Vulnerability-Lookup

CVE-2022-42003 (GCVE-0-2022-42003)

Vulnerability from cvelistv5 – Published: 2022-10-02 00:00 – Updated: 2024-08-03 12:56

Summary

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
https://github.com/FasterXML/jackson-databind/iss…
https://github.com/FasterXML/jackson-databind/com…
https://bugs.chromium.org/p/oss-fuzz/issues/detai…
https://security.gentoo.org/glsa/202210-21	vendor-advisory
https://www.debian.org/security/2022/dsa-5283	vendor-advisory
https://security.netapp.com/advisory/ntap-2022112…
https://lists.debian.org/debian-lts-announce/2022…	mailing-list

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:39.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/3590"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
          },
          {
            "name": "GLSA-202210-21",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-21"
          },
          {
            "name": "DSA-5283",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5283"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
          },
          {
            "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-20T09:33:08.256Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/FasterXML/jackson-databind/issues/3590"
        },
        {
          "url": "https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33"
        },
        {
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020"
        },
        {
          "name": "GLSA-202210-21",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-21"
        },
        {
          "name": "DSA-5283",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5283"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221124-0004/"
        },
        {
          "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-42003",
    "datePublished": "2022-10-02T00:00:00.000Z",
    "dateReserved": "2022-10-02T00:00:00.000Z",
    "dateUpdated": "2024-08-03T12:56:39.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-42003",
      "date": "2026-05-26",
      "epss": "0.00317",
      "percentile": "0.54852"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.12.7.1\", \"matchCriteriaId\": \"0848F177-1977-4C9C-B91A-7374FF25F335\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.13.0\", \"versionEndExcluding\": \"2.13.4.1\", \"matchCriteriaId\": \"A2BBD219-927A-40F3-9AFE-C6A8E7F3E26B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.13.3\", \"matchCriteriaId\": \"DA172A0D-FB5E-4754-BB9F-3DEC3366E6F8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.\"}, {\"lang\": \"es\", \"value\": \"En FasterXML jackson-databind anterior a 2.14.0-rc1, puede producirse un agotamiento de recursos debido a la falta de una comprobaci\\u00f3n en los deserializadores de valores primitivos para evitar el anidamiento de arrays envolventes profundos, cuando la funci\\u00f3n UNWRAP_SINGLE_VALUE_ARRAYS est\\u00e1 activada. Versi\\u00f3n de correcci\\u00f3n adicional en 2.13.4.1 y 2.12.17.1\"}]",
      "id": "CVE-2022-42003",
      "lastModified": "2024-11-21T07:24:15.093",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2022-10-02T05:15:09.070",
      "references": "[{\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/3590\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202210-21\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221124-0004/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5283\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/FasterXML/jackson-databind/issues/3590\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202210-21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20221124-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5283\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-42003\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-10-02T05:15:09.070\",\"lastModified\":\"2024-11-21T07:24:15.093\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.\"},{\"lang\":\"es\",\"value\":\"En FasterXML jackson-databind anterior a 2.14.0-rc1, puede producirse un agotamiento de recursos debido a la falta de una comprobaci\u00f3n en los deserializadores de valores primitivos para evitar el anidamiento de arrays envolventes profundos, cuando la funci\u00f3n UNWRAP_SINGLE_VALUE_ARRAYS est\u00e1 activada. Versi\u00f3n de correcci\u00f3n adicional en 2.13.4.1 y 2.12.17.1\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.12.7.1\",\"matchCriteriaId\":\"0848F177-1977-4C9C-B91A-7374FF25F335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.13.0\",\"versionEndExcluding\":\"2.13.4.1\",\"matchCriteriaId\":\"A2BBD219-927A-40F3-9AFE-C6A8E7F3E26B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.13.3\",\"matchCriteriaId\":\"DA172A0D-FB5E-4754-BB9F-3DEC3366E6F8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]}],\"references\":[{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/3590\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202210-21\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221124-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5283\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-databind/issues/3590\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202210-21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20221124-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5283\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2023-AVI-0008

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling	IBM Sterling B2B Integrator version 6.1.2.0 antérieures à 6.1.2.1
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 6.0.x antérieures à 6.0.0.12
IBM	AIX	AIX versions 7.2 sans le dernier correctif de sécurité (smbc_302_fileset_72)
IBM	VIOS	VIOS versions 3.1 sans le dernier correctif de sécurité (smbc_302_fileset_72)
IBM	AIX	AIX versions 7.1 sans le dernier correctif de sécurité (smbc_302_fileset_71)
IBM	Sterling	IBM Sterling B2B Integrator versions 6.1.0.x antérieures à 6.1.0.6
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 1.0.x antérieures à 6.0.0.12
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.12
IBM	Sterling	IBM Sterling B2B Integrator versions 6.0.x antérieures à 6.0.3.7
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.16
IBM	Sterling	IBM Sterling B2B Integrator versions 6.1.1.x antérieures à 6.1.1.3
IBM	Spectrum	IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.17
IBM	AIX	AIX versions 7.3 sans le dernier correctif de sécurité (smbc_302_fileset_72)

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6852981 du 05 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6852711 du 05 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6853349 du 05 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6851443 du 05 janvier 2023	None	vendor-advisory
Bulletin de sécurité IBM 6853345 du 05 janvier 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling B2B Integrator version 6.1.2.0 ant\u00e9rieures \u00e0 6.1.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct Web Services versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.12",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 7.2 sans le dernier correctif de s\u00e9curit\u00e9 (smbc_302_fileset_72)",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS versions 3.1 sans le dernier correctif de s\u00e9curit\u00e9 (smbc_302_fileset_72)",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 7.1 sans le dernier correctif de s\u00e9curit\u00e9 (smbc_302_fileset_71)",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.6",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct Web Services versions 1.0.x ant\u00e9rieures \u00e0 6.0.0.12",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.12",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.7",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.16",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.1.1.x ant\u00e9rieures \u00e0 6.1.1.3",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.17",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 7.3 sans le dernier correctif de s\u00e9curit\u00e9 (smbc_302_fileset_72)",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-25647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
    },
    {
      "name": "CVE-2022-43381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43381"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2022-22483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22483"
    },
    {
      "name": "CVE-2022-35637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35637"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0008",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-01-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6852981 du 05 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6852981"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6852711 du 05 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6852711"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6853349 du 05 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6853349"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6851443 du 05 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6851443"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6853345 du 05 janvier 2023",
      "url": "https://www.ibm.com/support/pages/node/6853345"
    }
  ]
}

CERTFR-2023-AVI-0034

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	MySQL Cluster versions 7.5.28 et antérieures
Oracle	MySQL	MySQL Shell versions 8.0.31 et antérieures
Oracle	PeopleSoft	PeopleSoft Enterprise CC Common Application Objects version 9.2
Oracle	MySQL	MySQL Server versions 5.7.40 et antérieures
Oracle	MySQL	MySQL Cluster versions 7.6.24 et antérieures
Oracle	Java SE	Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5 et 19.0.1
Oracle	MySQL	MySQL Connectors versions 8.0.31 et antérieures
Oracle	Weblogic	Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0
Oracle	N/A	Oracle VM VirtualBox versions antérieures à 7.0.6
Oracle	MySQL	MySQL Workbench versions 8.0.31 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 8.0.32 et antérieures
Oracle	Database Server	Oracle Database Server versions 19c, 21c [Perl] antérieures à 5.35
Oracle	MySQL	MySQL Cluster versions 8.0.31 et antérieures
Oracle	MySQL	MySQL Server versions 8.0.31 et antérieures
Oracle	PeopleSoft	PeopleSoft Enterprise CS Academic Advisement version 9.2
Oracle	N/A	Oracle VM VirtualBox versions antérieures à 6.1.42
Oracle	MySQL	MySQL Cluster versions 7.4.38 et antérieures
Oracle	PeopleSoft	PeopleSoft Enterprise PeopleTools versions 8.58, 8.59 et 8.60

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujan2023 du 18 janvier 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MySQL Cluster versions 7.5.28 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Shell versions 8.0.31 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PeopleSoft Enterprise CC Common Application Objects version 9.2",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server versions 5.7.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Cluster versions 7.6.24 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5 et 19.0.1",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Connectors versions 8.0.31 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 7.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Workbench versions 8.0.31 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Monitor versions 8.0.32 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Server versions 19c, 21c [Perl] ant\u00e9rieures \u00e0 5.35",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Cluster versions 8.0.31 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server versions 8.0.31 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PeopleSoft Enterprise CS Academic Advisement version 9.2",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 6.1.42",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Cluster versions 7.4.38 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PeopleSoft Enterprise PeopleTools versions 8.58, 8.59 et 8.60",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21900"
    },
    {
      "name": "CVE-2022-31129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2022-24407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
    },
    {
      "name": "CVE-2023-21893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21893"
    },
    {
      "name": "CVE-2023-21877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21877"
    },
    {
      "name": "CVE-2023-21885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21885"
    },
    {
      "name": "CVE-2022-22971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22971"
    },
    {
      "name": "CVE-2023-21865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21865"
    },
    {
      "name": "CVE-2023-21898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21898"
    },
    {
      "name": "CVE-2023-21881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21881"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2022-25647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
    },
    {
      "name": "CVE-2023-21874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21874"
    },
    {
      "name": "CVE-2023-21838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21838"
    },
    {
      "name": "CVE-2023-21878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21878"
    },
    {
      "name": "CVE-2020-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
    },
    {
      "name": "CVE-2022-27782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
    },
    {
      "name": "CVE-2023-21883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21883"
    },
    {
      "name": "CVE-2022-40153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40153"
    },
    {
      "name": "CVE-2022-42252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42252"
    },
    {
      "name": "CVE-2022-40149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
    },
    {
      "name": "CVE-2023-21889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21889"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2023-21875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21875"
    },
    {
      "name": "CVE-2023-21872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21872"
    },
    {
      "name": "CVE-2023-21841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21841"
    },
    {
      "name": "CVE-2022-40150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
    },
    {
      "name": "CVE-2023-21864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21864"
    },
    {
      "name": "CVE-2023-21840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
    },
    {
      "name": "CVE-2022-1941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
    },
    {
      "name": "CVE-2022-31692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31692"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2023-21866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21866"
    },
    {
      "name": "CVE-2023-21842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21842"
    },
    {
      "name": "CVE-2023-21845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21845"
    },
    {
      "name": "CVE-2022-39429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39429"
    },
    {
      "name": "CVE-2023-21860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21860"
    },
    {
      "name": "CVE-2023-21844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21844"
    },
    {
      "name": "CVE-2022-32221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2023-21871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21871"
    },
    {
      "name": "CVE-2023-21839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21839"
    },
    {
      "name": "CVE-2023-21887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21887"
    },
    {
      "name": "CVE-2023-21835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21835"
    },
    {
      "name": "CVE-2021-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
    },
    {
      "name": "CVE-2023-21873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21873"
    },
    {
      "name": "CVE-2023-21863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21863"
    },
    {
      "name": "CVE-2023-21876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21876"
    },
    {
      "name": "CVE-2020-36242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
    },
    {
      "name": "CVE-2023-21867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21867"
    },
    {
      "name": "CVE-2023-21899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21899"
    },
    {
      "name": "CVE-2023-21869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21869"
    },
    {
      "name": "CVE-2022-42920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
    },
    {
      "name": "CVE-2022-43548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
    },
    {
      "name": "CVE-2023-21836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21836"
    },
    {
      "name": "CVE-2023-21827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21827"
    },
    {
      "name": "CVE-2023-21870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21870"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2023-21879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21879"
    },
    {
      "name": "CVE-2021-3918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
    },
    {
      "name": "CVE-2023-21882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21882"
    },
    {
      "name": "CVE-2023-21886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21886"
    },
    {
      "name": "CVE-2023-21837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21837"
    },
    {
      "name": "CVE-2023-21831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21831"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-40304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
    },
    {
      "name": "CVE-2023-21880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21880"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2022-23219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
    },
    {
      "name": "CVE-2023-21829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21829"
    },
    {
      "name": "CVE-2023-21884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21884"
    },
    {
      "name": "CVE-2023-21868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21868"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0034",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-01-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2023 du 18 janvier 2023",
      "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
    }
  ]
}

CERTFR-2023-AVI-0101

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans IBM Sterling. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling	IBM Sterling Connect:Direct pour Microsoft Windows versions 4.8.0.x antérieures à 4.8.0.3_iFix053
IBM	Sterling	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.0.x antérieures à 6.2.0.4_iFix021
IBM	Sterling	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.0.x antérieures à 6.0.0.4_iFix061
IBM	Sterling	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.0.x antérieures à 6.1.0.2_iFix055

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6953587 du 07 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6953583 du 07 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6953589 du 07 février 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 4.8.0.x ant\u00e9rieures \u00e0 4.8.0.3_iFix053",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.4_iFix021",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.0.4_iFix061",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2_iFix055",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-21626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0101",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Sterling. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Sterling",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6953587 du 07 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6953587"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6953583 du 07 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6953583"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6953589 du 07 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6953589"
    }
  ]
}

CERTFR-2023-AVI-0110

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans IBM. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité, un déni de service à distance, une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.0.x antérieures à 6.1.0.2_iFix054
IBM	WebSphere	IBM WebSphere Application Server Liberty versions 21.0.0.12 à 23.0.0.x sans le correctif de sécurité temporaire PH52079 ou antérieures à 23.0.0.2 (disponible au premier trimestre 2023)
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.0.x antérieures à 6.0.0.4_iFix060
IBM	AIX	IBM AIX versions 7.3.x sans le dernier correctif de sécurité
IBM	Sterling	IBM Sterling Global Mailbox versions 6.0.3.x antérieures à 6.0.3.8
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.0.x antérieures à 6.2.0.4_iFix020
IBM	VIOS	IBM VIOS versions 3.1.x sans le dernier correctif de sécurité
IBM	Sterling	IBM Sterling Global Mailbox versions 6.1.2.x antérieures à 6.1.2.1
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour Microsoft Windows versions 4.8.0.x antérieures à 4.8.0.3_iFix052
IBM	Db2	IBM Db2 versions 11.1.x antérieures à 11.1.4 FP7
IBM	AIX	IBM AIX versions 7.2.x sans le dernier correctif de sécurité
IBM	Db2	IBM Db2 versions 11.5.x antérieures à 11.5.8
IBM	WebSphere	IBM WebSphere Application Server Liberty versions 17.0.0.3 à 23.0.0.x sans le correctif de sécurité temporaire PH52095 ou antérieures à 23.0.0.2 (disponible au premier trimestre 2023)
IBM	Db2	IBM Db2 versions 10.5 antérieures à 10.5 FP11

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6953593 du 07 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6953779 du 08 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6953757 du 08 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6953755 du 08 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954403 du 09 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6953825 du 08 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954405 du 09 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6953759 du 08 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6953763 du 08 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954401 du 09 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6953767 du 08 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6953763 du 08 février 2023	-	other
Bulletin de sécurité IBM 6953755 du 08 février 2023	-	other
Bulletin de sécurité IBM 6954403 du 09 février 2023	-	other
Bulletin de sécurité IBM 6953825 du 08 février 2023	-	other
Bulletin de sécurité IBM 6954405 du 09 février 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2_iFix054",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Application Server Liberty versions 21.0.0.12 \u00e0 23.0.0.x sans le correctif de s\u00e9curit\u00e9 temporaire PH52079 ou ant\u00e9rieures \u00e0 23.0.0.2 (disponible au premier trimestre 2023)",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.0.4_iFix060",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM AIX versions 7.3.x sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Global Mailbox versions 6.0.3.x ant\u00e9rieures \u00e0 6.0.3.8",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.4_iFix020",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM VIOS versions 3.1.x sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Global Mailbox versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 4.8.0.x ant\u00e9rieures \u00e0 4.8.0.3_iFix052",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.1.x ant\u00e9rieures \u00e0 11.1.4 FP7",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM AIX versions 7.2.x sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.8",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 23.0.0.x sans le correctif de s\u00e9curit\u00e9 temporaire PH52095 ou ant\u00e9rieures \u00e0 23.0.0.2 (disponible au premier trimestre 2023)",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 10.5 ant\u00e9rieures \u00e0 10.5 FP11",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-43927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43927"
    },
    {
      "name": "CVE-2020-13956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
    },
    {
      "name": "CVE-2022-46364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
    },
    {
      "name": "CVE-2022-40303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
    },
    {
      "name": "CVE-2022-45787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45787"
    },
    {
      "name": "CVE-2014-3577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
    },
    {
      "name": "CVE-2022-43930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43930"
    },
    {
      "name": "CVE-2022-43929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43929"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-40304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
    },
    {
      "name": "CVE-2022-34165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM\u00a06953763 du 08 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6953763"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM\u00a06953755 du 08 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6953755"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM\u00a06954403 du 09 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954403"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM\u00a06953825 du 08 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6953825"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM\u00a06954405 du 09 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954405"
    }
  ],
  "reference": "CERTFR-2023-AVI-0110",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la\npolitique de s\u00e9curit\u00e9, un d\u00e9ni de service \u00e0 distance, une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et\nune injection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6953593 du 07 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6953593"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6953779 du 08 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6953779"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6953757 du 08 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6953757"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6953755 du 08 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954403 du 09 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6953825 du 08 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954405 du 09 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6953759 du 08 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6953759"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6953763 du 08 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954401 du 09 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954401"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6953767 du 08 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6953767"
    }
  ]
}

CERTFR-2023-AVI-0116

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une injection de code indirecte à distance (XSS) et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct for UNIX versions 6.0.x antérieures à 6.0.0.2.iFix145
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct for UNIX versions 6.2.x antérieures à 6.2.0.5.iFix021
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct for UNIX versions 4.3.x antérieures à 4.3.0.1.iFix109
IBM	Sterling	IBM Sterling B2B Integrator version 6.1.0.0 à 6.1.2.0 antérieures à 6.1.2.1
IBM	Sterling	IBM Sterling B2B Integrator version 6.0.0.0 à 6.0.3.7 antérieures à 6.0.3.8
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct for UNIX versions 6.1.x antérieures à 6.1.0.4.iFix077

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6954763 du 10 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954453 du 09 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954767 du 10 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954771 du 10 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954469 du 09 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954765 du 10 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954471 du 09 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954727 du 10 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954467 du 09 février 2023	None	vendor-advisory
Bulletin de sécurité IBM 6954465 du 09 février 2023	None	vendor-advisory
Bulletin de sécurité IBM du 10 février 2023	-	other
Bulletin de sécurité IBM du 10 février 2023	-	other
Bulletin de sécurité IBM du 10 février 2023	-	other
Bulletin de sécurité IBM du 10 février 2023	-	other
Bulletin de sécurité IBM du 09 février 2023	-	other
Bulletin de sécurité IBM du 09 février 2023	-	other
Bulletin de sécurité IBM du 09 février 2023	-	other
Bulletin de sécurité IBM du 09 février 2023	-	other
Bulletin de sécurité IBM du 09 février 2023	-	other
Bulletin de sécurité IBM du 10 février 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Connect:Direct for UNIX versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.2.iFix145",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct for UNIX versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.5.iFix021",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct for UNIX versions 4.3.x ant\u00e9rieures \u00e0 4.3.0.1.iFix109",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator version 6.1.0.0 \u00e0 6.1.2.0 ant\u00e9rieures \u00e0 6.1.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator version 6.0.0.0 \u00e0 6.0.3.7 ant\u00e9rieures \u00e0 6.0.3.8",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct for UNIX versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.4.iFix077",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-38875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38875"
    },
    {
      "name": "CVE-2022-31772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31772"
    },
    {
      "name": "CVE-2019-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4378"
    },
    {
      "name": "CVE-2019-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4465"
    },
    {
      "name": "CVE-2020-4320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4320"
    },
    {
      "name": "CVE-2019-4049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4049"
    },
    {
      "name": "CVE-2019-4277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4277"
    },
    {
      "name": "CVE-2021-38949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38949"
    },
    {
      "name": "CVE-2020-4319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4319"
    },
    {
      "name": "CVE-2019-4055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4055"
    },
    {
      "name": "CVE-2022-40231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40231"
    },
    {
      "name": "CVE-2020-4682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4682"
    },
    {
      "name": "CVE-2022-40232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40232"
    },
    {
      "name": "CVE-2022-21626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
    },
    {
      "name": "CVE-2020-4375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4375"
    },
    {
      "name": "CVE-2020-4267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4267"
    },
    {
      "name": "CVE-2023-23477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23477"
    },
    {
      "name": "CVE-2019-4614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4614"
    },
    {
      "name": "CVE-2019-4762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4762"
    },
    {
      "name": "CVE-2021-29843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29843"
    },
    {
      "name": "CVE-2019-4655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4655"
    },
    {
      "name": "CVE-2020-4338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4338"
    },
    {
      "name": "CVE-2019-4656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4656"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2019-12415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12415"
    },
    {
      "name": "CVE-2022-22970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22970"
    },
    {
      "name": "CVE-2022-31159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31159"
    },
    {
      "name": "CVE-2019-4560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4560"
    },
    {
      "name": "CVE-2022-43579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43579"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2019-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4619"
    },
    {
      "name": "CVE-2019-4261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4261"
    },
    {
      "name": "CVE-2019-4719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4719"
    },
    {
      "name": "CVE-2022-34165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
    },
    {
      "name": "CVE-2020-4465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4465"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954767"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954771"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954763"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954765"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954465"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954471"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954453"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954469"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 09 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954467"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM du 10 f\u00e9vrier 2023",
      "url": "https://www.ibm.com/support/pages/node/6954727"
    }
  ],
  "reference": "CERTFR-2023-AVI-0116",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une injection de code\nindirecte \u00e0 distance (XSS) et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954763 du 10 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954453 du 09 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954767 du 10 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954771 du 10 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954469 du 09 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954765 du 10 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954471 du 09 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954727 du 10 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954467 du 09 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6954465 du 09 f\u00e9vrier 2023",
      "url": null
    }
  ]
}

CERTFR-2023-AVI-0337

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un déni de service à distance, une injection de code indirecte à distance (XSS), un contournement de la politique de sécurité et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Db2	IBM Db2 Graph versions antérieures à 1.0.0.1562-s390x
IBM	Db2	IBM Db2 Graph versions antérieures à 1.0.0.1562-ppcle
IBM	Db2	IBM Db2 versions 11.5.x antérieures à 11.5.7 sans le dernier correctif de sécurité
IBM	Db2	IBM Db2 versions 10.5.x antérieures à 10.5 FP11 sans le dernier correctif de sécurité
IBM	Db2	IBM Db2 Graph versions antérieures à 1.0.0.1598-s390x
IBM	Db2	IBM Db2 Graph versions antérieures à 1.0.0.1598-amd64
IBM	Db2	IBM Db2 versions 11.5.x antérieures à 11.5.8 sans le dernier correctif de sécurité
IBM	Db2	IBM Db2 Graph versions antérieures à 1.0.0.1598-ppcle
IBM	Db2	IBM Db2 Graph versions antérieures à latest-s390x
IBM	Db2	IBM Db2 Graph versions antérieures à latest-amd64
IBM	Db2	IBM Db2 versions 11.1.x antérieures à 11.1.4 FP7 sans le dernier correctif de sécurité
IBM	Db2	IBM Db2 Graph versions antérieures à latest-ppcle
IBM	Db2	IBM Db2 Graph versions antérieures à 1.0.0.1562-amd64

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6985691 du 24 avril 2023	None	vendor-advisory
Bulletin de sécurité IBM 6985689 du 24 avril 2023	None	vendor-advisory
Bulletin de sécurité IBM 6985687 du 24 avril 2023	None	vendor-advisory
Bulletin de sécurité IBM 6985681 du 24 avril 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1562-s390x",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1562-ppcle",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.7 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 10.5.x ant\u00e9rieures \u00e0 10.5 FP11 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1598-s390x",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1598-amd64",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1598-ppcle",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 latest-s390x",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 latest-amd64",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.1.x ant\u00e9rieures \u00e0 11.1.4 FP7 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 latest-ppcle",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Graph versions ant\u00e9rieures \u00e0 1.0.0.1562-amd64",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-33980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33980"
    },
    {
      "name": "CVE-2023-23936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
    },
    {
      "name": "CVE-2023-24807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
    },
    {
      "name": "CVE-2023-29257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29257"
    },
    {
      "name": "CVE-2023-26021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26021"
    },
    {
      "name": "CVE-2022-37865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37865"
    },
    {
      "name": "CVE-2023-23920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
    },
    {
      "name": "CVE-2022-38749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
    },
    {
      "name": "CVE-2023-23918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
    },
    {
      "name": "CVE-2022-37866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37866"
    },
    {
      "name": "CVE-2020-8244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8244"
    },
    {
      "name": "CVE-2022-42889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
    },
    {
      "name": "CVE-2022-41915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41915"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2022-25881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2023-23919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
    },
    {
      "name": "CVE-2023-29255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29255"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2022-38751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2022-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-41881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0337",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-04-25T00:00:00.000000"
    },
    {
      "description": "Ajout de r\u00e9f\u00e9rence CVE",
      "revision_date": "2023-04-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de service \u00e0\ndistance, une injection de code indirecte \u00e0 distance (XSS), un\ncontournement de la politique de s\u00e9curit\u00e9 et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6985691 du 24 avril 2023",
      "url": "https://www.ibm.com/support/pages/node/6985691"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6985689 du 24 avril 2023",
      "url": "https://www.ibm.com/support/pages/node/6985689"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6985687 du 24 avril 2023",
      "url": "https://www.ibm.com/support/pages/node/6985687"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6985681 du 24 avril 2023",
      "url": "https://www.ibm.com/support/pages/node/6985681"
    }
  ]
}

CERTFR-2023-AVI-0357

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans IBM Cognos. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	N/A	IBM Cognos Command Center version 10.2.4.1 sans le correctif de sécurité IF17

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6988263 du 04 mai 2023	None	vendor-advisory
Bulletin de sécurité IBM 6983274 du 04 mai 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Cognos Command Center version 10.2.4.1 sans le correctif de s\u00e9curit\u00e9 IF17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27223"
    },
    {
      "name": "CVE-2020-27218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27218"
    },
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2021-28169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2022-420004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-420004"
    },
    {
      "name": "CVE-2022-31160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
    },
    {
      "name": "CVE-2019-11358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
    },
    {
      "name": "CVE-2022-21624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
    },
    {
      "name": "CVE-2022-2048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2048"
    },
    {
      "name": "CVE-2021-28165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
    },
    {
      "name": "CVE-2021-37533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
    },
    {
      "name": "CVE-2017-7658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7658"
    },
    {
      "name": "CVE-2022-2047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2047"
    },
    {
      "name": "CVE-2022-42889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
    },
    {
      "name": "CVE-2018-12545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12545"
    },
    {
      "name": "CVE-2022-21449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21449"
    },
    {
      "name": "CVE-2022-21434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
    },
    {
      "name": "CVE-2017-7657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7657"
    },
    {
      "name": "CVE-2018-12536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12536"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2022-2191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2191"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2022-38707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38707"
    },
    {
      "name": "CVE-2019-10241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
    },
    {
      "name": "CVE-2019-10247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10247"
    },
    {
      "name": "CVE-2017-7656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7656"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-21443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
    },
    {
      "name": "CVE-2015-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
    },
    {
      "name": "CVE-2021-34428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0357",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-05-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Cognos.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Cognos",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6988263 du 04 mai 2023",
      "url": "https://www.ibm.com/support/pages/node/6988263"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6983274 du 04 mai 2023",
      "url": "https://www.ibm.com/support/pages/node/6983274"
    }
  ]
}

CERTFR-2023-AVI-0362

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité, une atteinte à la confidentialité des données, une élévation de privilèges, un déni de service à distance et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Spectrum	IBM Spectrum Virtualize versions 8.2.x antérieures à 8.2.1.17
IBM	Cognos Analytics	IBM Cognos Analytics versions 11.2.x antérieures à 11.2.4.1 IF1
IBM	Spectrum	IBM Spectrum Virtualize versions 8.5.x antérieures à 8.5.0.7 ou 8.5.2.3 ou 8.5.4.0
IBM	Spectrum	IBM Spectrum Virtualize versions 8.4.x antérieures à 8.4.0.10
IBM	Cognos Analytics	IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 FP7
IBM	N/A	IBM Cognos Analytics on Cloud Pak for Data versions 4.0.x antérieures à 4.6.5
IBM	Spectrum	IBM Spectrum Virtualize versions 8.3.x antérieures à 8.3.1.9

