cvelistv5 - cve-2013-2185

CVE-2013-2185 (GCVE-0-2013-2185)

Vulnerability from cvelistv5

Published

2014-01-19 16:00

Modified

2024-08-06 15:27

Severity ?

CWE

Summary

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186. NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2013/09/05/4	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2013-1193.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2013-1265.html	vendor-advisory, x_refsource_REDHAT
	http://openwall.com/lists/oss-security/2014/10/24/12	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2013-1194.html	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:27:41.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20130905 Re: CVE-2013-2185 / Tomcat",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/09/05/4"
          },
          {
            "name": "RHSA-2013:1193",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1193.html"
          },
          {
            "name": "RHSA-2013:1265",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1265.html"
          },
          {
            "name": "[oss-security] 20141024 Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2014/10/24/12"
          },
          {
            "name": "RHSA-2013:1194",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1194.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186.  NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-11-11T23:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20130905 Re: CVE-2013-2185 / Tomcat",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/09/05/4"
        },
        {
          "name": "RHSA-2013:1193",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1193.html"
        },
        {
          "name": "RHSA-2013:1265",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1265.html"
        },
        {
          "name": "[oss-security] 20141024 Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2014/10/24/12"
        },
        {
          "name": "RHSA-2013:1194",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1194.html"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-2185",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186.  NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20130905 Re: CVE-2013-2185 / Tomcat",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/09/05/4"
            },
            {
              "name": "RHSA-2013:1193",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1193.html"
            },
            {
              "name": "RHSA-2013:1265",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1265.html"
            },
            {
              "name": "[oss-security] 20141024 Re: Duplicate Request: CVE-2013-4444 as a duplicate of CVE-2013-2185",
              "refsource": "MLIST",
              "url": "http://openwall.com/lists/oss-security/2014/10/24/12"
            },
            {
              "name": "RHSA-2013:1194",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1194.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-2185",
    "datePublished": "2014-01-19T16:00:00.000Z",
    "dateReserved": "2013-02-19T00:00:00.000Z",
    "dateUpdated": "2024-08-06T15:27:41.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2022-AVI-568

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113
IBM	N/A	IBM Disconnected Log Collector versions 1.x antérieures à 1.7.3
IBM	N/A	IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x antérieures à 10.0.0.2
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.4 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.3 sans le correctif de sécurité 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209
IBM	N/A	IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix
IBM	N/A	IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x antérieures à 4.0.0.2
IBM	N/A	IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix

References

Title

Publication Time

Tags

Bulletin de sécurité les produits IBM 6595755 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595739 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595965 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595721 du 16 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM versions 7.5 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Disconnected Log Collector versions 1.x ant\u00e9rieures \u00e0 1.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x ant\u00e9rieures \u00e0 10.0.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.4 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.3 sans le correctif de s\u00e9curit\u00e9 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x ant\u00e9rieures \u00e0 4.0.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2014-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
    },
    {
      "name": "CVE-2022-22965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
    },
    {
      "name": "CVE-2012-5886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5886"
    },
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2016-6797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
    },
    {
      "name": "CVE-2016-8735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
    },
    {
      "name": "CVE-2020-8022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
    },
    {
      "name": "CVE-2013-4286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4286"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2012-5885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5885"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    },
    {
      "name": "CVE-2013-4590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4590"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2019-17195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2014-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0227"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2016-0706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2020-35490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2016-0714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
    },
    {
      "name": "CVE-2012-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4431"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2014-0230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2014-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
    },
    {
      "name": "CVE-2013-2185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2019-14439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2016-6794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2015-5174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
    },
    {
      "name": "CVE-2021-27568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
    },
    {
      "name": "CVE-2013-2067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
    },
    {
      "name": "CVE-2021-33813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2021-38153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
    },
    {
      "name": "CVE-2016-6816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
    },
    {
      "name": "CVE-2018-17196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17196"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2012-3546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2016-5018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
    },
    {
      "name": "CVE-2018-10237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
    },
    {
      "name": "CVE-2019-12814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
    },
    {
      "name": "CVE-2020-35491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2013-4322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4322"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2012-4534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4534"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2014-7810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7810"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2016-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2014-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2013-4444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4444"
    },
    {
      "name": "CVE-2012-3544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
    },
    {
      "name": "CVE-2012-5887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5887"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2017-5647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2015-5345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5345"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2016-5388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
    },
    {
      "name": "CVE-2014-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
    },
    {
      "name": "CVE-2012-2733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2733"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2016-6796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "initial_release_date": "2022-06-17T00:00:00",
  "last_revision_date": "2022-06-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-568",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595755 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595755"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595739 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595739"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595965 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595965"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595721 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595721"
    }
  ]
}

CERTFR-2025-AVI-0370

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling B2B Integrator	IBM Sterling B2B Integrator versions 6.1.x antérieures à 6.1.1.0
IBM	VIOS	VIOS se référer au site de l'éditeur pour les versions vulnérables, cf. section Documentation
IBM	Cognos Analytics	Cognos Analytics versions 12.1.x antérieures à 12.1.0 IF1
IBM	Cognos PowerPlay	Cognos PowerPlay versions 12.1.x antérieures à 12.1.0 IF1
IBM	Sterling B2B Integrator	IBM Sterling B2B Integrator versions antérieures à 6.0.0.7
IBM	Cognos Transformer	Cognos Transformer versions 11.2.x antérieures à 11.2.4 FP5
IBM	Cognos Transformer	Cognos Transformer versions 12.1.x antérieures à 12.1.0 IF1
IBM	Sterling B2B Integrator	IBM Sterling B2B Integrator versions 6.1.0.x antérieures à 6.1.0.3
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP11 IF04
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.4.5 IF5
IBM	WebSphere Automation	WebSphere Automation versions antérieures à 1.8.2
IBM	Sterling B2B Integrator	IBM Sterling B2B Integrator versions 6.0.3.x antérieures à 6.0.3.5
IBM	AIX	AIX se référer au site de l'éditeur pour les versions vulnérables, cf. section Documentation
IBM	Cognos Transformer	Cognos Transformer versions 12.0.x antérieures à 12.0.4 IF3
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.4 IF3

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6495961	2025-04-28	vendor-advisory
Bulletin de sécurité IBM 7231738	2025-04-29	vendor-advisory
Bulletin de sécurité IBM 7231815	2025-04-25	vendor-advisory
Bulletin de sécurité IBM 7231900	2025-04-29	vendor-advisory
Bulletin de sécurité IBM 7179496	2025-04-30	vendor-advisory
Bulletin de sécurité IBM 7231901	2025-04-29	vendor-advisory
Bulletin de sécurité IBM 7231915	2025-04-26	vendor-advisory
Bulletin de sécurité IBM 7232177	2025-04-30	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling B2B Integrator versions 6.1.x ant\u00e9rieures \u00e0 6.1.1.0",
      "product": {
        "name": "Sterling B2B Integrator",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions vuln\u00e9rables, cf. section Documentation",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos PowerPlay versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
      "product": {
        "name": "Cognos PowerPlay",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.0.0.7",
      "product": {
        "name": "Sterling B2B Integrator",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Transformer versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
      "product": {
        "name": "Cognos Transformer",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Transformer versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
      "product": {
        "name": "Cognos Transformer",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.3",
      "product": {
        "name": "Sterling B2B Integrator",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP11 IF04",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4.5 IF5",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Automation versions ant\u00e9rieures \u00e0 1.8.2",
      "product": {
        "name": "WebSphere Automation",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.0.3.x ant\u00e9rieures \u00e0 6.0.3.5",
      "product": {
        "name": "Sterling B2B Integrator",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions vuln\u00e9rables, cf. section Documentation",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Transformer versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF3",
      "product": {
        "name": "Cognos Transformer",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2016-6797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
    },
    {
      "name": "CVE-2016-8735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
    },
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2020-8022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
    },
    {
      "name": "CVE-2011-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
    },
    {
      "name": "CVE-2017-9047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
    },
    {
      "name": "CVE-2025-24813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
    },
    {
      "name": "CVE-2024-50302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
    },
    {
      "name": "CVE-2024-56171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
    },
    {
      "name": "CVE-2022-49043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
    },
    {
      "name": "CVE-2016-0714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
    },
    {
      "name": "CVE-2024-11218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11218"
    },
    {
      "name": "CVE-2014-0230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
    },
    {
      "name": "CVE-2024-53197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
    },
    {
      "name": "CVE-2013-2185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
    },
    {
      "name": "CVE-2006-7197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7197"
    },
    {
      "name": "CVE-2024-40695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40695"
    },
    {
      "name": "CVE-2024-57807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
    },
    {
      "name": "CVE-2025-21785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
    },
    {
      "name": "CVE-2016-6816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
    },
    {
      "name": "CVE-2024-57979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
    },
    {
      "name": "CVE-2016-5018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
    },
    {
      "name": "CVE-2023-52922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
    },
    {
      "name": "CVE-2024-51466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51466"
    },
    {
      "name": "CVE-2025-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
    },
    {
      "name": "CVE-2025-24928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
    },
    {
      "name": "CVE-2017-5647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
    },
    {
      "name": "CVE-2025-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
    },
    {
      "name": "CVE-2016-5388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
    },
    {
      "name": "CVE-2016-6796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    }
  ],
  "initial_release_date": "2025-05-02T00:00:00",
  "last_revision_date": "2025-05-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0370",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-04-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6495961",
      "url": "https://www.ibm.com/support/pages/node/6495961"
    },
    {
      "published_at": "2025-04-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231738",
      "url": "https://www.ibm.com/support/pages/node/7231738"
    },
    {
      "published_at": "2025-04-25",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231815",
      "url": "https://www.ibm.com/support/pages/node/7231815"
    },
    {
      "published_at": "2025-04-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231900",
      "url": "https://www.ibm.com/support/pages/node/7231900"
    },
    {
      "published_at": "2025-04-30",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7179496",
      "url": "https://www.ibm.com/support/pages/node/7179496"
    },
    {
      "published_at": "2025-04-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231901",
      "url": "https://www.ibm.com/support/pages/node/7231901"
    },
    {
      "published_at": "2025-04-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231915",
      "url": "https://www.ibm.com/support/pages/node/7231915"
    },
    {
      "published_at": "2025-04-30",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7232177",
      "url": "https://www.ibm.com/support/pages/node/7232177"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-2185 (GCVE-0-2013-2185)

Vulnerability from cvelistv5

CERTFR-2022-AVI-568

Vulnerability from certfr_avis

Solution

CERTFR-2025-AVI-0370

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature