cvelistv5 - cve-2019-20916

CVE-2019-20916 (GCVE-0-2019-20916)

Vulnerability from cvelistv5

Published

2020-09-04 19:20

Modified

2024-08-05 03:00

Severity ?

CWE

Summary

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

References

URL

Tags

	https://github.com/pypa/pip/issues/6413	x_refsource_MISC
	https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace	x_refsource_MISC
	https://github.com/pypa/pip/compare/19.1.1...19.2	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html	vendor-advisory, x_refsource_SUSE
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:00:17.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pypa/pip/issues/6413"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pypa/pip/compare/19.1.1...19.2"
          },
          {
            "name": "[debian-lts-announce] 20200911 [SECURITY] [DLA 2370-1] python-pip security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html"
          },
          {
            "name": "openSUSE-SU-2020:1598",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html"
          },
          {
            "name": "openSUSE-SU-2020:1613",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:12:52.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pypa/pip/issues/6413"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pypa/pip/compare/19.1.1...19.2"
        },
        {
          "name": "[debian-lts-announce] 20200911 [SECURITY] [DLA 2370-1] python-pip security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html"
        },
        {
          "name": "openSUSE-SU-2020:1598",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html"
        },
        {
          "name": "openSUSE-SU-2020:1613",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-20916",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/pypa/pip/issues/6413",
              "refsource": "MISC",
              "url": "https://github.com/pypa/pip/issues/6413"
            },
            {
              "name": "https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace",
              "refsource": "MISC",
              "url": "https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace"
            },
            {
              "name": "https://github.com/pypa/pip/compare/19.1.1...19.2",
              "refsource": "MISC",
              "url": "https://github.com/pypa/pip/compare/19.1.1...19.2"
            },
            {
              "name": "[debian-lts-announce] 20200911 [SECURITY] [DLA 2370-1] python-pip security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2020:1598",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html"
            },
            {
              "name": "openSUSE-SU-2020:1613",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-20916",
    "datePublished": "2020-09-04T19:20:55.000Z",
    "dateReserved": "2020-09-04T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:00:17.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2026-AVI-0395

Vulnerability from certfr_avis

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	WebSphere	WebSphere eXtreme Scale versions 8.6.1.x sans le correctif de sécurité PH70422
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP15 IF01
IBM	WebSphere Automation	WebSphere Automation versions antérieures à 1.12.0
IBM	Storage Protect	Storage Protect Plus Server versions 10.1.x antérieures à 10.1.18

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7268179	2026-03-31	vendor-advisory
Bulletin de sécurité IBM 7267689	2026-03-26	vendor-advisory
Bulletin de sécurité IBM 7268331	2026-04-01	vendor-advisory
Bulletin de sécurité IBM 7267801	2026-03-27	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "WebSphere eXtreme Scale versions 8.6.1.x sans le correctif de s\u00e9curit\u00e9 PH70422",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP15 IF01",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Automation versions ant\u00e9rieures \u00e0 1.12.0",
      "product": {
        "name": "WebSphere Automation",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Storage Protect Plus Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.18",
      "product": {
        "name": "Storage Protect",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-26007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
    },
    {
      "name": "CVE-2025-40064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40064"
    },
    {
      "name": "CVE-2025-31651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
    },
    {
      "name": "CVE-2021-3200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3200"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2026-21933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
    },
    {
      "name": "CVE-2026-21932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
    },
    {
      "name": "CVE-2024-42316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42316"
    },
    {
      "name": "CVE-2023-3006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3006"
    },
    {
      "name": "CVE-2026-27205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27205"
    },
    {
      "name": "CVE-2017-18342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18342"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2021-3733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
    },
    {
      "name": "CVE-2022-2255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2255"
    },
    {
      "name": "CVE-2019-20477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20477"
    },
    {
      "name": "CVE-2022-48468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48468"
    },
    {
      "name": "CVE-2020-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
    },
    {
      "name": "CVE-2024-38286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38286"
    },
    {
      "name": "CVE-2024-43898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43898"
    },
    {
      "name": "CVE-2019-20907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
    },
    {
      "name": "CVE-2021-44568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44568"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2020-14343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
    },
    {
      "name": "CVE-2021-33929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33929"
    },
    {
      "name": "CVE-2021-23336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
    },
    {
      "name": "CVE-2019-9947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
    },
    {
      "name": "CVE-2018-20852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
    },
    {
      "name": "CVE-2024-5629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5629"
    },
    {
      "name": "CVE-2021-28957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28957"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2025-69419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
    },
    {
      "name": "CVE-2025-24813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2021-33503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33503"
    },
    {
      "name": "CVE-2021-46877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46877"
    },
    {
      "name": "CVE-2021-42771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
    },
    {
      "name": "CVE-2025-71085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-71085"
    },
    {
      "name": "CVE-2025-55752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
    },
    {
      "name": "CVE-2021-33928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33928"
    },
    {
      "name": "CVE-2022-48565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
    },
    {
      "name": "CVE-2020-26116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
    },
    {
      "name": "CVE-2018-18074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
    },
    {
      "name": "CVE-2020-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2024-27398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27398"
    },
    {
      "name": "CVE-2019-9636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
    },
    {
      "name": "CVE-2026-21925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
    },
    {
      "name": "CVE-2019-11340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11340"
    },
    {
      "name": "CVE-2026-21860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21860"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2022-1705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
    },
    {
      "name": "CVE-2024-23672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2026-23074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23074"
    },
    {
      "name": "CVE-2025-55754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2024-56337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
    },
    {
      "name": "CVE-2022-42919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42919"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2019-9948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
    },
    {
      "name": "CVE-2026-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1188"
    },
    {
      "name": "CVE-2024-43823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43823"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2026-27199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27199"
    },
    {
      "name": "CVE-2021-4189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
    },
    {
      "name": "CVE-2021-29921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
    },
    {
      "name": "CVE-2025-52520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
    },
    {
      "name": "CVE-2021-3426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
    },
    {
      "name": "CVE-2025-12818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
    },
    {
      "name": "CVE-2025-38129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38129"
    },
    {
      "name": "CVE-2019-9740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
    },
    {
      "name": "CVE-2019-20916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
    },
    {
      "name": "CVE-2026-23001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23001"
    },
    {
      "name": "CVE-2021-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
    },
    {
      "name": "CVE-2024-42294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42294"
    },
    {
      "name": "CVE-2021-33930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33930"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2020-27619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
    },
    {
      "name": "CVE-2025-52434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
    },
    {
      "name": "CVE-2020-8492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
    },
    {
      "name": "CVE-2022-48560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
    },
    {
      "name": "CVE-2019-18874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18874"
    },
    {
      "name": "CVE-2025-49124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
    },
    {
      "name": "CVE-2025-8869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
    },
    {
      "name": "CVE-2021-3177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
    },
    {
      "name": "CVE-2024-34750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
    },
    {
      "name": "CVE-2020-26137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
    },
    {
      "name": "CVE-2021-20270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20270"
    },
    {
      "name": "CVE-2019-11324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
    },
    {
      "name": "CVE-2024-46759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46759"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2019-11236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
    },
    {
      "name": "CVE-2026-21945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
    },
    {
      "name": "CVE-2024-36880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36880"
    },
    {
      "name": "CVE-2019-16056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
    },
    {
      "name": "CVE-2024-43820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43820"
    },
    {
      "name": "CVE-2024-43821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43821"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2025-53506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
    },
    {
      "name": "CVE-2025-31650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
    },
    {
      "name": "CVE-2024-4032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
    },
    {
      "name": "CVE-2024-50067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2024-50379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
    },
    {
      "name": "CVE-2025-14847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14847"
    },
    {
      "name": "CVE-2015-20107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
    },
    {
      "name": "CVE-2024-42321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42321"
    },
    {
      "name": "CVE-2024-52317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52317"
    },
    {
      "name": "CVE-2026-23097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23097"
    },
    {
      "name": "CVE-2020-28493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
    },
    {
      "name": "CVE-2020-27783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
    },
    {
      "name": "CVE-2019-7548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7548"
    },
    {
      "name": "CVE-2020-14422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14422"
    },
    {
      "name": "CVE-2024-52316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
    },
    {
      "name": "CVE-2021-33938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33938"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2021-43818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43818"
    },
    {
      "name": "CVE-2019-16935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
    },
    {
      "name": "CVE-2025-68800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68800"
    },
    {
      "name": "CVE-2021-27291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27291"
    },
    {
      "name": "CVE-2019-7164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7164"
    },
    {
      "name": "CVE-2021-43618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
    },
    {
      "name": "CVE-2025-38248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38248"
    },
    {
      "name": "CVE-2024-6923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
    },
    {
      "name": "CVE-2024-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
    }
  ],
  "initial_release_date": "2026-04-03T00:00:00",
  "last_revision_date": "2026-04-03T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0395",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2026-03-31",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7268179",
      "url": "https://www.ibm.com/support/pages/node/7268179"
    },
    {
      "published_at": "2026-03-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7267689",
      "url": "https://www.ibm.com/support/pages/node/7267689"
    },
    {
      "published_at": "2026-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7268331",
      "url": "https://www.ibm.com/support/pages/node/7268331"
    },
    {
      "published_at": "2026-03-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7267801",
      "url": "https://www.ibm.com/support/pages/node/7267801"
    }
  ]
}

CERTFR-2025-AVI-0135

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans IBM QRadar Deployment Intelligence App. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	IBM	QRadar SIEM	QRadar Deployment Intelligence App versions antérieures à 3.0.16

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7182930

2025-02-09

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.16",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-42459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2024-42460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
    },
    {
      "name": "CVE-2021-33503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33503"
    },
    {
      "name": "CVE-2018-18074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18074"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2020-25659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25659"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2024-48948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2023-38325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2019-20916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
    },
    {
      "name": "CVE-2024-52798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2020-36242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
    },
    {
      "name": "CVE-2019-11236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
    },
    {
      "name": "CVE-2024-42461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2023-5752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    }
  ],
  "initial_release_date": "2025-02-14T00:00:00",
  "last_revision_date": "2025-02-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0135",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar Deployment Intelligence App. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar Deployment Intelligence App",
  "vendor_advisories": [
    {
      "published_at": "2025-02-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7182930",
      "url": "https://www.ibm.com/support/pages/node/7182930"
    }
  ]
}

CERTFR-2025-AVI-0546

Vulnerability from certfr_avis

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	WebSphere	WebSphere Application Server versions 8.5.x sans les derniers correctifs de sécurité
IBM	WebSphere Service Registry and Repository	WebSphere Service Registry and Repository sans les derniers correctifs de sécurité
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web services versions 6.4.x antérieures à 6.4.0.3
IBM	WebSphere	WebSphere Application Server versions 9.0.x sans les derniers correctifs de sécurité
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web services versions 6.3.x antérieures à 6.3.0.14
IBM	Spectrum	Spectrum Protect Plus versions 10.1.x antérieures à 10.1.17.1
IBM	QRadar	QRadar Hub versions antérieures à 3.8.3
IBM	AIX	AIX versions 7.3.x sans les derniers correctif de sécurité
IBM	Db2	DB2 Data Management Console pour CPD versions antérieures à 4.8.7
IBM	QRadar Deployment Intelligence App	QRadar Deployment Intelligence App versions antérieures à 3.0.17