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6986505 du 05 mai 2023	None	vendor-advisory
Bulletin de sécurité IBM 6988147 du 05 mai 2023	None	vendor-advisory
Bulletin de sécurité IBM 6987769 du 02 mai 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Virtualize versions 8.2.x ant\u00e9rieures \u00e0 8.2.1.17",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4.1 IF1",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Virtualize versions 8.5.x ant\u00e9rieures \u00e0 8.5.0.7 ou 8.5.2.3 ou 8.5.4.0",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Virtualize versions 8.4.x ant\u00e9rieures \u00e0 8.4.0.10",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 FP7",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Cognos Analytics on Cloud Pak for Data versions 4.0.x ant\u00e9rieures \u00e0 4.6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Virtualize versions 8.3.x ant\u00e9rieures \u00e0 8.3.1.9",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-44906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
    },
    {
      "name": "CVE-2022-31129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
    },
    {
      "name": "CVE-2022-32213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
    },
    {
      "name": "CVE-2022-35256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
    },
    {
      "name": "CVE-2015-5237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
    },
    {
      "name": "CVE-2022-43887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43887"
    },
    {
      "name": "CVE-2021-29469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2022-25647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
    },
    {
      "name": "CVE-2022-36364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
    },
    {
      "name": "CVE-2022-39135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39135"
    },
    {
      "name": "CVE-2022-24434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24434"
    },
    {
      "name": "CVE-2022-21680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
    },
    {
      "name": "CVE-2022-32212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
    },
    {
      "name": "CVE-2021-3516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3516"
    },
    {
      "name": "CVE-2022-24728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
    },
    {
      "name": "CVE-2022-0185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
    },
    {
      "name": "CVE-2023-30441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30441"
    },
    {
      "name": "CVE-2022-24729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
    },
    {
      "name": "CVE-2020-7789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7789"
    },
    {
      "name": "CVE-2022-32215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2021-22569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
    },
    {
      "name": "CVE-2022-43548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
    },
    {
      "name": "CVE-2022-32214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
    },
    {
      "name": "CVE-2022-38900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-35255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
    },
    {
      "name": "CVE-2022-43883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43883"
    },
    {
      "name": "CVE-2022-39160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39160"
    },
    {
      "name": "CVE-2022-34165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
    },
    {
      "name": "CVE-2021-39036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39036"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2022-32223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32223"
    },
    {
      "name": "CVE-2022-21681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
    },
    {
      "name": "CVE-2022-41881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
    },
    {
      "name": "CVE-2020-7598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
    },
    {
      "name": "CVE-2021-3518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
    },
    {
      "name": "CVE-2022-38708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38708"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0362",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6986505 du 05 mai 2023",
      "url": "https://www.ibm.com/support/pages/node/6986505"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6988147 du 05 mai 2023",
      "url": "https://www.ibm.com/support/pages/node/6988147"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6987769 du 02 mai 2023",
      "url": "https://www.ibm.com/support/pages/node/6987769"
    }
  ]
}

CERTFR-2023-AVI-0444

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling	IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.2.x antérieures à 6.2.2.1
IBM	MaaS360	IBM MaaS360 Cloud Extender Base Module versions antérieures à 3.000.100.069
IBM	Sterling	IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.0.x antérieures à 6.2.0.6
IBM	MaaS360	IBM MaaS360 PKI Certificate Module versions antérieures à 3.000.100
IBM	Sterling	IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.1.x antérieures à 6.2.1.3
IBM	Sterling	IBM Sterling Partner Engagement Manager Standard Edition versions 6.1.2.x antérieures à 6.1.2.8
IBM	Sterling	IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.0.x antérieures à 6.2.0.6
IBM	MaaS360	IBM MaaS360 VPN versions antérieures à 3.000.100
IBM	Sterling	IBM Sterling Partner Engagement Manager Essentials Edition versions 6.1.2.x antérieures à 6.1.2.8
IBM	QRadar User Behavior Analytics	IBM QRadar User Behavior Analytics versions 1.x à 4.1.x antérieures à 4.1.12
IBM	MaaS360	IBM MaaS360 Configuration Utility versions antérieures à 3.000.100
IBM	QRadar Deployment Intelligence App	IBM QRadar Deployment Intelligence App versions 2.x à 3.0.x antérieures à 3.0.10
IBM	MaaS360	IBM MaaS360 Mobile Enterprise Gateway versions antérieures à 3.000.100
IBM	Sterling	IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.2.x antérieures à 6.2.2.1
IBM	MaaS360	IBM MaaS360 Cloud Extender Agent versions antérieures à 3.000.100.069
IBM	Sterling	IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.1.x antérieures à 6.2.1.3

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7001723 du 06 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 7001639 du 06 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 7001571 du 06 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 7001689 du 06 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 7001643 du 06 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 7001815 du 07 juin 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 Cloud Extender Base Module versions ant\u00e9rieures \u00e0 3.000.100.069",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 PKI Certificate Module versions ant\u00e9rieures \u00e0 3.000.100",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.3",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.8",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 VPN versions ant\u00e9rieures \u00e0 3.000.100",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.8",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar User Behavior Analytics versions 1.x \u00e0 4.1.x ant\u00e9rieures \u00e0 4.1.12",
      "product": {
        "name": "QRadar User Behavior Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 Configuration Utility versions ant\u00e9rieures \u00e0 3.000.100",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Deployment Intelligence App versions 2.x \u00e0 3.0.x ant\u00e9rieures \u00e0 3.0.10",
      "product": {
        "name": "QRadar Deployment Intelligence App",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 Mobile Enterprise Gateway versions ant\u00e9rieures \u00e0 3.000.100",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 Cloud Extender Agent versions ant\u00e9rieures \u00e0 3.000.100.069",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.3",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2023-27555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27555"
    },
    {
      "name": "CVE-2021-23440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
    },
    {
      "name": "CVE-2022-31160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2023-29257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29257"
    },
    {
      "name": "CVE-2023-26021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26021"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2021-37533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
    },
    {
      "name": "CVE-2023-27535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
    },
    {
      "name": "CVE-2022-40152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
    },
    {
      "name": "CVE-2022-24785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2022-41915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41915"
    },
    {
      "name": "CVE-2023-27534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
    },
    {
      "name": "CVE-2023-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2023-27533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
    },
    {
      "name": "CVE-2022-25881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
    },
    {
      "name": "CVE-2023-27538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
    },
    {
      "name": "CVE-2023-25930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25930"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2023-29255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29255"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2023-27559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27559"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2023-26022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26022"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2023-27537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
    },
    {
      "name": "CVE-2022-41881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
    },
    {
      "name": "CVE-2022-25168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
    },
    {
      "name": "CVE-2023-23916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0444",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7001723 du 06 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7001723"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7001639 du 06 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7001639"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7001571 du 06 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7001571"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7001689 du 06 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7001689"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7001643 du 06 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7001643"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7001815 du 07 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7001815"
    }
  ]
}

CERTFR-2023-AVI-0504

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Spectrum	IBM Spectrum Protect Backup-Archive Client versions 8.1.x antérieures à 8.1.19.0
IBM	Db2	Db2 Graph versions 1.0.0.592 à 1.0.0.1690 sans le dernier correctif de sécurité
IBM	N/A	IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions antérieures à 4.7

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7008449 du 29 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 6998815 du 28 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 7005519 du 26 juin 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Protect Backup-Archive Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.19.0",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Graph versions 1.0.0.592 \u00e0 1.0.0.1690 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-43927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43927"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2022-33980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33980"
    },
    {
      "name": "CVE-2023-27555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27555"
    },
    {
      "name": "CVE-2023-25165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25165"
    },
    {
      "name": "CVE-2022-41725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
    },
    {
      "name": "CVE-2023-23936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
    },
    {
      "name": "CVE-2019-18634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
    },
    {
      "name": "CVE-2023-24807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
    },
    {
      "name": "CVE-2023-28956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28956"
    },
    {
      "name": "CVE-2023-29257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29257"
    },
    {
      "name": "CVE-2019-19232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19232"
    },
    {
      "name": "CVE-2023-26021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26021"
    },
    {
      "name": "CVE-2022-37865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37865"
    },
    {
      "name": "CVE-2023-23920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
    },
    {
      "name": "CVE-2022-41716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
    },
    {
      "name": "CVE-2019-10743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10743"
    },
    {
      "name": "CVE-2022-38749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
    },
    {
      "name": "CVE-2023-23918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
    },
    {
      "name": "CVE-2022-37866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37866"
    },
    {
      "name": "CVE-2020-8244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8244"
    },
    {
      "name": "CVE-2022-42889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
    },
    {
      "name": "CVE-2023-24539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
    },
    {
      "name": "CVE-2014-3577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
    },
    {
      "name": "CVE-2022-41915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41915"
    },
    {
      "name": "CVE-2023-24532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
    },
    {
      "name": "CVE-2021-3156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2022-41721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
    },
    {
      "name": "CVE-2023-29400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
    },
    {
      "name": "CVE-2022-25881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
    },
    {
      "name": "CVE-2022-43548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
    },
    {
      "name": "CVE-2023-25930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25930"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2022-41724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
    },
    {
      "name": "CVE-2023-23919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
    },
    {
      "name": "CVE-2023-29255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29255"
    },
    {
      "name": "CVE-2023-24540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2022-38751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
    },
    {
      "name": "CVE-2023-24537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2022-43930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43930"
    },
    {
      "name": "CVE-2022-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
    },
    {
      "name": "CVE-2023-27559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27559"
    },
    {
      "name": "CVE-2022-43929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43929"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-41723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2019-19234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19234"
    },
    {
      "name": "CVE-2023-26022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26022"
    },
    {
      "name": "CVE-2022-41881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0504",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7008449 du 29 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7008449"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6998815 du 28 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/6998815"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7005519 du 26 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7005519"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-42003 (GCVE-0-2022-42003)

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature