3136"
},
{
"name": "CVE-2011-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
},
{
"name": "CVE-2017-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3145"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-10301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10301"
}
],
"initial_release_date": "2019-01-10T00:00:00",
"last_revision_date": "2019-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-014",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10906 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10906\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10910 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10910\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10911 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10911\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10907 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10907\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10912 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10912\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10913 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10913\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10919 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10919\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10905 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10905\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10902 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10902\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10917 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10917\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10904 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10904\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10915 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10915\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10916 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10916\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10914 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10914\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10900 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10900\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10909 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10909\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10901 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10901\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10918 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10918\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10903 du 9 janvier 2019",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10903\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2018-AVI-325
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans TenableCore Web Application Scanner. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Web Application Scanner versions ant\u00e9rieures \u00e0 v20180328",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-1111",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1111"
}
],
"initial_release_date": "2018-07-06T00:00:00",
"last_revision_date": "2018-07-06T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-325",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-07-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans TenableCore Web Application\nScanner. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans TenableCore Web Application Scanner",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2018-10 du 05 juillet 2018",
"url": "https://www.tenable.com/security/tns-2018-10"
}
]
}
CERTFR-2018-AVI-073
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans SCADA CODESYS Web Server. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tous syst\u00e8mes Microsoft Windows (incluant WinCE) utilisant CODESYS V2.3 web servers en tant qu\u0027application isol\u00e9e ou au sein du syst\u00e8me CODESYS runtime versions ant\u00e9rieures \u00e0 V1.1.9.19",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-5440",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5440"
}
],
"initial_release_date": "2018-02-07T00:00:00",
"last_revision_date": "2018-02-07T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-073",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-02-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans SCADA CODESYS Web Server. Elle\npermet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0\ndistance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans SCADA CODESYS Web Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 CODESYS LCDS-282 du 2 f\u00e9vrier 2018",
"url": "https://customers.codesys.com/fileadmin/data/customers/security/2018/Advisory2018-01_LCDS-282.pdf"
}
]
}
CERTFR-2015-AVI-230
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les systèmes SCADA Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Schneider VAMPSET versions 2.2.145 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Schneider InduSoft Web Studio versions 7.1.3.4 et ant\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2015-05-19T00:00:00",
"last_revision_date": "2015-05-19T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-230",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les syst\u00e8mes SCADA\n\u003cspan class=\"textit\"\u003eSchneider\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les syst\u00e8mes SCADA Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider du 25 mars 2015",
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2015-084-01\u0026p_EnDocType=Brochure\u0026p_File_Id=768378039\u0026p_File_Name=SEVD-2015-084-01+VAMPSET+Software.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider du 10 avril 2015",
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2015-100-01\u0026p_EnDocType=Brochure\u0026p_File_Id=782213040\u0026p_File_Name=SEVD-2015-100-01+InduSoft+Web+Studio_signed.pdf"
}
]
}
CERTFR-2015-AVI-007
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans EMC Documentum Web Development Kit. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | EMC Engineering Plant Facilities Management Solution for Documentum versions 1.7 SP1 et supérieures | ||
| Centreon | Web | EMC Records Client versions 6.7 SP2 et supérieures | ||
| Centreon | Web | EMC Digital Assets Manager versions 6.5 SP6 et supérieures | ||
| Centreon | Web | EMC Capital Projects versions 1.9 et supérieures | ||
| Centreon | Web | EMC WebTop versions 6.7 SP2 et supérieures | ||
| Centreon | Web | EMC Task Space versions 6.7 SP2 et supérieures | ||
| Centreon | Web | EMC Web Publishers versions 6.5 SP7 et supérieures | ||
| Centreon | Web | EMC Documentum Administrator versions 7.1 et supérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EMC Engineering Plant Facilities Management Solution for Documentum versions 1.7 SP1 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Records Client versions 6.7 SP2 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Digital Assets Manager versions 6.5 SP6 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Capital Projects versions 1.9 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC WebTop versions 6.7 SP2 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Task Space versions 6.7 SP2 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Web Publishers versions 6.5 SP7 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Administrator versions 7.1 et sup\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-4636",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4636"
},
{
"name": "CVE-2014-4639",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4639"
},
{
"name": "CVE-2014-4635",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4635"
},
{
"name": "CVE-2014-4637",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4637"
},
{
"name": "CVE-2014-4638",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4638"
}
],
"initial_release_date": "2015-01-06T00:00:00",
"last_revision_date": "2015-01-06T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-007",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-01-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eEMC Documentum Web Development Kit\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans EMC Documentum Web Development Kit",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-180 du 06 janvier 2015",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/att-0009/ESA-2014-180.txt"
}
]
}
CERTFR-2014-AVI-362
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans EMC Documentum. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | N/A | EMC Documentum Capital Projects | ||
| Centreon | N/A | EMC Documentum Administrator | ||
| N/A | N/A | EMC Documentum Digital Asset Manager | ||
| Centreon | N/A | EMC Documentum Content Server | ||
| Centreon | Web | EMC Documentum Web Publisher | ||
| Centreon | N/A | EMC Documentum Engineering Plant Facilities Management Solution | ||
| N/A | N/A | EMC Documentum D2 | ||
| N/A | N/A | EMC Documentum Webtop | ||
| N/A | N/A | EMC Documentum Taskspace | ||
| Centreon | N/A | EMC Documentum WDK | ||
| N/A | N/A | EMC Documentum Records Manager | ||
| Centreon | N/A | EMC Documentum Records Client |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EMC Documentum Capital Projects",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Administrator",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Digital Asset Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum Content Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Web Publisher",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Engineering Plant Facilities Management Solution",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum D2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum Webtop",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum Taskspace",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum WDK",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Records Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum Records Client",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-2521",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2521"
},
{
"name": "CVE-2014-4618",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4618"
},
{
"name": "CVE-2014-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2511"
},
{
"name": "CVE-2014-2515",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2515"
},
{
"name": "CVE-2014-0221",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0221"
},
{
"name": "CVE-2014-0195",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0195"
},
{
"name": "CVE-2014-2518",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2518"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-3470",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
},
{
"name": "CVE-2014-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
},
{
"name": "CVE-2010-5298",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-5298"
},
{
"name": "CVE-2014-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2520"
},
{
"name": "CVE-2014-0198",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0198"
}
],
"initial_release_date": "2014-08-20T00:00:00",
"last_revision_date": "2014-08-20T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-362",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-08-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eEMC Documentum\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans EMC Documentum",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-067 du 20 ao\u00fbt 2014",
"url": "http://seclists.org/bugtraq/2014/Aug/att-92/ESA-2014-067.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-079 du 20 ao\u00fbt 2014",
"url": "http://seclists.org/bugtraq/2014/Aug/att-93/ESA-2014-079.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-073 du 20 ao\u00fbt 2014",
"url": "http://seclists.org/bugtraq/2014/Aug/att-90/ESA-2014-073.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-059 du 20 ao\u00fbt 2014",
"url": "http://seclists.org/bugtraq/2014/Aug/att-91/ESA-2014-059.txt"
}
]
}
CERTA-2013-AVI-319
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans EMC RSA SecurID. Elle permet à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | RSA Web Agent for Apache Web Server versions antérieures à 5.3.5 | ||
| Microsoft | Windows | RSA Agent pour Microsoft Windows versions antérieures à 6.1.4 | ||
| N/A | N/A | RSA Authentication API versions antérieures à 8.1 SP1 | ||
| N/A | N/A | RSA PAM Agent versions antérieures à 7.0 | ||
| Centreon | Web | RSA Web Agent for IIS versions antérieures à 5.3.5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "RSA Web Agent for Apache Web Server versions ant\u00e9rieures \u00e0 5.3.5",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "RSA Agent pour Microsoft Windows versions ant\u00e9rieures \u00e0 6.1.4",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "RSA Authentication API versions ant\u00e9rieures \u00e0 8.1 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "RSA PAM Agent versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "RSA Web Agent for IIS versions ant\u00e9rieures \u00e0 5.3.5",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-0941",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0941"
}
],
"initial_release_date": "2013-05-21T00:00:00",
"last_revision_date": "2013-05-21T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-319",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eEMC RSA\nSecurID\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans EMC RSA SecurID",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2013-029 du 16 mai 2013",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/att-0064/ESA-2013-029.txt"
}
]
}
CERTA-2013-AVI-141
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Hitachi. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Hitachi Tuning Manager Software versions ant\u00e9rieures \u00e0 7.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Hitachi JP1/Performance Management - Web Console versions ant\u00e9rieures \u00e0 09-00-03",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2013-02-19T00:00:00",
"last_revision_date": "2013-02-19T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-141",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eHitachi\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Hitachi",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Hitachi HS13-003 du 18 f\u00e9vrier 2013",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-003/index.html"
}
]
}
CERTA-2013-AVI-064
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Barracuda Networks. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Barracuda Web Filter versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Message Archiver versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Virus Firewall versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Link Balancer versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Load Balancer versions antérieures à 2.0.5 | ||
| Centreon | Web | Barracuda Web Application Firewall versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Spam versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda SSL VPN versions antérieures à 2.0.5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Barracuda Web Filter versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Message Archiver versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Virus Firewall versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Link Balancer versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Load Balancer versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Web Application Firewall versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Spam versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda SSL VPN versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2013-01-25T00:00:00",
"last_revision_date": "2013-01-25T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-064",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-01-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eBarracuda Networks\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Barracuda Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Barracuda Networks du 23 janvier 2013",
"url": "https://www.barracudanetworks.com/support/techalerts"
}
]
}
CERTA-2012-AVI-696
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans les produits Hitachi. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Cosminexus version 5 | ||
| Centreon | Web | Hitachi Web Server de la version 04-00 à la version 04-20 | ||
| Centreon | N/A | Cosminexus version 7 | ||
| N/A | N/A | Cosminexus version 9 | ||
| Centreon | Web | Hitachi Web Server de la version 02-00 à la version 02-04 | ||
| Centreon | N/A | Cosminexus version 8 | ||
| Centreon | Web | Hitachi Web Server de la version 03-00 à la version 03-10 | ||
| N/A | N/A | Cosminexus version 6 | ||
| N/A | N/A | Cosminexus version 6.7 | ||
| Apache | HTTP Server | Cosminexus HTTP Server version 09-00 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cosminexus version 5",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Hitachi Web Server de la version 04-00 \u00e0 la version 04-20",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus version 7",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus version 9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Hitachi Web Server de la version 02-00 \u00e0 la version 02-04",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus version 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Web Server de la version 03-00 \u00e0 la version 03-10",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus version 6",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Cosminexus version 6.7",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Cosminexus HTTP Server version 09-00",
"product": {
"name": "HTTP Server",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2687",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2687"
}
],
"initial_release_date": "2012-12-03T00:00:00",
"last_revision_date": "2012-12-03T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-696",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eHitachi\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Hitachi",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Hitachi HS12-028 du 28 novembre 2012",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-028/index.html"
}
]
}
CERTA-2012-AVI-486
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans l'ActiveX InduSoft ISSymbol. Elle concerne un débordement de mémoire tampon pouvant être utilisé par un utilisateur malveillant pour exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "InduSoft ISSymbol ActiveX Control (Build 301.1009.2904.0) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "InduSoft Web Studio version 7.0B2.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "InduSoft Thin Client version 7.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0340"
}
],
"initial_release_date": "2012-09-06T00:00:00",
"last_revision_date": "2012-09-06T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 InduSoft du 05 septembre 2012 :",
"url": "http://www.indusoft.com/hotfixes/hotfixes.php"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 ICS-CERT ICSA-12-249-03 du 05 septembre 2012 :",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-03.pdf"
}
],
"reference": "CERTA-2012-AVI-486",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans l\u0027\u003cspan\nclass=\"textit\"\u003eActiveX\u003c/span\u003e \u003cspan class=\"textit\"\u003eInduSoft\nISSymbol\u003c/span\u003e. Elle concerne un d\u00e9bordement de m\u00e9moire tampon pouvant\n\u00eatre utilis\u00e9 par un utilisateur malveillant pour ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans le syst\u00e8me SCADA InduSoft ISSymbol",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ICS-CERT ICSA-12-249-03 du 05 septembre 2012",
"url": null
}
]
}
CERTA-2012-AVI-466
Vulnerability from certfr_avis
Une vulnérabilité dans les produits EMC ApplicationXtender a été corrigée. Elle permet à un attaquant de téléverser des fichiers arbitraires sur le système. Ceux-ci peuvent ensuite être utilisés pour exécuter du code arbitraire à distance sur ce système.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EMC ApplicationXtender Web Access .NET versions 6.5 P1 et pr\u00e9c\u00e9dentes.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC ApplicationXtender Desktop versions 6.5 P1 et pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2289",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2289"
}
],
"initial_release_date": "2012-08-28T00:00:00",
"last_revision_date": "2012-08-28T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-466",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-08-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans les produits EMC ApplicationXtender a \u00e9t\u00e9\ncorrig\u00e9e. Elle permet \u00e0 un attaquant de t\u00e9l\u00e9verser des fichiers\narbitraires sur le syst\u00e8me. Ceux-ci peuvent ensuite \u00eatre utilis\u00e9s pour\nex\u00e9cuter du code arbitraire \u00e0 distance sur ce syst\u00e8me.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits EMC ApplicationXtender",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2012-039 du 23 ao\u00fbt 2012",
"url": "http://seclists.org/bugtraq/2012/Aug/att-167/ESA-2012-039.txt"
}
]
}
CERTA-2012-AVI-451
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans HP Service Manager Web Tier et HP Service Center Web Tier. Cette vulnérabilité permet à un utilisateur malintentionné d'effectuer de l'injection de code indirecte à distance (cross-site-scripting).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP Service Manager Web Tier 9.30, 9.21 et 7.11 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "HP Service Center Web Tier 6.28.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3251",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3251"
}
],
"initial_release_date": "2012-08-20T00:00:00",
"last_revision_date": "2012-08-20T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-451",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-08-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eHP Service\nManager Web Tier\u003c/span\u003e et \u003cspan class=\"textit\"\u003eHP Service Center Web\nTier\u003c/span\u003e. Cette vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur malintentionn\u00e9\nd\u0027effectuer de l\u0027injection de code indirecte \u00e0 distance \u003cspan\nclass=\"textit\"\u003e(cross-site-scripting)\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans HP Service Manager Web Tier et HP Service Center Tier",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c03450382 du 13 ao\u00fbt 2012",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03450382"
}
]
}
CERTA-2012-AVI-219
Vulnerability from certfr_avis
De multiples vulnérabilités ont étés corrigées dans HP OpenVMS. Ces vulnérabilités affectent plusieurs éléments du produit. Elles permettent de contourner des politiques de sécurité, de s'élever des privilèges, d'effectuer des modifications non autorisées, de causer des dénis de service et d'accéder à des informations non permises.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | HP Secure Web Server (SWS) pour OpenVMS utilisant CSWS_JAVA V3.1 et antérieures ; | ||
| Centreon | N/A | HP OpenVMS utilisant V7.3-2 Alpha, V8.3 Alpha/IA64, V8.3-1h1 IA64 et V8.4 Alpha/IA64. | ||
| Centreon | N/A | HP Secure Web Server (SWS) pour OpenVMS utilisant PHP V2.2 et antérieures ; |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP Secure Web Server (SWS) pour OpenVMS utilisant CSWS_JAVA V3.1 et ant\u00e9rieures ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "HP OpenVMS utilisant V7.3-2 Alpha, V8.3 Alpha/IA64, V8.3-1h1 IA64 et V8.4 Alpha/IA64.",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "HP Secure Web Server (SWS) pour OpenVMS utilisant PHP V2.2 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2202"
},
{
"name": "CVE-2010-3870",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3870"
},
{
"name": "CVE-2010-4476",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
},
{
"name": "CVE-2010-4697",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4697"
},
{
"name": "CVE-2010-3709",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3709"
},
{
"name": "CVE-2011-2729",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2729"
},
{
"name": "CVE-2011-0421",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
},
{
"name": "CVE-2011-3190",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
},
{
"name": "CVE-2010-3710",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3710"
},
{
"name": "CVE-2010-2100",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2100"
},
{
"name": "CVE-2010-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2484"
},
{
"name": "CVE-2009-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
},
{
"name": "CVE-2010-2531",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2531"
},
{
"name": "CVE-2009-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
},
{
"name": "CVE-2009-2902",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
},
{
"name": "CVE-2010-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4645"
},
{
"name": "CVE-2012-0134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0134"
},
{
"name": "CVE-2009-0580",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
},
{
"name": "CVE-2011-0752",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0752"
},
{
"name": "CVE-2009-3555",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
},
{
"name": "CVE-2011-1092",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1092"
},
{
"name": "CVE-2010-1864",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1864"
},
{
"name": "CVE-2011-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
},
{
"name": "CVE-2011-1184",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1184"
},
{
"name": "CVE-2011-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2526"
},
{
"name": "CVE-2011-1148",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1148"
},
{
"name": "CVE-2009-3548",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3548"
},
{
"name": "CVE-2010-2191",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2191"
},
{
"name": "CVE-2010-2101",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2101"
},
{
"name": "CVE-2009-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
},
{
"name": "CVE-2006-7243",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-7243"
},
{
"name": "CVE-2009-0781",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
},
{
"name": "CVE-2010-4698",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4698"
},
{
"name": "CVE-2010-2225",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2225"
},
{
"name": "CVE-2010-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2097"
},
{
"name": "CVE-2011-1464",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1464"
},
{
"name": "CVE-2011-4885",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
},
{
"name": "CVE-2010-1860",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1860"
},
{
"name": "CVE-2010-2190",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2190"
},
{
"name": "CVE-2011-2204",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2204"
},
{
"name": "CVE-2010-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1157"
},
{
"name": "CVE-2010-4150",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4150"
},
{
"name": "CVE-2011-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1938"
},
{
"name": "CVE-2010-1862",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1862"
}
],
"initial_release_date": "2012-04-18T00:00:00",
"last_revision_date": "2012-04-18T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-219",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9s corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP OpenVMS\u003c/span\u003e. Ces vuln\u00e9rabilit\u00e9s affectent plusieurs\n\u00e9l\u00e9ments du produit. Elles permettent de contourner des politiques de\ns\u00e9curit\u00e9, de s\u0027\u00e9lever des privil\u00e8ges, d\u0027effectuer des modifications non\nautoris\u00e9es, de causer des d\u00e9nis de service et d\u0027acc\u00e9der \u00e0 des\ninformations non permises.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans HP OpenVMS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c03281867 du 16 avril 2012",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281867"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c03281831 du 16 avril 2012",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281831"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c03281869 du 16 avril 2012",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281869"
}
]
}
CERTA-2012-AVI-042
Vulnerability from certfr_avis
Une vulnérabilité dans le module mod_cluster de JBoss Enterprise Application Platform pour Red Hat Linux permet à un utilisateur malintentionné distant de contourner la politique de sécurité, voler des identifiants de session et d'élever ses privilèges.
Description
Le module mod_cluster de JBoss Enterprise Application Platform pour Red Hat Linux autorise les noeuds de travail à s'enregistrer auprès de n'importe quel hôte virtuel. Une personne malintentionnée peut alors forcer un enregistrement auprès d'un hôte virtuel externe qui ne met en place aucune restriction de sécurité et, ainsi, passer outre la politique de sécurité. L'attaquant peut alors voler des données sensibles comme des informations d'identification, afin d'élever ses privilèges, ou bien encore proposer du contenu malveillant à des utilisateurs légitimes.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SolarWinds | Platform | JBoss Enterprise Application Platform 5 for RHEL 4 AS (mod_cluster-native) ; | ||
| N/A | N/A | JBoss Enterprise Web Platform 5.1. | ||
| Centreon | Web | JBoss Enterprise Web Server 1.0 for RHEL 6 Server ; | ||
| SolarWinds | Platform | JBoss Enterprise Application Platform 5 for RHEL 6 AS (mod_cluster-native) ; | ||
| SolarWinds | Platform | JBoss Enterprise Application Platform 5.1 ; | ||
| Centreon | Web | JBoss Enterprise Web Server 1.0 for RHEL 5 Server ; | ||
| SolarWinds | Platform | JBoss Enterprise Application Platform 5 for RHEL 5 AS (mod_cluster-native) ; | ||
| Centreon | Web | JBoss Enterprise Web Server 1.0 for RHEL 4 AS ; | ||
| N/A | N/A | JBoss Enterprise Web Platform 5 for RHEL 4 AS (mod_cluster-native) ; | ||
| N/A | N/A | JBoss Enterprise Web Platform 5 for RHEL 5 Server (mod_cluster-native) ; | ||
| Centreon | Web | JBoss Enterprise Web Server 1.0 ; | ||
| N/A | N/A | JBoss Enterprise Web Platform 5 for RHEL 6 Server (mod_cluster-native) ; |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "JBoss Enterprise Application Platform 5 for RHEL 4 AS (mod_cluster-native) ;",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "JBoss Enterprise Web Platform 5.1.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "JBoss Enterprise Web Server 1.0 for RHEL 6 Server ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "JBoss Enterprise Application Platform 5 for RHEL 6 AS (mod_cluster-native) ;",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "JBoss Enterprise Application Platform 5.1 ;",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "JBoss Enterprise Web Server 1.0 for RHEL 5 Server ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "JBoss Enterprise Application Platform 5 for RHEL 5 AS (mod_cluster-native) ;",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "JBoss Enterprise Web Server 1.0 for RHEL 4 AS ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "JBoss Enterprise Web Platform 5 for RHEL 4 AS (mod_cluster-native) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "JBoss Enterprise Web Platform 5 for RHEL 5 Server (mod_cluster-native) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "JBoss Enterprise Web Server 1.0 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "JBoss Enterprise Web Platform 5 for RHEL 6 Server (mod_cluster-native) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLe module mod_cluster de JBoss Enterprise Application Platform pour Red\nHat Linux autorise les noeuds de travail \u00e0 s\u0027enregistrer aupr\u00e8s de\nn\u0027importe quel h\u00f4te virtuel. Une personne malintentionn\u00e9e peut alors\nforcer un enregistrement aupr\u00e8s d\u0027un h\u00f4te virtuel externe qui ne met en\nplace aucune restriction de s\u00e9curit\u00e9 et, ainsi, passer outre la\npolitique de s\u00e9curit\u00e9. L\u0027attaquant peut alors voler des donn\u00e9es\nsensibles comme des informations d\u0027identification, afin d\u0027\u00e9lever ses\nprivil\u00e8ges, ou bien encore proposer du contenu malveillant \u00e0 des\nutilisateurs l\u00e9gitimes.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4608",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4608"
}
],
"initial_release_date": "2012-01-31T00:00:00",
"last_revision_date": "2012-01-31T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2012:0035 du 18 janvier 2012 :",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0035.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2012:0038 du 18 janvier 2012 :",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0038.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2012:0039 du 18 janvier 2012 :",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0039.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2012:0036 du 18 janvier 2012 :",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0036.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2012:0037 du 18 janvier 2012 :",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0037.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2012:0040 du 18 janvier 2012 :",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0040.html"
}
],
"reference": "CERTA-2012-AVI-042",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-01-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans le module \u003cspan class=\"textit\"\u003emod_cluster\u003c/span\u003e\nde \u003cspan class=\"textit\"\u003eJBoss Enterprise Application Platform\u003c/span\u003e\npour \u003cspan class=\"textit\"\u003eRed Hat Linux\u003c/span\u003e permet \u00e0 un utilisateur\nmalintentionn\u00e9 distant de contourner la politique de s\u00e9curit\u00e9, voler des\nidentifiants de session et d\u0027\u00e9lever ses privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans JBoss",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 redhat RHSA-2012:0037",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 redhat RHSA-2012:0040",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 redhat RHSA-2012:0038",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 redhat RHSA-2012:0039",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 redhat RHSA-2012:0035",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 redhat RHSA-2012:0036",
"url": null
}
]
}
CERTA-2011-AVI-494
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans Hitachi Web Server, qui peut être exploitée pour provoquer un déni de service à distance.
Description
Une vulnérabilité a été corrigée dans Hitachi Web Server. L'envoi par un attaquant distant de requêtes http avec un en-tête spécialement conçu pourrait provoquer une saturation de la mémoire du serveur, et donc un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Hitachi Web server pour Windows, HP-UX, AIX, Solaris et Linux versions 3.x et 4.x.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Hitachi Web Server. L\u0027envoi par un\nattaquant distant de requ\u00eates http avec un en-t\u00eate sp\u00e9cialement con\u00e7u\npourrait provoquer une saturation de la m\u00e9moire du serveur, et donc un\nd\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-3192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
}
],
"initial_release_date": "2011-09-06T00:00:00",
"last_revision_date": "2011-09-06T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-494",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-09-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Hitachi Web Server, qui peut \u00eatre\nexploit\u00e9e pour provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Hitachi Web Serveur",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Hitachi HS11-019 du 05 septembre 2011",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-019/index.html"
}
]
}
CERTA-2011-AVI-253
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans les produits Hitachi Web Server, qui permet de contourner la politique de sécurité.
Description
Une vulnérabilité a été corrigée dans les produits Hitachi Web Server; il s'agit d'une vulnérabilité dans l'implémentation des protocoles TLS et SSL qui permet à un attaquant au milieu d'injecter des données dans des sessions qui utilisent ces protocoles.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Hitachi Web Server pour HP-UX(IPF) versions antérieures à 03.10.09 ; | ||
| Centreon | Web | Hitachi Web Server pour Linux versions antérieures à 03-00-06, 03-10-09, 04-00-05, 04-10-03 ; | ||
| Centreon | Web | Hitachi Web Server pour Linux(IPF) versions antérieures à 03-00-06, 03-10-09, 04-00-05, 04-10-03 ; | ||
| Centreon | Web | Hitachi Web Server pour Solaris versions antérieures à 04-00-05 ; | ||
| Centreon | Web | Hitachi Web Server pour Windows versions antérieures à 02-04-/J, 03-00-06, 03-10-09, 04-00,05, 04-10-03 ; | ||
| Centreon | Web | Hitachi Web Server pour AIX versions antérieures à 03-10-09. |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Hitachi Web Server pour HP-UX(IPF) versions ant\u00e9rieures \u00e0 03.10.09 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Web Server pour Linux versions ant\u00e9rieures \u00e0 03-00-06, 03-10-09, 04-00-05, 04-10-03 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Web Server pour Linux(IPF) versions ant\u00e9rieures \u00e0 03-00-06, 03-10-09, 04-00-05, 04-10-03 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Web Server pour Solaris versions ant\u00e9rieures \u00e0 04-00-05 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Web Server pour Windows versions ant\u00e9rieures \u00e0 02-04-/J, 03-00-06, 03-10-09, 04-00,05, 04-10-03 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Web Server pour AIX versions ant\u00e9rieures \u00e0 03-10-09.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits Hitachi Web Server;\nil s\u0027agit d\u0027une vuln\u00e9rabilit\u00e9 dans l\u0027impl\u00e9mentation des protocoles TLS\net SSL qui permet \u00e0 un attaquant au milieu d\u0027injecter des donn\u00e9es dans\ndes sessions qui utilisent ces protocoles.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3555",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
}
],
"initial_release_date": "2011-04-27T00:00:00",
"last_revision_date": "2011-04-27T00:00:00",
"links": [
{
"title": "Document du CERTA CERTA-2009-AVI-482 du 06 novembre 2009 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-AVI-482/index.html"
}
],
"reference": "CERTA-2011-AVI-253",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-04-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits Hitachi Web Server,\nqui permet de contourner la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Hitachi Web Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Hitachi HS11-006 du 26 avril 2011",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-006/index.html"
}
]
}
CERTA-2011-AVI-254
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans les produits Hitachi Web Server, qui permet de contourner la politique de sécurité.
Description
Une vulnérabilité a été corrigée dans les produits Hitachi Web Server ; il s'agit d'une vulnérabilité dans le serveur embarqué Apache qui permet à un attaquant distant d'accéder à des informations non autorisées via une requête spécialement conçue.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Hitachi Web Server pour HP-UX(IPF) versions antérieures à 03.10.09 ; | ||
| Centreon | Web | Hitachi Web Server pour Linux versions antérieures à 03-00-06, 03-10-09, 04-00-05, 04-10-03 ; | ||
| Centreon | Web | Hitachi Web Server pour Linux(IPF) versions antérieures à 03-00-06, 03-10-09, 04-00-05, 04-10-03 ; | ||
| Centreon | Web | Hitachi Web Server pour Windows versions antérieures à 03-00-06, 03-10-09, 04-00,05, 04-10-03 ; | ||
| Centreon | Web | Hitachi Web Server pour Solaris versions antérieures à 04-00-05 ; | ||
| Centreon | Web | Hitachi Web Server pour AIX versions antérieures à 03-10-09. |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Hitachi Web Server pour HP-UX(IPF) versions ant\u00e9rieures \u00e0 03.10.09 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Web Server pour Linux versions ant\u00e9rieures \u00e0 03-00-06, 03-10-09, 04-00-05, 04-10-03 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Web Server pour Linux(IPF) versions ant\u00e9rieures \u00e0 03-00-06, 03-10-09, 04-00-05, 04-10-03 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Web Server pour Windows versions ant\u00e9rieures \u00e0 03-00-06, 03-10-09, 04-00,05, 04-10-03 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Web Server pour Solaris versions ant\u00e9rieures \u00e0 04-00-05 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Web Server pour AIX versions ant\u00e9rieures \u00e0 03-10-09.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits Hitachi Web Server ;\nil s\u0027agit d\u0027une vuln\u00e9rabilit\u00e9 dans le serveur embarqu\u00e9 Apache qui permet\n\u00e0 un attaquant distant d\u0027acc\u00e9der \u00e0 des informations non autoris\u00e9es via\nune requ\u00eate sp\u00e9cialement con\u00e7ue.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
}
],
"initial_release_date": "2011-04-27T00:00:00",
"last_revision_date": "2011-04-27T00:00:00",
"links": [
{
"title": "Document du CERTA CERTA-2010-AVI-112 du 08 mars 2010 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2010-AVI-112/index.html"
}
],
"reference": "CERTA-2011-AVI-254",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-04-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits Hitachi Web Server,\nqui permet de contourner la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Hitachi Web Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Hitachi HS11-007 du 26 avril 2011",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-007/index.html"
}
]
}
CERTA-2011-AVI-248
Vulnerability from certfr_avis
Deux vulnérabilités dans CA Output Management Web Viewer permettent d'exécuter du code arbitraire à distance.
Description
Deux vulnérabilités, de type débordement de mémoire, ont été découvertes dans les contrôles ActiveX PPSView.ocx et UOMWV_HelperActiveX.ocx de CA Output Management Web Viewer. L'exploitation de ces vulnérabilités, par le biais d'une page Web spécifiquement construite, permet l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CA Output Management Web Viewer 11.0 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "CA Output Management Web Viewer 11.5.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s, de type d\u00e9bordement de m\u00e9moire, ont \u00e9t\u00e9 d\u00e9couvertes\ndans les contr\u00f4les ActiveX PPSView.ocx et UOMWV_HelperActiveX.ocx de CA\nOutput Management Web Viewer. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s, par\nle biais d\u0027une page Web sp\u00e9cifiquement construite, permet l\u0027ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1719",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1719"
}
],
"initial_release_date": "2011-04-22T00:00:00",
"last_revision_date": "2011-04-22T00:00:00",
"links": [],
"reference": "CERTA-2011-AVI-248",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eCA Output Management Web\nViewer\u003c/span\u003e permettent d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans CA Output Management Web Viewer",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 CA20110420-02 du 20 avril 2011",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=DED5B724-B500-46DA-A855-B2AF457B5364"
}
]
}
CERTA-2010-AVI-452
Vulnerability from certfr_avis
Une vulnérabilité présente dans RSA Authentication Agent permet à un utilisateur distant de porter atteinte à la confidentialité des données.
Description
Une vulnérabilité, causée par un manque de contrôle sur certaines variables, peut être exploitée pour mener des attaques de type «traversée de répertoires» et porter atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "RSA Authentication Agent 7.0 pour Internet Information Services.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "RSA Authentication Agent 7.0 pour Apache Web Server ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9, caus\u00e9e par un manque de contr\u00f4le sur certaines\nvariables, peut \u00eatre exploit\u00e9e pour mener des attaques de type\n\u00abtravers\u00e9e de r\u00e9pertoires\u00bb et porter atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-3261",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3261"
}
],
"initial_release_date": "2010-09-23T00:00:00",
"last_revision_date": "2010-09-23T00:00:00",
"links": [],
"reference": "CERTA-2010-AVI-452",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-09-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans RSA Authentication Agent permet \u00e0 un\nutilisateur distant de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilt\u00e9 dans RSA Authentication Agent",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RSA ESA-2010-017 du 20 septembre 2010",
"url": "http://archives.neohapsis.com/archives/bugtraq/2010-09/att-0181/rsa2.txt.asc"
}
]
}
CERTA-2010-AVI-033
Vulnerability from certfr_avis
De multiples vulnérabilités permettant entre autres l'exécution de code arbitraire à distance ont été corrigées dans Sun Java System Web Server.
Description
Plusieurs vulnérabilités ont été corrigées dans Sun Java System Web Server. Elles permettent notamment l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sun Java System Web Server 7.0 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java System Web Proxy Server 4.0.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java System Web Server 6.1 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Sun Java System Web\nServer. Elles permettent notamment l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2010-01-29T00:00:00",
"last_revision_date": "2010-01-29T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #275850 du 20 janvier 2010 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275850-1"
}
],
"reference": "CERTA-2010-AVI-033",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-01-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s permettant entre autres l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance ont \u00e9t\u00e9 corrig\u00e9es dans Sun Java System Web Server.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans Sun Java System Web Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sun 1-66-275850-1 du 20 janvier 2010",
"url": null
}
]
}
CERTA-2010-AVI-037
Vulnerability from certfr_avis
Une vulnérabilité dans des produits Hitachi permet à un utilisateur distant de provoquer un déni de service ou d'exécuter du code arbitraire.
Description
Une vulnérabilité de nature non-précisée par l'éditeur mais relative au traitement d'images est présente dans certains produits de la marque Hitachi. Cette faille permet à un utilisateur distant de provoquer un déni de service ou d'exécuter du code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | N/A | Cosminexus 7.x ; | ||
| Centreon | N/A | Hitachi Electronic Form Workflow 6.x ; | ||
| Centreon | N/A | Hitachi Processing Kit for XML ; | ||
| N/A | N/A | Cosminexus 8.x ; | ||
| Centreon | N/A | uCosminexus Application Server ; | ||
| Centreon | N/A | Cosminexus 5.x ; | ||
| N/A | N/A | uCosminexus Operator ; | ||
| SolarWinds | Platform | uCosminexus Service Platform ; | ||
| Centreon | N/A | uCosminexus Service Architect ; | ||
| N/A | N/A | Cosminexus 6.x ; | ||
| Centreon | N/A | Hitachi Developer's Kit for Java ; | ||
| Centreon | N/A | Electronic Form Workflow 7.x ; | ||
| Centreon | N/A | Groupmax Collaboration - Server ; | ||
| N/A | N/A | uCosminexus Collaboration - Server ; | ||
| Centreon | N/A | uCosminexus Developer ; | ||
| SolarWinds | Platform | uCosminexus Navigation Platform ; | ||
| Centreon | Web | Cosminexus/OpenTP1 Web Front-end Set ; | ||
| Centreon | Web | uCosminexus/OpenTP1 Web Front-end Set. | ||
| N/A | N/A | Cosminexus Server 4.x ; | ||
| N/A | N/A | Cosminexus Studio 4.x ; | ||
| N/A | N/A | uCosminexus Client ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cosminexus 7.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Electronic Form Workflow 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Processing Kit for XML ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus 8.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "uCosminexus Application Server ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus 5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "uCosminexus Operator ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "uCosminexus Service Platform ;",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "uCosminexus Service Architect ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Hitachi Developer\u0027s Kit for Java ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Electronic Form Workflow 7.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Groupmax Collaboration - Server ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "uCosminexus Collaboration - Server ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "uCosminexus Developer ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "uCosminexus Navigation Platform ;",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "Cosminexus/OpenTP1 Web Front-end Set ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "uCosminexus/OpenTP1 Web Front-end Set.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus Server 4.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Cosminexus Studio 4.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "uCosminexus Client ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de nature non-pr\u00e9cis\u00e9e par l\u0027\u00e9diteur mais relative au\ntraitement d\u0027images est pr\u00e9sente dans certains produits de la marque\nHitachi. Cette faille permet \u00e0 un utilisateur distant de provoquer un\nd\u00e9ni de service ou d\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2010-01-29T00:00:00",
"last_revision_date": "2010-01-29T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Hitachi HS09-019 du 29 janvier 2010 :",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-019/index.html"
}
],
"reference": "CERTA-2010-AVI-037",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-01-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans des produits Hitachi permet \u00e0 un utilisateur\ndistant de provoquer un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 des produits Hitachi",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Hitachi HS09-019 du 29 janvier 2010",
"url": null
}
]
}
CERTA-2009-AVI-261
Vulnerability from certfr_avis
Plusieurs vulnérabilités de Sun Java Web Console permettent de réaliser des injections de code indirectes.
Description
Plusieurs défauts de contrôle de variables dans Sun Java Web Console permettent de réaliser des injections de code indirectes via un site Web vulnérable.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sun Java Web Console versions 3.0.2, 3.0.3, 3.0.4 et 3.0.5.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs d\u00e9fauts de contr\u00f4le de variables dans Sun Java Web Console\npermettent de r\u00e9aliser des injections de code indirectes via un site Web\nvuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2009-06-30T00:00:00",
"last_revision_date": "2009-06-30T00:00:00",
"links": [],
"reference": "CERTA-2009-AVI-261",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-06-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eSun Java Web\nConsole\u003c/span\u003e permettent de r\u00e9aliser des injections de code indirectes.\n",
"title": "Vuln\u00e9rabilit\u00e9s de Sun Java Web Console",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sun #262428 du 26 juin 2009",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1"
}
]
}