Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-2601 (GCVE-0-2022-2601)
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2026-05-27 14:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - ->CWE-787
Summary
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-22T01:13:28.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://arstechnica.com/security/2024/08/a-patch-microsoft-spent-2-years-preparing-is-making-a-mess-for-some-linux-users/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230203-0004/"
},
{
"name": "GLSA-202311-14",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202311-14"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-2601",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T15:43:38.484246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:04:59.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grub2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "grub2 2.06 and lower"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122-\u003eCWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-25T12:06:24.538Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230203-0004/"
},
{
"name": "GLSA-202311-14",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202311-14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-2601",
"datePublished": "2022-12-14T00:00:00.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2026-05-27T14:04:59.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CERTFR-2024-AVI-0684
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | CBL Mariner 1.0 ARM versions antérieures à 2.06~rc1-10 | ||
| Microsoft | N/A | CBL Mariner 2.0 x64 versions antérieures à 2.06-10 | ||
| Microsoft | N/A | CBL Mariner 2.0 ARM versions antérieures à 2.06-10 | ||
| Microsoft | N/A | CBL Mariner 1.0 ARM versions antérieures à 2.06~rc1-9 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 antérieures à 17.6.18 | ||
| Microsoft | N/A | CBL Mariner 1.0 x64 versions antérieures à 2.06~rc1-9 | ||
| Microsoft | N/A | CBL Mariner 2.0 x64 versions antérieures à 2.06-8 | ||
| Microsoft | N/A | CBL Mariner 2.0 ARM versions antérieures à 2.06-8 | ||
| Microsoft | N/A | Microsoft Teams pour iOS versions antérieures à 7.13.0 | ||
| Microsoft | N/A | CBL Mariner 1.0 x64 versions antérieures à 2.06~rc1-10 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.10 antérieures à 17.10.6 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.8 antérieures à 17.8.13 | ||
| Microsoft | N/A | Microsoft Dynamics 365 (on-premises) version 9.1 antérieures à 1.31 | ||
| Microsoft | N/A | App Installer versions antérieures à 1.22.11261.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CBL Mariner 1.0 ARM versions ant\u00e9rieures \u00e0 2.06~rc1-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CBL Mariner 2.0 x64 versions ant\u00e9rieures \u00e0 2.06-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CBL Mariner 2.0 ARM versions ant\u00e9rieures \u00e0 2.06-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CBL Mariner 1.0 ARM versions ant\u00e9rieures \u00e0 2.06~rc1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6 ant\u00e9rieures \u00e0 17.6.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CBL Mariner 1.0 x64 versions ant\u00e9rieures \u00e0 2.06~rc1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CBL Mariner 2.0 x64 versions ant\u00e9rieures \u00e0 2.06-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CBL Mariner 2.0 ARM versions ant\u00e9rieures \u00e0 2.06-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Teams pour iOS versions ant\u00e9rieures \u00e0 7.13.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "CBL Mariner 1.0 x64 versions ant\u00e9rieures \u00e0 2.06~rc1-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.10 ant\u00e9rieures \u00e0 17.10.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.8 ant\u00e9rieures \u00e0 17.8.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 (on-premises) version 9.1 ant\u00e9rieures \u00e0 1.31",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "App Installer versions ant\u00e9rieures \u00e0 1.22.11261.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38167",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38167"
},
{
"name": "CVE-2024-38211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38211"
},
{
"name": "CVE-2024-38197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38197"
},
{
"name": "CVE-2022-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
},
{
"name": "CVE-2024-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38177"
},
{
"name": "CVE-2024-38168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38168"
},
{
"name": "CVE-2022-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
}
],
"initial_release_date": "2024-08-14T00:00:00",
"last_revision_date": "2024-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0684",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-3775",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3775"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38177",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38177"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38167",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38167"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-2601",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2601"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38168",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38168"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38211",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38211"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38197",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38197"
}
]
}
CERTFR-2024-AVI-0683
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Azure CycleCloud 8.4.0 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure Stack Hub versions antérieures à 1.2311.1.22 | ||
| Microsoft | N/A | Azure CycleCloud 8.0.0 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure CycleCloud 8.6.1 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure Linux 3.0 x64 versions antérieures à 2.06-14 | ||
| Microsoft | N/A | Azure CycleCloud 8.4.1 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure Health Bot | ||
| Microsoft | N/A | Azure CycleCloud 8.6.0 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure Linux 3.0 ARM versions antérieures à 2.06-14 | ||
| Microsoft | N/A | C SDK pour Azure IoT versions antérieures à 1.12.1 | ||
| Microsoft | N/A | Azure CycleCloud 8.2.2 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure CycleCloud 8.0.2 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure Connected Machine Agent versions antérieures à 1.44 | ||
| Microsoft | N/A | Azure IoT Hub Device Client SDK versions antérieures à 1.12.1 | ||
| Microsoft | N/A | Azure CycleCloud 8.1.0 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure CycleCloud 8.5.0 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure CycleCloud 8.3.0 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure CycleCloud 8.6.2 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure CycleCloud 8.2.0 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure CycleCloud 8.0.1 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure CycleCloud 8.1.1 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure CycleCloud 8.4.2 versions antérieures à 8.6.3 | ||
| Microsoft | N/A | Azure CycleCloud 8.2.1 versions antérieures à 8.6.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure CycleCloud 8.4.0 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Stack Hub versions ant\u00e9rieures \u00e0 1.2311.1.22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.0.0 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.6.1 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Linux 3.0 x64 versions ant\u00e9rieures \u00e0 2.06-14",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.4.1 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Health Bot",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.6.0 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Linux 3.0 ARM versions ant\u00e9rieures \u00e0 2.06-14",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "C SDK pour Azure IoT versions ant\u00e9rieures \u00e0 1.12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.2.2 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.0.2 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Connected Machine Agent versions ant\u00e9rieures \u00e0 1.44",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure IoT Hub Device Client SDK versions ant\u00e9rieures \u00e0 1.12.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.1.0 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.5.0 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.3.0 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.6.2 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.2.0 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.0.1 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.1.1 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.4.2 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure CycleCloud 8.2.1 versions ant\u00e9rieures \u00e0 8.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38108"
},
{
"name": "CVE-2022-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
},
{
"name": "CVE-2024-38201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38201"
},
{
"name": "CVE-2024-38098",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38098"
},
{
"name": "CVE-2024-38158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38158"
},
{
"name": "CVE-2024-38195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38195"
},
{
"name": "CVE-2024-38162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38162"
},
{
"name": "CVE-2022-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
},
{
"name": "CVE-2024-38109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38109"
},
{
"name": "CVE-2024-38157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38157"
}
],
"initial_release_date": "2024-08-14T00:00:00",
"last_revision_date": "2024-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0683",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38108",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38108"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2022-2601",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2601"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38098",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38098"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38201",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38201"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2022-3775",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3775"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38109",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38109"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38195",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38195"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38162",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38162"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38157",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38157"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38158",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38158"
}
]
}
CERTFR-2024-AVI-0681
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Microsoft indique que les vulnérabilités CVE-2024-38106, CVE-2024-38107, CVE-2024-38178, CVE-2024-38193 et CVE-2024-38213 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.22769 | ||
| Microsoft | N/A | Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.1457 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.4651 | ||
| Microsoft | N/A | Windows Server 2012 versions antérieures à 6.2.9200.24975 | ||
| Microsoft | N/A | Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.22023 | ||
| Microsoft | N/A | Windows 11 version 21H2 pour systèmes x64 antérieures à 10.0.22000.2710 | ||
| Microsoft | N/A | Windows 10 Version 1809 pour systèmes ARM64 versions antérieures à 10.0.17763.6054 | ||
| Microsoft | N/A | Windows Server 2019 versions antérieures à 10.0.17763.6189 | ||
| Microsoft | N/A | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) versions antérieures à 6.1.7601.27219 | ||
| Microsoft | N/A | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) versions antérieures à 6.1.7601.27277 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.4529 | ||
| Microsoft | N/A | Windows Server 2016 versions antérieures à 10.0.14393.7259 | ||
| Microsoft | N/A | Windows Server 2016 versions antérieures à 10.0.14393.7159 | ||
| Microsoft | N/A | Windows Server 2019 versions antérieures à 10.0.17763.6054 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.4651 | ||
| Microsoft | N/A | Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.22825 | ||
| Microsoft | N/A | Windows 11 version 21H2 pour systèmes ARM64 antérieures à 10.0.22000.3147 | ||
| Microsoft | N/A | Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22621.4037 | ||
| Microsoft | N/A | Windows Server 2012 R2 versions antérieures à 6.3.9600.22074 | ||
| Microsoft | N/A | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 versions antérieures à 6.1.7601.27277 | ||
| Microsoft | N/A | Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.950 | ||
| Microsoft | N/A | Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.25031 | ||
| Microsoft | N/A | Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.3737 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.4651 | ||
| Microsoft | N/A | Windows Server 2022 versions antérieures à 10.0.20348.2582 | ||
| Microsoft | N/A | Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22621.3880 | ||
| Microsoft | N/A | Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.5936 | ||
| Microsoft | N/A | Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.7070 | ||
| Microsoft | N/A | Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.7159 | ||
| Microsoft | N/A | Windows Server 2012 R2 versions antérieures à 1.001 | ||
| Microsoft | N/A | Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.7070 | ||
| Microsoft | N/A | Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22621.4037 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.4780 | ||
| Microsoft | N/A | Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.7159 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.4651 | ||
| Microsoft | N/A | Windows 11 version 21H2 pour systèmes x64 antérieures à 10.0.22000.3147 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.4529 | ||
| Microsoft | N/A | Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.7159 | ||
| Microsoft | N/A | Windows Server 2008 pour systèmes 32 bits Service Pack 2 versions antérieures à 6.0.6003.22769 | ||
| Microsoft | N/A | Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.5936 | ||
| Microsoft | N/A | Windows Server 2022 versions antérieures à 10.0.20348.2522 | ||
| Microsoft | N/A | Windows Server 2012 R2 versions antérieures à 6.3.9600.22023 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19041.3920 | ||
| Microsoft | N/A | Windows Server 2022 versions antérieures à 10.0.20348.2655 | ||
| Microsoft | N/A | Windows 10 pour systèmes x64 versions antérieures à 10.0.10240.20680 | ||
| Microsoft | N/A | Windows Server 2022 versions antérieures à 10.0.22000.2710 | ||
| Microsoft | N/A | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.22825 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.4529 | ||
| Microsoft | N/A | Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.2582 | ||
| Microsoft | N/A | Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.3880 | ||
| Microsoft | N/A | Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22621.3737 | ||
| Microsoft | N/A | Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.2522 | ||
| Microsoft | N/A | Windows Server 2008 pour systèmes x64 Service Pack 2 versions antérieures à 6.0.6003.22769 | ||
| Microsoft | N/A | Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.22134 | ||
| Microsoft | N/A | Windows Server 2008 pour systèmes x64 Service Pack 2 versions antérieures à 6.0.6003.22825 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.4780 | ||
| Microsoft | N/A | Windows Server 2012 R2 versions antérieures à 6.3.9600.22134 | ||
| Microsoft | N/A | Windows 10 pour systèmes 32 bits versions antérieures à 10.0.10240.20710 | ||
| Microsoft | N/A | Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.22769 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.4780 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19041.3920 | ||
| Microsoft | N/A | Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.6189 | ||
| Microsoft | N/A | Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.1457 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.4651 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.4780 | ||
| Microsoft | N/A | Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.7259 | ||
| Microsoft | N/A | Windows Server 2008 pour systèmes 32 bits Service Pack 2 versions antérieures à 6.0.6003.22825 | ||
| Microsoft | N/A | Windows Server 2012 versions antérieures à 6.2.9200.25031 | ||
| Microsoft | N/A | Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.4037 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19041.3920 | ||
| Microsoft | N/A | Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22621.3880 | ||
| Microsoft | N/A | Windows 11 version 21H2 pour systèmes ARM64 antérieures à 10.0.22000.3019 | ||
| Microsoft | N/A | Windows 11 version 21H2 pour systèmes x64 antérieures à 10.0.22000.3079 | ||
| Microsoft | N/A | Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.4037 | ||
| Microsoft | N/A | Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.6054 | ||
| Microsoft | N/A | Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.24975 | ||
| Microsoft | N/A | Windows 11 version 21H2 pour systèmes ARM64 antérieures à 10.0.22000.3079 | ||
| Microsoft | N/A | Windows Server 2008 R2 pour systèmes x64 Service Pack 1 versions antérieures à 6.1.7601.27219 | ||
| Microsoft | N/A | Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.5936 | ||
| Microsoft | N/A | Windows 11 version 21H2 pour systèmes x64 antérieures à 10.0.22000.3019 | ||
| Microsoft | N/A | Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.1009 | ||
| Microsoft | N/A | Windows 10 Version 1809 pour systèmes ARM64 versions antérieures à 10.0.17763.5936 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.4651 | ||
| Microsoft | N/A | Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.2655 | ||
| Microsoft | N/A | Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.22074 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.4529 | ||
| Microsoft | N/A | Windows 10 pour systèmes x64 versions antérieures à 10.0.10240.20751 | ||
| Microsoft | N/A | Windows Server 2012 versions antérieures à 6.2.9200.24919 | ||
| Microsoft | N/A | Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.7259 | ||
| Microsoft | N/A | Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.7259 | ||
| Microsoft | N/A | Windows 10 pour systèmes x64 versions antérieures à 10.0.10240.20710 | ||
| Microsoft | N/A | Windows 10 Version 1809 pour systèmes ARM64 versions antérieures à 10.0.17763.6189 | ||
| Microsoft | N/A | Windows 10 pour systèmes 32 bits versions antérieures à 10.0.10240.20751 | ||
| Microsoft | N/A | Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.3880 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19041.3920 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.4780 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.4529 | ||
| Microsoft | N/A | Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.6054 | ||
| Microsoft | N/A | Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22621.3737 | ||
| Microsoft | N/A | Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.24919 | ||
| Microsoft | N/A | Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.1085 | ||
| Microsoft | N/A | Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.6189 | ||
| Microsoft | N/A | Windows 10 pour systèmes 32 bits versions antérieures à 10.0.10240.20680 | ||
| Microsoft | N/A | Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.4529 | ||
| Microsoft | N/A | Windows Server 2016 versions antérieures à 10.0.14393.7070 | ||
| Microsoft | N/A | Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.7070 | ||
| Microsoft | N/A | Windows Server 2012 R2 (Server Core installation) versions antérieures à 1.001 | ||
| Microsoft | N/A | Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.4780 | ||
| Microsoft | N/A | Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.6054 | ||
| Microsoft | N/A | Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.6189 | ||
| Microsoft | N/A | Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.3737 | ||
| Microsoft | N/A | Remote Desktop client pour Windows Desktop versions antérieures à 1.2.5560.0 | ||
| Microsoft | N/A | Windows Server 2019 versions antérieures à 10.0.17763.5936 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.22769",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 24H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26100.1457",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.4651",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.24975",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.22023",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes x64 ant\u00e9rieures \u00e0 10.0.22000.2710",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.17763.6054",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.6189",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation) versions ant\u00e9rieures \u00e0 6.1.7601.27219",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation) versions ant\u00e9rieures \u00e0 6.1.7601.27277",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.4529",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.7259",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.7159",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.6054",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.4651",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.22825",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64 ant\u00e9rieures \u00e0 10.0.22000.3147",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22621.4037",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 6.3.9600.22074",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 versions ant\u00e9rieures \u00e0 6.1.7601.27277",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.950",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.25031",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.3737",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.4651",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.2582",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22621.3880",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.5936",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.7070",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.7159",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 1.001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.7070",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22621.4037",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.4780",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.7159",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.4651",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes x64 ant\u00e9rieures \u00e0 10.0.22000.3147",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.4529",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.7159",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.22769",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.5936",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.2522",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 6.3.9600.22023",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19041.3920",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.2655",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.10240.20680",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.22000.2710",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.22825",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.4529",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.2582",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.3880",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22621.3737",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.2522",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.22769",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.22134",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.22825",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.4780",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 6.3.9600.22134",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.10240.20710",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.22769",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.4780",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19041.3920",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.6189",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 24H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26100.1457",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.4651",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.4780",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.7259",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.22825",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.25031",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.4037",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19041.3920",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22621.3880",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64 ant\u00e9rieures \u00e0 10.0.22000.3019",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes x64 ant\u00e9rieures \u00e0 10.0.22000.3079",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.4037",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.6054",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.24975",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64 ant\u00e9rieures \u00e0 10.0.22000.3079",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 versions ant\u00e9rieures \u00e0 6.1.7601.27219",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.5936",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 version 21H2 pour syst\u00e8mes x64 ant\u00e9rieures \u00e0 10.0.22000.3019",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.1009",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.17763.5936",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.4651",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.2655",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.22074",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.4529",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.10240.20751",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.24919",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.7259",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.7259",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.10240.20710",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.17763.6189",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.10240.20751",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.3880",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19041.3920",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.4780",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.4529",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.6054",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22621.3737",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.24919",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.1085",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.6189",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.10240.20680",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.4529",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.7070",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.7070",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 1.001",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.4780",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.6054",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.6189",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.3737",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Remote Desktop client pour Windows Desktop versions ant\u00e9rieures \u00e0 1.2.5560.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.5936",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38147"
},
{
"name": "CVE-2024-38126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38126"
},
{
"name": "CVE-2024-38136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38136"
},
{
"name": "CVE-2024-38215",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38215"
},
{
"name": "CVE-2024-38123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38123"
},
{
"name": "CVE-2024-38185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38185"
},
{
"name": "CVE-2024-38163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38163"
},
{
"name": "CVE-2024-38132",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38132"
},
{
"name": "CVE-2024-38213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38213"
},
{
"name": "CVE-2024-38114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38114"
},
{
"name": "CVE-2024-38154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38154"
},
{
"name": "CVE-2024-38160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38160"
},
{
"name": "CVE-2024-38142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38142"
},
{
"name": "CVE-2022-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
},
{
"name": "CVE-2024-38187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38187"
},
{
"name": "CVE-2024-38138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38138"
},
{
"name": "CVE-2024-38115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38115"
},
{
"name": "CVE-2024-38122",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38122"
},
{
"name": "CVE-2024-38191",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38191"
},
{
"name": "CVE-2024-38184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38184"
},
{
"name": "CVE-2024-38145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38145"
},
{
"name": "CVE-2024-38198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38198"
},
{
"name": "CVE-2024-38121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38121"
},
{
"name": "CVE-2024-38106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38106"
},
{
"name": "CVE-2024-38148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38148"
},
{
"name": "CVE-2024-38161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38161"
},
{
"name": "CVE-2024-38063",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38063"
},
{
"name": "CVE-2024-38120",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38120"
},
{
"name": "CVE-2024-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38153"
},
{
"name": "CVE-2024-38127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38127"
},
{
"name": "CVE-2024-38223",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38223"
},
{
"name": "CVE-2024-38193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38193"
},
{
"name": "CVE-2024-38143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38143"
},
{
"name": "CVE-2024-38141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38141"
},
{
"name": "CVE-2024-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38178"
},
{
"name": "CVE-2024-38155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38155"
},
{
"name": "CVE-2024-38214",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38214"
},
{
"name": "CVE-2024-38128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38128"
},
{
"name": "CVE-2024-38134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38134"
},
{
"name": "CVE-2024-38118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38118"
},
{
"name": "CVE-2024-38144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38144"
},
{
"name": "CVE-2024-38199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38199"
},
{
"name": "CVE-2024-38186",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38186"
},
{
"name": "CVE-2024-38107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38107"
},
{
"name": "CVE-2024-38137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38137"
},
{
"name": "CVE-2024-38135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38135"
},
{
"name": "CVE-2024-38159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38159"
},
{
"name": "CVE-2024-38146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38146"
},
{
"name": "CVE-2024-38196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38196"
},
{
"name": "CVE-2024-38140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38140"
},
{
"name": "CVE-2024-38152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38152"
},
{
"name": "CVE-2024-29995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29995"
},
{
"name": "CVE-2024-38165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38165"
},
{
"name": "CVE-2024-37968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37968"
},
{
"name": "CVE-2024-38150",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38150"
},
{
"name": "CVE-2022-3775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
},
{
"name": "CVE-2024-38125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38125"
},
{
"name": "CVE-2024-38116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38116"
},
{
"name": "CVE-2024-38131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38131"
},
{
"name": "CVE-2024-38180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38180"
},
{
"name": "CVE-2024-38151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38151"
},
{
"name": "CVE-2024-38133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38133"
},
{
"name": "CVE-2024-38130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38130"
},
{
"name": "CVE-2023-40547",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40547"
},
{
"name": "CVE-2024-38117",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38117"
}
],
"initial_release_date": "2024-08-14T00:00:00",
"last_revision_date": "2024-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0681",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Windows. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nMicrosoft indique que les vuln\u00e9rabilit\u00e9s CVE-2024-38106, CVE-2024-38107, CVE-2024-38178, CVE-2024-38193 et CVE-2024-38213 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
"vendor_advisories": [
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38223",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38223"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38134",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38134"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38120",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38120"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-29995",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29995"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38161",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38161"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38136",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38136"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38131",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38131"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38153",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38153"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2022-3775",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3775"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38125",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38125"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38141",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38141"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38186",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38186"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2023-40547",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-40547"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38185",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38185"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38063",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38135",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38135"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38128",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38128"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38151",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38151"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38133",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38133"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38147",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38147"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38121",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38121"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38142",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38142"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38214",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38214"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38145",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38145"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38122",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38122"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38187",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38187"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38178",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38184",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38184"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38199",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38199"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2022-2601",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2601"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38213",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38213"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38106",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38215",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38215"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38114",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38114"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38140",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38140"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38130",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38130"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38138",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38138"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38115",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38115"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38165",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38165"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38150",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38150"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38152",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38152"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38155",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38155"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-37968",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37968"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38198",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38198"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38127",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38127"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38180",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38180"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38123",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38123"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38118",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38118"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38132",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38132"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38160",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38160"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38148",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38148"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38137",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38137"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38144",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38144"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38159",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38159"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38107",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38107"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38117",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38117"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38154",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38154"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38116",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38116"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38193",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38143",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38143"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38126",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38126"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38146",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38146"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38196",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38196"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38191",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38191"
},
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38163",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38163"
}
]
}
CERTFR-2023-AVI-0240
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une exécution de code arbitraire à distance, un déni de service à distance, un contournement de la politique de sécurité, une élévation de privilèges et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Global Mailbox versions 6.0.3.x antérieures à 6.0.3.8 | ||
| IBM | Spectrum | Spectrum Copy Data Management versions 2.2.x antérieures à 2.2.19.0 | ||
| IBM | Spectrum | Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.17.2 | ||
| IBM | Sterling | Sterling B2B Integrator versions 6.1.x antérieures à 6.1.2.1 | ||
| IBM | Spectrum | Spectrum Protect Plus versions 10.1.x antérieures à 10.1.14 | ||
| IBM | Spectrum | Spectrum Protect Client versions 8.1.x antérieures à 8.1.17.2 | ||
| IBM | Sterling | Sterling Global Mailbox versions 6.1.2.x antérieures à 6.1.2.2 | ||
| IBM | Sterling | Sterling B2B Integrator versions 6.0.x antérieures à 6.0.3.8 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Global Mailbox versions 6.0.3.x ant\u00e9rieures \u00e0 6.0.3.8",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Copy Data Management versions 2.2.x ant\u00e9rieures \u00e0 2.2.19.0",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Protect for Space Management versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.1",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Protect Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Global Mailbox versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.2",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.8",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-29581",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29581"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2022-4379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4379"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2020-36557",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36557"
},
{
"name": "CVE-2022-2639",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2639"
},
{
"name": "CVE-2022-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
},
{
"name": "CVE-2022-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0168"
},
{
"name": "CVE-2015-7501",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7501"
},
{
"name": "CVE-2022-29244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29244"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2022-46364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
},
{
"name": "CVE-2022-2078",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2078"
},
{
"name": "CVE-2022-1184",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1184"
},
{
"name": "CVE-2022-2586",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
},
{
"name": "CVE-2022-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
},
{
"name": "CVE-2021-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
},
{
"name": "CVE-2022-46363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2022-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
},
{
"name": "CVE-2021-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3640"
},
{
"name": "CVE-2023-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21835"
},
{
"name": "CVE-2022-36946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36946"
},
{
"name": "CVE-2022-24448",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24448"
},
{
"name": "CVE-2022-1055",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1055"
},
{
"name": "CVE-2022-1353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1353"
},
{
"name": "CVE-2022-42436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42436"
},
{
"name": "CVE-2022-28390",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28390"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2020-36558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36558"
}
],
"initial_release_date": "2023-03-17T00:00:00",
"last_revision_date": "2023-03-17T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0240",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963960",
"url": "https://www.ibm.com/support/pages/node/6963960"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963958",
"url": "https://www.ibm.com/support/pages/node/6963958"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963962",
"url": "https://www.ibm.com/support/pages/node/6963962"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963936",
"url": "https://www.ibm.com/support/pages/node/6963936"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963956",
"url": "https://www.ibm.com/support/pages/node/6963956"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6960747",
"url": "https://www.ibm.com/support/pages/node/6960747"
},
{
"published_at": "2023-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6956237",
"url": "https://www.ibm.com/support/pages/node/6956237"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6960739",
"url": "https://www.ibm.com/support/pages/node/6960739"
},
{
"published_at": "2023-03-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963954",
"url": "https://www.ibm.com/support/pages/node/6963954"
}
]
}
CERTFR-2023-AVI-0258
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une élévation de privilèges, un déni de service à distance, une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Protect Client versions 8.1.x antérieures à 8.1.17.2 | ||
| IBM | WebSphere | IBM WebSphere Remote Server version 9.0 déployée avec une version de IBM WebSphere Application Server antérieure à 9.0.5.14 incluant le correctif PH52925 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.14 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Protect Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere Remote Server version 9.0 d\u00e9ploy\u00e9e avec une version de IBM WebSphere Application Server ant\u00e9rieure \u00e0 9.0.5.14 incluant le correctif PH52925",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.14",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2023-26283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26283"
},
{
"name": "CVE-2022-32190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2022-4269",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2022-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2022-2421",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2421"
},
{
"name": "CVE-2022-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1016"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2022-0854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0854"
},
{
"name": "CVE-2022-28893",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28893"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2023-27863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27863"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2022-2047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2047"
},
{
"name": "CVE-2022-43945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2023-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2022-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"initial_release_date": "2023-03-24T00:00:00",
"last_revision_date": "2023-03-24T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0258",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-03-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, une \u00e9l\u00e9vation de\nprivil\u00e8ges, un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance\n(XSS) et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6963786 du 23 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6963786"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6965816 du 23 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6965816"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6965812 du 23 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6965812"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6965822 du 23 mars 2023",
"url": "https://www.ibm.com/support/pages/node/6965822"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…