cvelistv5 - cve-2016-5388

CVE-2016-5388 (GCVE-0-2016-5388)

Vulnerability from cvelistv5

Published

2016-07-19 01:00

Modified

2024-08-06 01:00

Severity ?

CWE

Summary

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2016:1635	vendor-advisory, x_refsource_REDHAT
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/797896	third-party-advisory, x_refsource_CERT-VN
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2045.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2046.html	vendor-advisory, x_refsource_REDHAT
	https://tomcat.apache.org/tomcat-7.0-doc/changelog.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/91818	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html	vendor-advisory, x_refsource_SUSE
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1624.html	vendor-advisory, x_refsource_REDHAT
	https://www.apache.org/security/asf-httpoxy-response.txt	x_refsource_CONFIRM
	https://httpoxy.org/	x_refsource_MISC
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1036331	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2016:1636	vendor-advisory, x_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:00:59.990Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2016:1635",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1635"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
          },
          {
            "name": "VU#797896",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/797896"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "RHSA-2016:2045",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2045.html"
          },
          {
            "name": "RHSA-2016:2046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2046.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
          },
          {
            "name": "91818",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91818"
          },
          {
            "name": "openSUSE-SU-2016:2252",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
          },
          {
            "name": "RHSA-2016:1624",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://httpoxy.org/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "1036331",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036331"
          },
          {
            "name": "RHSA-2016:1636",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1636"
          },
          {
            "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html"
          },
          {
            "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190925 [jira] [Created] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200813 CVE reporting discrepencies",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200813 Re: CVE reporting discrepencies",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20200814 Re: CVE reporting discrepencies",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-14T10:06:04.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2016:1635",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1635"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759"
        },
        {
          "name": "VU#797896",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/797896"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "RHSA-2016:2045",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2045.html"
        },
        {
          "name": "RHSA-2016:2046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2046.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
        },
        {
          "name": "91818",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91818"
        },
        {
          "name": "openSUSE-SU-2016:2252",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03770en_us"
        },
        {
          "name": "RHSA-2016:1624",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.apache.org/security/asf-httpoxy-response.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://httpoxy.org/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "name": "1036331",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036331"
        },
        {
          "name": "RHSA-2016:1636",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1636"
        },
        {
          "name": "[debian-lts-announce] 20190813 [SECURITY] [DLA 1883-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00015.html"
        },
        {
          "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190925 [jira] [Created] (AMQ-7310) Security Vulnerabilities in Tomcat-websocket-api.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200813 CVE reporting discrepencies",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc6b2147532416cc736e68a32678d3947b7053c3085cf43a9874fd102%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200813 Re: CVE reporting discrepencies",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2853582063cfd9e7fbae1e029ae004e6a83482ae9b70a698996353dd%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20200814 Re: CVE reporting discrepencies",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf21b368769ae70de4dee840a3228721ae442f1d51ad8742003aefe39%40%3Cusers.tomcat.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-5388",
    "datePublished": "2016-07-19T01:00:00.000Z",
    "dateReserved": "2016-06-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:00:59.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2022-AVI-568

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113
IBM	N/A	IBM Disconnected Log Collector versions 1.x antérieures à 1.7.3
IBM	N/A	IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x antérieures à 10.0.0.2
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.4 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217
IBM	QRadar SIEM	IBM QRadar SIEM versions 7.3 sans le correctif de sécurité 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209
IBM	N/A	IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix
IBM	N/A	IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x antérieures à 4.0.0.2
IBM	N/A	IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de sécurité Rational-RTCP-<product-name>-<product-version>-CVE-2022-22965-ifix

References

Title

Publication Time

Tags

Bulletin de sécurité les produits IBM 6595755 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595739 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595965 du 16 juin 2022	None	vendor-advisory
Bulletin de sécurité les produits IBM 6595721 du 16 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM versions 7.5 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Disconnected Log Collector versions 1.x ant\u00e9rieures \u00e0 1.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Customer and Network Analytics for Communications Service Providers and Datasets (CNA) versions 10.0.0.x ant\u00e9rieures \u00e0 10.0.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.4 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.3 sans le correctif de s\u00e9curit\u00e9 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Rational Test Control Panel component in Rational Test Workbench toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Analytic Accelerator Framework for Communication Service Providers (AAF) versions 4.0.0.x ant\u00e9rieures \u00e0 4.0.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Rational Test Control Panel component in Rational Test Virtualization Server toutes versions sans le correctif de s\u00e9curit\u00e9 Rational-RTCP-\u003cproduct-name\u003e-\u003cproduct-version\u003e-CVE-2022-22965-ifix",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2014-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
    },
    {
      "name": "CVE-2022-22965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
    },
    {
      "name": "CVE-2012-5886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5886"
    },
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2016-6797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
    },
    {
      "name": "CVE-2016-8735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
    },
    {
      "name": "CVE-2020-8022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
    },
    {
      "name": "CVE-2013-4286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4286"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2012-5885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5885"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2014-0119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
    },
    {
      "name": "CVE-2013-4590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4590"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2019-17195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2014-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0227"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2016-0706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0706"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2020-35490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2016-0714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
    },
    {
      "name": "CVE-2012-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4431"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2014-0230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2014-0099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
    },
    {
      "name": "CVE-2013-2185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2019-14439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2016-6794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6794"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2015-5174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5174"
    },
    {
      "name": "CVE-2021-27568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27568"
    },
    {
      "name": "CVE-2013-2067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2067"
    },
    {
      "name": "CVE-2021-33813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2021-38153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
    },
    {
      "name": "CVE-2016-6816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
    },
    {
      "name": "CVE-2018-17196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17196"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2012-3546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3546"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2016-5018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
    },
    {
      "name": "CVE-2018-10237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
    },
    {
      "name": "CVE-2019-12814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
    },
    {
      "name": "CVE-2020-35491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2013-4322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4322"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2012-4534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4534"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2014-7810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7810"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2016-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0762"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2014-0033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0033"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2013-4444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4444"
    },
    {
      "name": "CVE-2012-3544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3544"
    },
    {
      "name": "CVE-2012-5887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5887"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2017-5647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2015-5345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5345"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2016-5388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
    },
    {
      "name": "CVE-2014-0096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
    },
    {
      "name": "CVE-2012-2733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2733"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2016-6796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "initial_release_date": "2022-06-17T00:00:00",
  "last_revision_date": "2022-06-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-568",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595755 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595755"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595739 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595739"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595965 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595965"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 les produits IBM 6595721 du 16 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6595721"
    }
  ]
}

CERTFR-2025-AVI-0370

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling B2B Integrator	IBM Sterling B2B Integrator versions 6.1.x antérieures à 6.1.1.0
IBM	VIOS	VIOS se référer au site de l'éditeur pour les versions vulnérables, cf. section Documentation
IBM	Cognos Analytics	Cognos Analytics versions 12.1.x antérieures à 12.1.0 IF1
IBM	Cognos PowerPlay	Cognos PowerPlay versions 12.1.x antérieures à 12.1.0 IF1
IBM	Sterling B2B Integrator	IBM Sterling B2B Integrator versions antérieures à 6.0.0.7
IBM	Cognos Transformer	Cognos Transformer versions 11.2.x antérieures à 11.2.4 FP5
IBM	Cognos Transformer	Cognos Transformer versions 12.1.x antérieures à 12.1.0 IF1
IBM	Sterling B2B Integrator	IBM Sterling B2B Integrator versions 6.1.0.x antérieures à 6.1.0.3
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP11 IF04
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.4.5 IF5
IBM	WebSphere Automation	WebSphere Automation versions antérieures à 1.8.2
IBM	Sterling B2B Integrator	IBM Sterling B2B Integrator versions 6.0.3.x antérieures à 6.0.3.5
IBM	AIX	AIX se référer au site de l'éditeur pour les versions vulnérables, cf. section Documentation
IBM	Cognos Transformer	Cognos Transformer versions 12.0.x antérieures à 12.0.4 IF3
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.4 IF3

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6495961	2025-04-28	vendor-advisory
Bulletin de sécurité IBM 7231738	2025-04-29	vendor-advisory
Bulletin de sécurité IBM 7231815	2025-04-25	vendor-advisory
Bulletin de sécurité IBM 7231900	2025-04-29	vendor-advisory
Bulletin de sécurité IBM 7179496	2025-04-30	vendor-advisory
Bulletin de sécurité IBM 7231901	2025-04-29	vendor-advisory
Bulletin de sécurité IBM 7231915	2025-04-26	vendor-advisory
Bulletin de sécurité IBM 7232177	2025-04-30	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling B2B Integrator versions 6.1.x ant\u00e9rieures \u00e0 6.1.1.0",
      "product": {
        "name": "Sterling B2B Integrator",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions vuln\u00e9rables, cf. section Documentation",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos PowerPlay versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
      "product": {
        "name": "Cognos PowerPlay",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.0.0.7",
      "product": {
        "name": "Sterling B2B Integrator",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Transformer versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
      "product": {
        "name": "Cognos Transformer",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Transformer versions 12.1.x ant\u00e9rieures \u00e0 12.1.0 IF1",
      "product": {
        "name": "Cognos Transformer",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.3",
      "product": {
        "name": "Sterling B2B Integrator",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP11 IF04",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4.5 IF5",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Automation versions ant\u00e9rieures \u00e0 1.8.2",
      "product": {
        "name": "WebSphere Automation",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.0.3.x ant\u00e9rieures \u00e0 6.0.3.5",
      "product": {
        "name": "Sterling B2B Integrator",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX se r\u00e9f\u00e9rer au site de l\u0027\u00e9diteur pour les versions vuln\u00e9rables, cf. section Documentation",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Transformer versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF3",
      "product": {
        "name": "Cognos Transformer",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2016-6797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6797"
    },
    {
      "name": "CVE-2016-8735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8735"
    },
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2020-8022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8022"
    },
    {
      "name": "CVE-2011-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
    },
    {
      "name": "CVE-2017-9047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
    },
    {
      "name": "CVE-2025-24813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
    },
    {
      "name": "CVE-2024-50302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
    },
    {
      "name": "CVE-2024-56171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
    },
    {
      "name": "CVE-2022-49043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
    },
    {
      "name": "CVE-2016-0714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0714"
    },
    {
      "name": "CVE-2024-11218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11218"
    },
    {
      "name": "CVE-2014-0230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0230"
    },
    {
      "name": "CVE-2024-53197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
    },
    {
      "name": "CVE-2013-2185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2185"
    },
    {
      "name": "CVE-2006-7197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7197"
    },
    {
      "name": "CVE-2024-40695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40695"
    },
    {
      "name": "CVE-2024-57807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
    },
    {
      "name": "CVE-2025-21785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
    },
    {
      "name": "CVE-2016-6816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6816"
    },
    {
      "name": "CVE-2024-57979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
    },
    {
      "name": "CVE-2016-5018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5018"
    },
    {
      "name": "CVE-2023-52922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
    },
    {
      "name": "CVE-2024-51466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51466"
    },
    {
      "name": "CVE-2025-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
    },
    {
      "name": "CVE-2025-24928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
    },
    {
      "name": "CVE-2017-5647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
    },
    {
      "name": "CVE-2025-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
    },
    {
      "name": "CVE-2016-5388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5388"
    },
    {
      "name": "CVE-2016-6796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6796"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    }
  ],
  "initial_release_date": "2025-05-02T00:00:00",
  "last_revision_date": "2025-05-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0370",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-04-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6495961",
      "url": "https://www.ibm.com/support/pages/node/6495961"
    },
    {
      "published_at": "2025-04-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231738",
      "url": "https://www.ibm.com/support/pages/node/7231738"
    },
    {
      "published_at": "2025-04-25",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231815",
      "url": "https://www.ibm.com/support/pages/node/7231815"
    },
    {
      "published_at": "2025-04-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231900",
      "url": "https://www.ibm.com/support/pages/node/7231900"
    },
    {
      "published_at": "2025-04-30",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7179496",
      "url": "https://www.ibm.com/support/pages/node/7179496"
    },
    {
      "published_at": "2025-04-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231901",
      "url": "https://www.ibm.com/support/pages/node/7231901"
    },
    {
      "published_at": "2025-04-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7231915",
      "url": "https://www.ibm.com/support/pages/node/7231915"
    },
    {
      "published_at": "2025-04-30",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7232177",
      "url": "https://www.ibm.com/support/pages/node/7232177"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-5388 (GCVE-0-2016-5388)

Vulnerability from cvelistv5

CERTFR-2022-AVI-568

Vulnerability from certfr_avis

Solution

CERTFR-2025-AVI-0370

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature