Vulnerability-Lookup

CVE-2023-5072 (GCVE-0-2023-5072)

Vulnerability from cvelistv5 – Published: 2023-10-12 16:13 – Updated: 2025-02-13 17:19

Title

DoS Vulnerability in JSON-Java

Summary

Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

Google

References

4 references

URL	Tags
https://github.com/stleary/JSON-java/issues/758
https://github.com/stleary/JSON-java/issues/771
http://www.openwall.com/lists/oss-security/2023/12/13/4
https://security.netapp.com/advisory/ntap-2024062…

Impacted products

1 product

Vendor	Product	Version
https://github.com/stleary/JSON-java	n/a	Affected: 0 , ≤ 20230618 (date)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.789Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/stleary/JSON-java/issues/758"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/stleary/JSON-java/issues/771"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5072",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T16:23:55.801589Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T16:24:03.711Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "n/a",
          "vendor": "https://github.com/stleary/JSON-java",
          "versions": [
            {
              "lessThanOrEqual": "20230618",
              "status": "affected",
              "version": "0",
              "versionType": "date"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDenial of Service  in \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJSON-Java versions up to and including 20230618. \u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Denial of Service  in JSON-Java versions up to and including 20230618. \u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-197",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-197 Exponential Data Expansion"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:08:23.050Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/stleary/JSON-java/issues/758"
        },
        {
          "url": "https://github.com/stleary/JSON-java/issues/771"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/12/13/4"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "DoS Vulnerability in JSON-Java",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2023-5072",
    "datePublished": "2023-10-12T16:13:27.974Z",
    "dateReserved": "2023-09-19T18:29:03.608Z",
    "dateUpdated": "2025-02-13T17:19:28.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-5072",
      "date": "2026-05-24",
      "epss": "0.00677",
      "percentile": "0.71759"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:json-java_project:json-java:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"20230618\", \"matchCriteriaId\": \"13919820-D849-4641-A7E6-6E01A01862F2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Denial of Service  in JSON-Java versions up to and including 20230618. \\u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\"}, {\"lang\": \"es\", \"value\": \"Denegaci\\u00f3n de Servicio (DoS) en versiones JSON-Java hasta 20230618 incluida. Un error en el analizador significa que una cadena de entrada de tama\\u00f1o modesto puede provocar el uso de cantidades indefinidas de memoria.\"}]",
      "id": "CVE-2023-5072",
      "lastModified": "2024-11-21T08:41:00.573",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-coordination@google.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-10-12T17:15:10.187",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/13/4\", \"source\": \"cve-coordination@google.com\"}, {\"url\": \"https://github.com/stleary/JSON-java/issues/758\", \"source\": \"cve-coordination@google.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/stleary/JSON-java/issues/771\", \"source\": \"cve-coordination@google.com\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\", \"source\": \"cve-coordination@google.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/13/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/stleary/JSON-java/issues/758\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/stleary/JSON-java/issues/771\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve-coordination@google.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cve-coordination@google.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-770\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-5072\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2023-10-12T17:15:10.187\",\"lastModified\":\"2025-09-19T18:54:20.100\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Denial of Service  in JSON-Java versions up to and including 20230618. \u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\"},{\"lang\":\"es\",\"value\":\"Denegaci\u00f3n de Servicio (DoS) en versiones JSON-Java hasta 20230618 incluida. Un error en el analizador significa que una cadena de entrada de tama\u00f1o modesto puede provocar el uso de cantidades indefinidas de memoria.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:stleary:json-java:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"20230618\",\"matchCriteriaId\":\"5F4DB239-5ADA-4158-9B78-65672A05D31B\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/13/4\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"https://github.com/stleary/JSON-java/issues/758\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/stleary/JSON-java/issues/771\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0007/\",\"source\":\"cve-coordination@google.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/12/13/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/stleary/JSON-java/issues/758\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/stleary/JSON-java/issues/771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/stleary/JSON-java/issues/758\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/stleary/JSON-java/issues/771\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/13/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:44:53.789Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-5072\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-21T16:23:55.801589Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-21T16:23:59.532Z\"}}], \"cna\": {\"title\": \"DoS Vulnerability in JSON-Java\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-197\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-197 Exponential Data Expansion\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"https://github.com/stleary/JSON-java\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"date\", \"lessThanOrEqual\": \"20230618\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/stleary/JSON-java/issues/758\"}, {\"url\": \"https://github.com/stleary/JSON-java/issues/771\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/12/13/4\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0007/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Denial of Service  in JSON-Java versions up to and including 20230618. \\u00a0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eDenial of Service  in \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eJSON-Java versions up to and including 20230618. \u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"shortName\": \"Google\", \"dateUpdated\": \"2024-06-21T19:08:23.050Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-5072\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:19:28.975Z\", \"dateReserved\": \"2023-09-19T18:29:03.608Z\", \"assignerOrgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"datePublished\": \"2023-10-12T16:13:27.974Z\", \"assignerShortName\": \"Google\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0046

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Java SE	Oracle GraalVM pour JDK versions 17.0.9 et 21.0.1 sans les derniers correctifs de sécurité
Oracle	Java SE	Oracle GraalVM Enterprise Edition versions 20.3.12, 21.3.8 et 22.3.4 sans les derniers correctifs de sécurité
Oracle	Java SE	Oracle Java SE versions 8u391, 8u391-perf, 11.0.21, 17.0.9 et 21.0.1 sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujan2024verbose du 16 janvier 2024	None	vendor-advisory
Bulletin de sécurité Oracle cpujan2024 du 16 janvier 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle GraalVM pour JDK versions 17.0.9 et 21.0.1 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM Enterprise Edition versions 20.3.12, 21.3.8 et 22.3.4 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE versions 8u391, 8u391-perf, 11.0.21, 17.0.9 et 21.0.1 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-20919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
    },
    {
      "name": "CVE-2024-20926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
    },
    {
      "name": "CVE-2024-20922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20922"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2024-20955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20955"
    },
    {
      "name": "CVE-2024-20923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20923"
    },
    {
      "name": "CVE-2024-20932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2024-20925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20925"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0046",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024verbose du 16 janvier 2024",
      "url": "https://www.oracle.com/security-alerts/cpujan2024verbose.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024 du 16 janvier 2024",
      "url": "https://www.oracle.com/security-alerts/cpujan2024.html"
    }
  ]
}

CERTFR-2024-AVI-0047

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle PeopleSoft. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	PeopleSoft	PeopleSoft Enterprise PeopleTools versions 8.59, 8.60 et 8.61 sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujan2024verbose du 16 janvier 2024	None	vendor-advisory
Bulletin de sécurité Oracle cpujan2024 du 16 janvier 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PeopleSoft Enterprise PeopleTools versions 8.59, 8.60 et 8.61 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2023-44483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0047",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle PeopleSoft.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle PeopleSoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024verbose du 16 janvier 2024",
      "url": "https://www.oracle.com/security-alerts/cpujan2024verbose.html#PS"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024 du 16 janvier 2024",
      "url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixPS"
    }
  ]
}

CERTFR-2024-AVI-0228

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling	Sterling Connect - Direct pour Microsoft Windows versions 6.3.0.x antérieures à 6.3.0.2_iFix012
IBM	Sterling	Sterling Secure Proxy versions 6.1.0 sans le correctif de sécurité iFix 03
IBM	Sterling	Sterling Secure Proxy versions 6.0.3 sans le correctif de sécurité iFix 11
IBM	Sterling	Sterling Partner Engagement Manager versions 6.2.2.x antérieures à 6.2.2.2 sans le dernier correctif de sécurité
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF06
IBM	Sterling	Sterling Connect - Direct pour Microsoft Windows versions 6.2.0.x antérieures à 6.2.0.6_iFix012
IBM	Db2	IBM Db2 Web Query pour i version 2.4.0 sans les correctifs de sécurité SI85982 et SI85987
IBM	Sterling	Sterling Partner Engagement Manager versions 6.2.0.x antérieures à 6.2.0.7 sans le dernier correctif de sécurité
IBM	Sterling	Sterling Connect - Direct File Agent versions 1.4.0.x antérieures à 1.4.0.3_iFix004
IBM	Sterling	Sterling Partner Engagement Manager versions 6.1.2.x antérieures à 6.1.2.9 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7142007 du 14 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7142038 du 14 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7138527 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7138509 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7140420 du 13 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7138477 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7142032 du 14 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7138522 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7137248 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7137258 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7138503 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7142006 du 14 mars 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sterling Connect - Direct pour Microsoft Windows versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.2_iFix012",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 03",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 11",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.2 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF06",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect - Direct pour Microsoft Windows versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6_iFix012",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Web Query pour i version 2.4.0 sans les correctifs de s\u00e9curit\u00e9 SI85982 et SI85987",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.7 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect - Direct File Agent versions 1.4.0.x ant\u00e9rieures \u00e0 1.4.0.3_iFix004",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.9 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-20919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
    },
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2022-45688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2024-20926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
    },
    {
      "name": "CVE-2023-47699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47699"
    },
    {
      "name": "CVE-2023-46179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46179"
    },
    {
      "name": "CVE-2024-22361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2023-46182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46182"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2022-46337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-47147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47147"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2022-41678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41678"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2018-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
    },
    {
      "name": "CVE-2023-34034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34034"
    },
    {
      "name": "CVE-2023-22067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
    },
    {
      "name": "CVE-2022-40609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2023-36478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
    },
    {
      "name": "CVE-2023-44981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2023-52428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
    },
    {
      "name": "CVE-2023-33850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
    },
    {
      "name": "CVE-2023-39685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39685"
    },
    {
      "name": "CVE-2023-47162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47162"
    },
    {
      "name": "CVE-2023-40167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
    },
    {
      "name": "CVE-2023-41900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2022-34169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
    },
    {
      "name": "CVE-2023-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
    },
    {
      "name": "CVE-2023-22049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
    },
    {
      "name": "CVE-2023-36479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
    },
    {
      "name": "CVE-2023-5676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
    },
    {
      "name": "CVE-2023-46604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2024-20932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2023-45177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45177"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2023-38039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2022-24839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24839"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    },
    {
      "name": "CVE-2023-46181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46181"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0228",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7142007 du 14 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7142007"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7142038 du 14 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7142038"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7138527 du 12 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7138527"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7138509 du 12 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7138509"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7140420 du 13 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7140420"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7138477 du 12 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7138477"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7142032 du 14 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7142032"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7138522 du 12 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7138522"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7137248 du 12 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7137248"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7137258 du 12 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7137258"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7138503 du 12 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7138503"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7142006 du 14 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7142006"
    }
  ]
}

CERTFR-2024-AVI-0322

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	Database Server	Database Server versions 19.3 à 19.22 et 21.3 à 21.13 sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2024verbose du 16 avril 2024	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2024 du 16 avril 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Database Server versions 19.3 \u00e0 19.22 et 21.3 \u00e0 21.13 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-20919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2024-20926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
    },
    {
      "name": "CVE-2022-34381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34381"
    },
    {
      "name": "CVE-2024-20922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20922"
    },
    {
      "name": "CVE-2023-39975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39975"
    },
    {
      "name": "CVE-2023-36632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
    },
    {
      "name": "CVE-2023-28823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28823"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2024-21066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21066"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-21058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21058"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2023-47038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2024-23672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
    },
    {
      "name": "CVE-2024-20923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20923"
    },
    {
      "name": "CVE-2023-41105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41105"
    },
    {
      "name": "CVE-2022-34169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
    },
    {
      "name": "CVE-2023-42503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
    },
    {
      "name": "CVE-2024-21093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21093"
    },
    {
      "name": "CVE-2024-20932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
    },
    {
      "name": "CVE-2023-49083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2024-20925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20925"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2024-20995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20995"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0322",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database\nServer. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
      "url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html#DB"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
      "url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
    }
  ]
}

CERTFR-2024-AVI-0323

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Weblogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	Weblogic	Oracle WebLogic Server versions 12.2.1.4.0 et 14.1.1.0.0 sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2024verbose du 16 avril 2024	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2024 du 16 avril 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle WebLogic Server versions 12.2.1.4.0 et 14.1.1.0.0 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-33201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2021-23369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23369"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2023-52428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
    },
    {
      "name": "CVE-2024-23635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23635"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2024-21007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21007"
    },
    {
      "name": "CVE-2024-21006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21006"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0323",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Weblogic.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Weblogic",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
      "url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
      "url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
    }
  ]
}

CERTFR-2024-AVI-0366

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Cloud Pak	IBM Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.21.0
IBM	QRadar Suite Software	QRadar Suite Software versions 1.10.x.x antérieures à 1.10.21.0
IBM	QRadar Assistant	QRadar Assistant versions antérieures à 3.7.0
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.3
IBM	QRadar SIEM	QRadar SIEM sur Azure Marketplace versions antérieures à 7.3.x postérieures à 7.3.3 et antérieures à 7.5.0 avec le paquet OMI installé
IBM	WebSphere	WebSphere eXtreme Scale versions 8.6.1.x antérieures à 8.6.1.6 sans le correctif de sécurité PH61029
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x FP2 antérieures à 11.2.4 FP3

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7149736 du 29 avril 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150045 du 01 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7149967 du 01 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7149874 du 01 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150150 du 03 mai 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0",
      "product": {
        "name": "QRadar Suite Software",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.7.0",
      "product": {
        "name": "QRadar Assistant",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM sur Azure Marketplace versions ant\u00e9rieures \u00e0 7.3.x post\u00e9rieures \u00e0 7.3.3 et ant\u00e9rieures \u00e0 7.5.0 avec le paquet OMI install\u00e9",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere eXtreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 sans le correctif de s\u00e9curit\u00e9 PH61029",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x FP2 ant\u00e9rieures \u00e0 11.2.4 FP3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-25577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
    },
    {
      "name": "CVE-2022-31116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31116"
    },
    {
      "name": "CVE-2023-28841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
    },
    {
      "name": "CVE-2024-28849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
    },
    {
      "name": "CVE-2023-28840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
    },
    {
      "name": "CVE-2023-45857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
    },
    {
      "name": "CVE-2021-30465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
    },
    {
      "name": "CVE-2022-29162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29162"
    },
    {
      "name": "CVE-2022-31117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31117"
    },
    {
      "name": "CVE-2023-23934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
    },
    {
      "name": "CVE-2023-27561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27561"
    },
    {
      "name": "CVE-2024-28102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
    },
    {
      "name": "CVE-2019-14322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14322"
    },
    {
      "name": "CVE-2023-44270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2019-1010083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1010083"
    },
    {
      "name": "CVE-2018-18074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
    },
    {
      "name": "CVE-2022-23541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23541"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2024-21503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21503"
    },
    {
      "name": "CVE-2022-23540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23540"
    },
    {
      "name": "CVE-2024-1135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
    },
    {
      "name": "CVE-2024-21501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21501"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2021-43784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
    },
    {
      "name": "CVE-2023-28842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2024-21334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21334"
    },
    {
      "name": "CVE-2023-25809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25809"
    },
    {
      "name": "CVE-2016-10745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10745"
    },
    {
      "name": "CVE-2023-46136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2023-44981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
    },
    {
      "name": "CVE-2024-27088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27088"
    },
    {
      "name": "CVE-2022-23539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23539"
    },
    {
      "name": "CVE-2018-1000656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000656"
    },
    {
      "name": "CVE-2024-25047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25047"
    },
    {
      "name": "CVE-2021-28363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28363"
    },
    {
      "name": "CVE-2020-15366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
    },
    {
      "name": "CVE-2015-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3627"
    },
    {
      "name": "CVE-2023-31484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
    },
    {
      "name": "CVE-2023-28642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28642"
    },
    {
      "name": "CVE-2016-10516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10516"
    },
    {
      "name": "CVE-2020-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25032"
    },
    {
      "name": "CVE-2021-45958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45958"
    },
    {
      "name": "CVE-2023-30861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
    },
    {
      "name": "CVE-2021-43565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2020-28493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
    },
    {
      "name": "CVE-2023-26159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
    },
    {
      "name": "CVE-2024-24758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24758"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0366",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-05-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7149736 du 29 avril 2024",
      "url": "https://www.ibm.com/support/pages/node/7149736"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150045 du 01 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150045"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7149967 du 01 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7149967"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7149874 du 01 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7149874"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150150 du 03 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150150"
    }
  ]
}

CERTFR-2024-AVI-0385

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services (Certified Container) toutes versions sans le dernier correctif de sécurité
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.23
IBM	N/A	AIX et VIOS sans le dernier correctif de sécurité
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions antérieures à 6.1.0.24
IBM	QRadar	SOAR QRadar Plugin App versions antérieures à 5.4.0
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.7
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8 IF02

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7150297 du 06 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150684 du 09 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150803 du 09 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150277 du 05 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150196 du 03 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150798 du 09 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150804 du 09 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150799 du 09 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150276 du 05 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150802 du 09 mai 2024	None	vendor-advisory
Bulletin de sécurité IBM 7150362 du 07 mai 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Connect:Direct Web Services (Certified Container) toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.23",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX et VIOS sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions ant\u00e9rieures \u00e0 6.1.0.24",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.4.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.7",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8 IF02",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-29483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
    },
    {
      "name": "CVE-2024-20919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
    },
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2023-1382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1382"
    },
    {
      "name": "CVE-2023-4732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4732"
    },
    {
      "name": "CVE-2022-48564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
    },
    {
      "name": "CVE-2023-6681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6681"
    },
    {
      "name": "CVE-2023-3138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3138"
    },
    {
      "name": "CVE-2023-46813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46813"
    },
    {
      "name": "CVE-2023-46218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
    },
    {
      "name": "CVE-2023-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
    },
    {
      "name": "CVE-2024-27273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27273"
    },
    {
      "name": "CVE-2023-28328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28328"
    },
    {
      "name": "CVE-2023-51043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51043"
    },
    {
      "name": "CVE-2023-5633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5633"
    },
    {
      "name": "CVE-2023-52425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
    },
    {
      "name": "CVE-2022-38457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38457"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2022-45688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
    },
    {
      "name": "CVE-2022-26691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26691"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2024-20926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
    },
    {
      "name": "CVE-2023-5178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5178"
    },
    {
      "name": "CVE-2023-50868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
    },
    {
      "name": "CVE-2023-6536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
    },
    {
      "name": "CVE-2023-23455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
    },
    {
      "name": "CVE-2020-10001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10001"
    },
    {
      "name": "CVE-2024-0646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0646"
    },
    {
      "name": "CVE-2021-33503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33503"
    },
    {
      "name": "CVE-2023-40283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
    },
    {
      "name": "CVE-2022-45884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45884"
    },
    {
      "name": "CVE-2023-50782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
    },
    {
      "name": "CVE-2007-4559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4559"
    },
    {
      "name": "CVE-2023-33951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33951"
    },
    {
      "name": "CVE-2024-28102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
    },
    {
      "name": "CVE-2023-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2163"
    },
    {
      "name": "CVE-2022-42895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
    },
    {
      "name": "CVE-2024-22361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2022-40133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40133"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2023-28322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
    },
    {
      "name": "CVE-2023-45862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45862"
    },
    {
      "name": "CVE-2023-1989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
    },
    {
      "name": "CVE-2020-3898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3898"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2023-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
    },
    {
      "name": "CVE-2022-45869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45869"
    },
    {
      "name": "CVE-2023-2513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2513"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2023-20569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
    },
    {
      "name": "CVE-2023-4206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
    },
    {
      "name": "CVE-2023-6817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6817"
    },
    {
      "name": "CVE-2023-31084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31084"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2022-45919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
    },
    {
      "name": "CVE-2019-13224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
    },
    {
      "name": "CVE-2022-41858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41858"
    },
    {
      "name": "CVE-2023-3611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
    },
    {
      "name": "CVE-2023-4128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
    },
    {
      "name": "CVE-2023-31436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31436"
    },
    {
      "name": "CVE-2023-1074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1074"
    },
    {
      "name": "CVE-2019-19204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19204"
    },
    {
      "name": "CVE-2023-42753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
    },
    {
      "name": "CVE-2023-4921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4921"
    },
    {
      "name": "CVE-2023-33203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
    },
    {
      "name": "CVE-2023-3812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3812"
    },
    {
      "name": "CVE-2023-32360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2024-27269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27269"
    },
    {
      "name": "CVE-2021-43975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43975"
    },
    {
      "name": "CVE-2023-4207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
    },
    {
      "name": "CVE-2018-19787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19787"
    },
    {
      "name": "CVE-2023-22067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
    },
    {
      "name": "CVE-2023-6356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6356"
    },
    {
      "name": "CVE-2024-1488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1488"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2023-1252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1252"
    },
    {
      "name": "CVE-2023-44794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44794"
    },
    {
      "name": "CVE-2022-3545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
    },
    {
      "name": "CVE-2023-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2176"
    },
    {
      "name": "CVE-2023-2162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2162"
    },
    {
      "name": "CVE-2023-1079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1079"
    },
    {
      "name": "CVE-2022-36402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36402"
    },
    {
      "name": "CVE-2023-33952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33952"
    },
    {
      "name": "CVE-2023-32324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32324"
    },
    {
      "name": "CVE-2023-36478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
    },
    {
      "name": "CVE-2014-3146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3146"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2023-3772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3772"
    },
    {
      "name": "CVE-2022-4744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
    },
    {
      "name": "CVE-2023-3161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3161"
    },
    {
      "name": "CVE-2023-35824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
    },
    {
      "name": "CVE-2023-45871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45871"
    },
    {
      "name": "CVE-2023-1998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1998"
    },
    {
      "name": "CVE-2023-28772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28772"
    },
    {
      "name": "CVE-2022-40982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40982"
    },
    {
      "name": "CVE-2019-16163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
    },
    {
      "name": "CVE-2023-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1786"
    },
    {
      "name": "CVE-2023-1075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1075"
    },
    {
      "name": "CVE-2023-3609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
    },
    {
      "name": "CVE-2023-38325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
    },
    {
      "name": "CVE-2023-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4155"
    },
    {
      "name": "CVE-2023-4208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
    },
    {
      "name": "CVE-2023-35823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
    },
    {
      "name": "CVE-2019-9740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
    },
    {
      "name": "CVE-2023-26545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26545"
    },
    {
      "name": "CVE-2022-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3640"
    },
    {
      "name": "CVE-2022-45887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45887"
    },
    {
      "name": "CVE-2023-6535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
    },
    {
      "name": "CVE-2024-26130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2019-19203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19203"
    },
    {
      "name": "CVE-2023-1118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1118"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2023-33850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2022-48560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
    },
    {
      "name": "CVE-2022-3594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
    },
    {
      "name": "CVE-2023-34241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34241"
    },
    {
      "name": "CVE-2022-38096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
    },
    {
      "name": "CVE-2023-4622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4622"
    },
    {
      "name": "CVE-2019-8696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
    },
    {
      "name": "CVE-2020-26137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
    },
    {
      "name": "CVE-2019-11324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
    },
    {
      "name": "CVE-2023-3141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3141"
    },
    {
      "name": "CVE-2022-28388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28388"
    },
    {
      "name": "CVE-2023-30456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30456"
    },
    {
      "name": "CVE-2023-2004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2004"
    },
    {
      "name": "CVE-2023-5676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
    },
    {
      "name": "CVE-2023-6606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6606"
    },
    {
      "name": "CVE-2019-11236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
    },
    {
      "name": "CVE-2023-6932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6932"
    },
    {
      "name": "CVE-2023-0458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0458"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2023-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
    },
    {
      "name": "CVE-2023-3212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
    },
    {
      "name": "CVE-2021-33631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33631"
    },
    {
      "name": "CVE-2023-50387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
    },
    {
      "name": "CVE-2024-0985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
    },
    {
      "name": "CVE-2024-20932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
    },
    {
      "name": "CVE-2022-48624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2023-0597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0597"
    },
    {
      "name": "CVE-2023-6546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
    },
    {
      "name": "CVE-2023-7192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7192"
    },
    {
      "name": "CVE-2023-4132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4132"
    },
    {
      "name": "CVE-2024-1086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
    },
    {
      "name": "CVE-2023-1206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
    },
    {
      "name": "CVE-2024-0565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
    },
    {
      "name": "CVE-2019-8675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
    },
    {
      "name": "CVE-2023-4623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4623"
    },
    {
      "name": "CVE-2023-51042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51042"
    },
    {
      "name": "CVE-2023-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2023-3268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3268"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2023-5717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
    },
    {
      "name": "CVE-2019-19012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
    },
    {
      "name": "CVE-2020-27783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    },
    {
      "name": "CVE-2021-43818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43818"
    },
    {
      "name": "CVE-2021-43618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
    },
    {
      "name": "CVE-2023-2166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2166"
    },
    {
      "name": "CVE-2023-1192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1192"
    },
    {
      "name": "CVE-2023-6931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6931"
    },
    {
      "name": "CVE-2023-6610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6610"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0385",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-05-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150297 du 06 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150297"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150684 du 09 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150684"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150803 du 09 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150803"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150277 du 05 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150277"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150196 du 03 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150196"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150798 du 09 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150798"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150804 du 09 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150804"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150799 du 09 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150799"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150276 du 05 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150276"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150802 du 09 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150802"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7150362 du 07 mai 2024",
      "url": "https://www.ibm.com/support/pages/node/7150362"
    }
  ]
}

CERTFR-2024-AVI-0886

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Systems. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Oracle	Systems	Oracle Solaris Cluster version 4

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle Systems cpuoct2024

2024-10-15

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Solaris Cluster version 4",
      "product": {
        "name": "Systems",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-33201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
    },
    {
      "name": "CVE-2022-46337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2024-22262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
    },
    {
      "name": "CVE-2024-23635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23635"
    },
    {
      "name": "CVE-2023-44483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0886",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
  "vendor_advisories": [
    {
      "published_at": "2024-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Systems cpuoct2024",
      "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
    }
  ]
}

CERTFR-2024-AVI-0992

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling	IBM Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.10
IBM	Sterling	IBM Sterling B2B Integrator versions 6.2x antérieures à 6.2.0.3
IBM	Sterling	IBM Sterling Transformation Extender versions 10.1.1.x antérieures à 10.1.1.1 avec les derniers correctifs de sécurité
IBM	Sterling	IBM Sterling Transformation Extender versions 10.1.2.x antérieures à 10.1.2.1 avec les derniers correctifs de sécurité
IBM	Sterling	IBM Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.25
IBM	Sterling	IBM Sterling Secure Proxy versions 6.0.x antérireures à 6.0.3.1
IBM	Sterling	IBM Sterling B2B Integrator versions 6.x antérieures à 6.1.2.6
IBM	WebSphere	WebSphere eXtreme Scale versions 8.6.x antérieures à 8.6.1.6 avec les derniers correctifs de sécurité
IBM	Sterling	IBM Sterling Transformation Extender versions 10.1.0.x antérieures à 10.1.0.2 avec les derniers correctifs de sécurité
IBM	Sterling	IBM Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.26
IBM	Sterling	IBM Sterling Control Center versions 6.3.1.x antérieures à 6.3.1.0 iFix03
IBM	Sterling	IBM Sterling Control Center versions 6.2.1.x antérieures à 6.2.1.0 iFix14
IBM	QRadar	QRadar WinCollect Agent versions 10.x antérieures à 10.1.13
IBM	Sterling	IBM Sterling Transformation Extender versions 11.x antérieures à 11.0.0.0 avec les derniers correctifs de sécurité
IBM	Sterling	IBM Sterling Secure Proxy versions 6.1.x antérireures à 6.1.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7176069	2024-11-14	vendor-advisory
Bulletin de sécurité IBM 7175883	2024-11-13	vendor-advisory
Bulletin de sécurité IBM 7176037	2024-11-14	vendor-advisory
Bulletin de sécurité IBM 7176066	2024-11-14	vendor-advisory
Bulletin de sécurité IBM 7175724	2024-11-12	vendor-advisory
Bulletin de sécurité IBM 7176039	2024-11-14	vendor-advisory
Bulletin de sécurité IBM 7175229	2024-11-08	vendor-advisory
Bulletin de sécurité IBM 7176043	2024-11-14	vendor-advisory
Bulletin de sécurité IBM 7175729	2024-11-12	vendor-advisory
Bulletin de sécurité IBM 7176063	2024-11-14	vendor-advisory
Bulletin de sécurité IBM 7176022	2024-11-14	vendor-advisory
Bulletin de sécurité IBM 7176055	2024-11-14	vendor-advisory
Bulletin de sécurité IBM 7176189	2024-11-14	vendor-advisory
Bulletin de sécurité IBM 7176045	2024-11-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 \t6.3.0.10",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.2x ant\u00e9rieures \u00e0 6.2.0.3",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Transformation Extender versions 10.1.1.x ant\u00e9rieures \u00e0 10.1.1.1 avec les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Transformation Extender versions 10.1.2.x ant\u00e9rieures \u00e0 10.1.2.1 avec les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 \t\t6.2.0.25",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Secure Proxy versions 6.0.x ant\u00e9rireures \u00e0\t6.0.3.1 ",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.x ant\u00e9rieures \u00e0 6.1.2.6 ",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere eXtreme Scale versions 8.6.x ant\u00e9rieures \u00e0 8.6.1.6 avec les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Transformation Extender versions 10.1.0.x ant\u00e9rieures \u00e0 10.1.0.2 avec les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 \t6.1.0.26",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Control Center versions 6.3.1.x ant\u00e9rieures \u00e0 6.3.1.0 iFix03",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Control Center versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.0 iFix14",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar WinCollect Agent versions 10.x ant\u00e9rieures \u00e0 10.1.13",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Transformation Extender versions 11.x ant\u00e9rieures \u00e0 11.0.0.0 avec les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Secure Proxy versions 6.1.x ant\u00e9rireures \u00e0\t6.1.0.1 ",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-9681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
    },
    {
      "name": "CVE-2024-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
    },
    {
      "name": "CVE-2023-31582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31582"
    },
    {
      "name": "CVE-2024-24816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24816"
    },
    {
      "name": "CVE-2022-45688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
    },
    {
      "name": "CVE-2021-41164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41164"
    },
    {
      "name": "CVE-2024-22353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
    },
    {
      "name": "CVE-2024-25015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25015"
    },
    {
      "name": "CVE-2024-25048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25048"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2024-25026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
    },
    {
      "name": "CVE-2018-11784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11784"
    },
    {
      "name": "CVE-2021-32809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32809"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2024-24815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24815"
    },
    {
      "name": "CVE-2022-24728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
    },
    {
      "name": "CVE-2024-22329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
    },
    {
      "name": "CVE-2024-7348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2023-28439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28439"
    },
    {
      "name": "CVE-2024-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
    },
    {
      "name": "CVE-2024-41783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41783"
    },
    {
      "name": "CVE-2022-24729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
    },
    {
      "name": "CVE-2024-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
    },
    {
      "name": "CVE-2023-51775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
    },
    {
      "name": "CVE-2024-27268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
    },
    {
      "name": "CVE-2021-32808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32808"
    },
    {
      "name": "CVE-2024-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
    },
    {
      "name": "CVE-2024-8096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
    },
    {
      "name": "CVE-2024-51462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51462"
    },
    {
      "name": "CVE-2024-27270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
    },
    {
      "name": "CVE-2024-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2021-37695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37695"
    },
    {
      "name": "CVE-2023-4771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4771"
    },
    {
      "name": "CVE-2023-50314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50314"
    },
    {
      "name": "CVE-2023-51441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51441"
    },
    {
      "name": "CVE-2021-41165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41165"
    },
    {
      "name": "CVE-2024-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
    },
    {
      "name": "CVE-2024-22354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
    },
    {
      "name": "CVE-2024-27267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0992",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-11-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176069",
      "url": "https://www.ibm.com/support/pages/node/7176069"
    },
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7175883",
      "url": "https://www.ibm.com/support/pages/node/7175883"
    },
    {
      "published_at": "2024-11-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176037",
      "url": "https://www.ibm.com/support/pages/node/7176037"
    },
    {
      "published_at": "2024-11-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176066",
      "url": "https://www.ibm.com/support/pages/node/7176066"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7175724",
      "url": "https://www.ibm.com/support/pages/node/7175724"
    },
    {
      "published_at": "2024-11-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176039",
      "url": "https://www.ibm.com/support/pages/node/7176039"
    },
    {
      "published_at": "2024-11-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7175229",
      "url": "https://www.ibm.com/support/pages/node/7175229"
    },
    {
      "published_at": "2024-11-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176043",
      "url": "https://www.ibm.com/support/pages/node/7176043"
    },
    {
      "published_at": "2024-11-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7175729",
      "url": "https://www.ibm.com/support/pages/node/7175729"
    },
    {
      "published_at": "2024-11-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176063",
      "url": "https://www.ibm.com/support/pages/node/7176063"
    },
    {
      "published_at": "2024-11-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176022",
      "url": "https://www.ibm.com/support/pages/node/7176022"
    },
    {
      "published_at": "2024-11-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176055",
      "url": "https://www.ibm.com/support/pages/node/7176055"
    },
    {
      "published_at": "2024-11-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176189",
      "url": "https://www.ibm.com/support/pages/node/7176189"
    },
    {
      "published_at": "2024-11-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7176045",
      "url": "https://www.ibm.com/support/pages/node/7176045"
    }
  ]
}

CERTFR-2025-AVI-0021

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.14
IBM	Spectrum	Spectrum Control versions 5.4.x antérieures à 5.4.13
IBM	Spectrum	Spectrum Protect Plus versions 10.1.x antérieures à 10.1.6.4 pour Linux
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x sans les derniers correctifs de sécurité
IBM	QRadar	QRadar Analyst Workflow versions antérieures à 2.34.0
IBM	Db2	Db2 Big SQL versions antérieures à 7.4.2 pour Cloud Pak for Data

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7180462	2025-01-08	vendor-advisory
Bulletin de sécurité IBM 7180361	2025-01-07	vendor-advisory
Bulletin de sécurité IBM 7180282	2025-01-04	vendor-advisory
Bulletin de sécurité IBM 7180314	2025-01-06	vendor-advisory
Bulletin de sécurité IBM 7180450	2025-01-09	vendor-advisory
Bulletin de sécurité IBM 7180545	2025-01-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.14",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Control versions 5.4.x ant\u00e9rieures \u00e0 5.4.13 ",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.6.4 pour Linux",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x sans les derniers correctifs de s\u00e9curit\u00e9 ",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Analyst Workflow versions ant\u00e9rieures \u00e0 2.34.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Big SQL versions ant\u00e9rieures \u00e0 7.4.2 pour Cloud Pak for Data",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2023-52471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52471"
    },
    {
      "name": "CVE-2024-36889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
    },
    {
      "name": "CVE-2015-2156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2156"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2024-42246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
    },
    {
      "name": "CVE-2024-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
    },
    {
      "name": "CVE-2024-26614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
    },
    {
      "name": "CVE-2022-25869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25869"
    },
    {
      "name": "CVE-2024-9355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9355"
    },
    {
      "name": "CVE-2023-26116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26116"
    },
    {
      "name": "CVE-2024-26595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26595"
    },
    {
      "name": "CVE-2024-55565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
    },
    {
      "name": "CVE-2024-26586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26586"
    },
    {
      "name": "CVE-2024-26638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26638"
    },
    {
      "name": "CVE-2024-47831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
    },
    {
      "name": "CVE-2020-7238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7238"
    },
    {
      "name": "CVE-2021-46939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46939"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2024-49766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
    },
    {
      "name": "CVE-2024-36886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
    },
    {
      "name": "CVE-2021-32036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32036"
    },
    {
      "name": "CVE-2024-26802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26802"
    },
    {
      "name": "CVE-2024-36883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
    },
    {
      "name": "CVE-2024-26665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26665"
    },
    {
      "name": "CVE-2024-40960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
    },
    {
      "name": "CVE-2024-40997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40997"
    },
    {
      "name": "CVE-2023-44270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
    },
    {
      "name": "CVE-2019-20444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2024-26645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
    },
    {
      "name": "CVE-2024-42240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
    },
    {
      "name": "CVE-2024-40972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40972"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2024-40959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2019-10202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
    },
    {
      "name": "CVE-2024-43796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
    },
    {
      "name": "CVE-2021-32040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32040"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2024-40974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2024-42124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
    },
    {
      "name": "CVE-2023-26117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26117"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2023-52486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
    },
    {
      "name": "CVE-2014-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0193"
    },
    {
      "name": "CVE-2022-21680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
    },
    {
      "name": "CVE-2024-39502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
    },
    {
      "name": "CVE-2024-36005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
    },
    {
      "name": "CVE-2024-26929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26929"
    },
    {
      "name": "CVE-2019-14863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14863"
    },
    {
      "name": "CVE-2023-52683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52683"
    },
    {
      "name": "CVE-2024-42131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
    },
    {
      "name": "CVE-2024-35944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35944"
    },
    {
      "name": "CVE-2024-21538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
    },
    {
      "name": "CVE-2023-52469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
    },
    {
      "name": "CVE-2024-35809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35809"
    },
    {
      "name": "CVE-2024-47764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
    },
    {
      "name": "CVE-2023-52809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52809"
    },
    {
      "name": "CVE-2023-52451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52451"
    },
    {
      "name": "CVE-2024-39472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39472"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2021-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
    },
    {
      "name": "CVE-2024-26733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2024-40998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40998"
    },
    {
      "name": "CVE-2022-46751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
    },
    {
      "name": "CVE-2023-52470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2020-7676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7676"
    },
    {
      "name": "CVE-2024-40995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
    },
    {
      "name": "CVE-2023-26118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26118"
    },
    {
      "name": "CVE-2024-42238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2024-43830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
    },
    {
      "name": "CVE-2024-39501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
    },
    {
      "name": "CVE-2023-52730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52730"
    },
    {
      "name": "CVE-2024-42090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
    },
    {
      "name": "CVE-2024-26960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
    },
    {
      "name": "CVE-2024-40901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
    },
    {
      "name": "CVE-2021-47321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47321"
    },
    {
      "name": "CVE-2024-26640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26640"
    },
    {
      "name": "CVE-2024-40954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
    },
    {
      "name": "CVE-2024-49767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
    },
    {
      "name": "CVE-2024-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
    },
    {
      "name": "CVE-2019-10172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2024-47874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
    },
    {
      "name": "CVE-2024-42322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
    },
    {
      "name": "CVE-2024-27019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27019"
    },
    {
      "name": "CVE-2024-43800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2024-41055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
    },
    {
      "name": "CVE-2024-41076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
    },
    {
      "name": "CVE-2024-39506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
    },
    {
      "name": "CVE-2024-40978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2019-10768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10768"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2024-41044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
    },
    {
      "name": "CVE-2024-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
    },
    {
      "name": "CVE-2024-26717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26717"
    },
    {
      "name": "CVE-2023-26136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
    },
    {
      "name": "CVE-2024-42152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
    },
    {
      "name": "CVE-2024-39499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
    },
    {
      "name": "CVE-2024-36006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36006"
    },
    {
      "name": "CVE-2023-52476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52476"
    },
    {
      "name": "CVE-2023-52463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
    },
    {
      "name": "CVE-2024-41064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2023-52530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
    },
    {
      "name": "CVE-2024-36000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
    },
    {
      "name": "CVE-2024-26855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26855"
    },
    {
      "name": "CVE-2019-16869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
    },
    {
      "name": "CVE-2022-21681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
    },
    {
      "name": "CVE-2024-42237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2024-27011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
    },
    {
      "name": "CVE-2019-20445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0021",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180462",
      "url": "https://www.ibm.com/support/pages/node/7180462"
    },
    {
      "published_at": "2025-01-07",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180361",
      "url": "https://www.ibm.com/support/pages/node/7180361"
    },
    {
      "published_at": "2025-01-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180282",
      "url": "https://www.ibm.com/support/pages/node/7180282"
    },
    {
      "published_at": "2025-01-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180314",
      "url": "https://www.ibm.com/support/pages/node/7180314"
    },
    {
      "published_at": "2025-01-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180450",
      "url": "https://www.ibm.com/support/pages/node/7180450"
    },
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180545",
      "url": "https://www.ibm.com/support/pages/node/7180545"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-5072 (GCVE-0-2023-5072)

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solutions

Solutions

Solutions

Tags

Sightings

Nomenclature