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7238297	2025-06-27	vendor-advisory
Bulletin de sécurité IBM 7237702	2025-06-23	vendor-advisory
Bulletin de sécurité IBM 7237967	2025-06-25	vendor-advisory
Bulletin de sécurité IBM 7238168	2025-06-26	vendor-advisory
Bulletin de sécurité IBM 7238156	2025-06-26	vendor-advisory
Bulletin de sécurité IBM 7238155	2025-06-26	vendor-advisory
Bulletin de sécurité IBM 7238295	2025-06-27	vendor-advisory
Bulletin de sécurité IBM 7238159	2025-06-26	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "WebSphere Application Server versions 8.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Service Registry and Repository sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere Service Registry and Repository",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.3",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 9.0.x sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.14",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.17.1",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Hub versions ant\u00e9rieures \u00e0 3.8.3",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 7.3.x sans les derniers correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DB2 Data Management Console pour CPD versions ant\u00e9rieures \u00e0 4.8.7",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.17",
      "product": {
        "name": "QRadar Deployment Intelligence App",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-25577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2024-49766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
    },
    {
      "name": "CVE-2023-23934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
    },
    {
      "name": "CVE-2024-34069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
    },
    {
      "name": "CVE-2024-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
    },
    {
      "name": "CVE-2020-29651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29651"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2024-8305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8305"
    },
    {
      "name": "CVE-2023-1409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1409"
    },
    {
      "name": "CVE-2024-45338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
    },
    {
      "name": "CVE-2024-7553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7553"
    },
    {
      "name": "CVE-2024-36124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36124"
    },
    {
      "name": "CVE-2024-56406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
    },
    {
      "name": "CVE-2025-27152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2024-8207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8207"
    },
    {
      "name": "CVE-2024-3372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3372"
    },
    {
      "name": "CVE-2025-33214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33214"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2023-46136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2019-20916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
    },
    {
      "name": "CVE-2020-7789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7789"
    },
    {
      "name": "CVE-2024-52798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
    },
    {
      "name": "CVE-2024-49767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
    },
    {
      "name": "CVE-2025-41232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2023-1077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1077"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2022-42969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
    },
    {
      "name": "CVE-2023-30861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2024-56334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56334"
    },
    {
      "name": "CVE-2020-28493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
    },
    {
      "name": "CVE-2024-6375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6375"
    },
    {
      "name": "CVE-2025-36038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36038"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    }
  ],
  "initial_release_date": "2025-06-27T00:00:00",
  "last_revision_date": "2025-06-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0546",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238297",
      "url": "https://www.ibm.com/support/pages/node/7238297"
    },
    {
      "published_at": "2025-06-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7237702",
      "url": "https://www.ibm.com/support/pages/node/7237702"
    },
    {
      "published_at": "2025-06-25",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7237967",
      "url": "https://www.ibm.com/support/pages/node/7237967"
    },
    {
      "published_at": "2025-06-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238168",
      "url": "https://www.ibm.com/support/pages/node/7238168"
    },
    {
      "published_at": "2025-06-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238156",
      "url": "https://www.ibm.com/support/pages/node/7238156"
    },
    {
      "published_at": "2025-06-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238155",
      "url": "https://www.ibm.com/support/pages/node/7238155"
    },
    {
      "published_at": "2025-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238295",
      "url": "https://www.ibm.com/support/pages/node/7238295"
    },
    {
      "published_at": "2025-06-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7238159",
      "url": "https://www.ibm.com/support/pages/node/7238159"
    }
  ]
}

CERTFR-2021-AVI-912

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans IBM Qradar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	QRadar	IBM QRadar SIEM 7.4.x versions antérieures à 7.4.3 Fix Pack 4
	IBM	QRadar	IBM QRadar SIEM 7.3.x versions antérieures à 7.3.3 Fix Pack 10

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6520480 du 30 novembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6520472 du 30 novembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6520674 du 30 novembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM 7.4.x versions ant\u00e9rieures \u00e0 7.4.3 Fix Pack 4",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM 7.3.x versions ant\u00e9rieures \u00e0 7.3.3 Fix Pack 10",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-12749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
    },
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2021-32027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32027"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2021-28169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
    },
    {
      "name": "CVE-2020-27777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
    },
    {
      "name": "CVE-2021-27219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
    },
    {
      "name": "CVE-2021-29154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
    },
    {
      "name": "CVE-2019-12735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
    },
    {
      "name": "CVE-2019-9636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
    },
    {
      "name": "CVE-2018-8029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8029"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2021-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
    },
    {
      "name": "CVE-2021-22696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22696"
    },
    {
      "name": "CVE-2021-28163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
    },
    {
      "name": "CVE-2021-28165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
    },
    {
      "name": "CVE-2018-11768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11768"
    },
    {
      "name": "CVE-2021-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
    },
    {
      "name": "CVE-2019-3856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
    },
    {
      "name": "CVE-2019-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
    },
    {
      "name": "CVE-2020-9492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
    },
    {
      "name": "CVE-2019-20916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
    },
    {
      "name": "CVE-2020-13954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13954"
    },
    {
      "name": "CVE-2021-29650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
    },
    {
      "name": "CVE-2021-3715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
    },
    {
      "name": "CVE-2021-32028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32028"
    },
    {
      "name": "CVE-2018-12020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
    },
    {
      "name": "CVE-2018-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
    },
    {
      "name": "CVE-2018-10897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
    },
    {
      "name": "CVE-2021-22555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    },
    {
      "name": "CVE-2019-3855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
    },
    {
      "name": "CVE-2021-32399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
    },
    {
      "name": "CVE-2019-3857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
    },
    {
      "name": "CVE-2019-9924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
    },
    {
      "name": "CVE-2020-7226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7226"
    },
    {
      "name": "CVE-2018-18751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
    },
    {
      "name": "CVE-2017-15713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15713"
    },
    {
      "name": "CVE-2017-15804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15804"
    }
  ],
  "initial_release_date": "2021-12-01T00:00:00",
  "last_revision_date": "2021-12-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-912",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-01T00:00:00.000000"
    },
    {
      "description": "Ajout du bulletin de s\u00e9curit\u00e9 IBM 6520674 du 30 novembre 2021.",
      "revision_date": "2021-12-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Qradar.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Qradar",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6520480 du 30 novembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6520480"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6520472 du 30 novembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6520472"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6520674 du 30 novembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6520674"
    }
  ]
}

CERTFR-2025-AVI-0538

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu	Tanzu pour Postgres versions antérieures à 13.21.0
VMware	Tanzu	Tanzu pour Postgres versions 14.x antérieures à 14.18.0
VMware	Tanzu	Tanzu pour Postgres versions 17.x antérieures à 17.5.0
VMware	Tanzu	Tanzu pour Postgres versions 16x antérieures à 16.9.0
VMware	Tanzu	Tanzu pour Postgres versions 15.x antérieures à 15.13.0

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 35866	2025-06-25	vendor-advisory
Bulletin de sécurité VMware 35867	2025-06-25	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu pour Postgres versions ant\u00e9rieures \u00e0 13.21.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Postgres versions 14.x ant\u00e9rieures \u00e0 14.18.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Postgres versions 17.x ant\u00e9rieures \u00e0 17.5.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Postgres versions 16x ant\u00e9rieures \u00e0 16.9.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Postgres versions 15.x ant\u00e9rieures \u00e0 15.13.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2023-29483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2024-5998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5998"
    },
    {
      "name": "CVE-2024-31583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31583"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2024-11392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11392"
    },
    {
      "name": "CVE-2024-56326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
    },
    {
      "name": "CVE-2024-24791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
    },
    {
      "name": "CVE-2023-50447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50447"
    },
    {
      "name": "CVE-2024-34062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34062"
    },
    {
      "name": "CVE-2024-7804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7804"
    },
    {
      "name": "CVE-2024-39705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39705"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2024-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3571"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2024-24788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
    },
    {
      "name": "CVE-2024-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3095"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2024-11393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11393"
    },
    {
      "name": "CVE-2024-28219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28219"
    },
    {
      "name": "CVE-2024-53899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53899"
    },
    {
      "name": "CVE-2024-12720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12720"
    },
    {
      "name": "CVE-2024-30251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30251"
    },
    {
      "name": "CVE-2024-27306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2019-20916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
    },
    {
      "name": "CVE-2024-56201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
    },
    {
      "name": "CVE-2024-5569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2024-5206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5206"
    },
    {
      "name": "CVE-2024-27454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27454"
    },
    {
      "name": "CVE-2024-42367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42367"
    },
    {
      "name": "CVE-2024-43497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43497"
    },
    {
      "name": "CVE-2024-8309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8309"
    },
    {
      "name": "CVE-2024-0243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0243"
    },
    {
      "name": "CVE-2024-31580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31580"
    },
    {
      "name": "CVE-2024-24787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
    },
    {
      "name": "CVE-2024-52304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
    },
    {
      "name": "CVE-2025-4207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2022-42969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
    },
    {
      "name": "CVE-2025-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2024-23829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
    },
    {
      "name": "CVE-2024-11394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11394"
    },
    {
      "name": "CVE-2023-47248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47248"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2024-24786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
    },
    {
      "name": "CVE-2024-39689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2024-2965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2965"
    },
    {
      "name": "CVE-2024-28088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28088"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2024-1455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1455"
    },
    {
      "name": "CVE-2024-23334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
    }
  ],
  "initial_release_date": "2025-06-26T00:00:00",
  "last_revision_date": "2025-06-26T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0538",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
  "vendor_advisories": [
    {
      "published_at": "2025-06-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35866",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35866"
    },
    {
      "published_at": "2025-06-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35867",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35867"
    }
  ]
}

CERTFR-2021-AVI-952

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données. IBM note que CentOS 6 est en fin de vie. L'éditeur préconise des actions à envisager pour corriger des défauts de sécurité connus. Lien : http://ibm.biz/qradarcentos6

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	QRadar SIEM	IBM QRadar SIEM versions 7.4.0 à 7.4.3 FP 4
	IBM	QRadar SIEM	IBM QRadar SIEM versions 7.3.0 à 7.3.3 FP 10

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6520674 du 14 décembre 2021

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM versions 7.4.0 \u00e0 7.4.3 FP 4",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.3.0 \u00e0 7.3.3 FP 10",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-12749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2021-27219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
    },
    {
      "name": "CVE-2019-12735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
    },
    {
      "name": "CVE-2019-9636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2021-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
    },
    {
      "name": "CVE-2021-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
    },
    {
      "name": "CVE-2019-3856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
    },
    {
      "name": "CVE-2019-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
    },
    {
      "name": "CVE-2019-20916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
    },
    {
      "name": "CVE-2018-12020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12020"
    },
    {
      "name": "CVE-2018-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
    },
    {
      "name": "CVE-2018-10897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    },
    {
      "name": "CVE-2019-3855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
    },
    {
      "name": "CVE-2019-3857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
    },
    {
      "name": "CVE-2017-15804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15804"
    }
  ],
  "initial_release_date": "2021-12-15T00:00:00",
  "last_revision_date": "2021-12-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-952",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es. IBM note que CentOS 6 est en\nfin de vie. L\u0027\u00e9diteur pr\u00e9conise des actions \u00e0 envisager pour corriger\ndes d\u00e9fauts de s\u00e9curit\u00e9 connus. Lien : \u003chttp://ibm.biz/qradarcentos6\u003e\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6520674 du 14 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6520674"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-20916 (GCVE-0-2019-20916)

Vulnerability from cvelistv5

CERTFR-2026-AVI-0395

Vulnerability from certfr_avis

Solutions

CERTFR-2025-AVI-0135

Vulnerability from certfr_avis

Solutions

CERTFR-2025-AVI-0546

Vulnerability from certfr_avis

Solutions

CERTFR-2021-AVI-912

Vulnerability from certfr_avis

Solution

CERTFR-2025-AVI-0538

Vulnerability from certfr_avis

Solutions

CERTFR-2021-AVI-952

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature