cvelistv5 - cve-2023-1436

CVE-2023-1436 (GCVE-0-2023-1436)

Vulnerability from cvelistv5

Published

2023-03-16 20:59

Modified

2025-02-26 15:02

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674 - Uncontrolled Recursion

Summary

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.

References

URL

Tags

https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/

Impacted products

	Vendor	Product	Version
	jettison	jettison	Version: 0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:49:11.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-1436",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T15:02:11.232279Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T15:02:24.639Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://mvnrepository.com",
          "packageName": "org.codehaus.jettison:jettison",
          "product": "jettison",
          "vendor": "jettison",
          "versions": [
            {
              "lessThan": "1.5.4",
              "status": "affected",
              "version": "0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.\u003c/p\u003e"
            }
          ],
          "value": "An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674 Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-22T04:59:51.072Z",
        "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
        "shortName": "JFROG"
      },
      "references": [
        {
          "url": "https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Infinite recursion in Jettison leads to denial of service when creating a crafted JSONArray"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
    "assignerShortName": "JFROG",
    "cveId": "CVE-2023-1436",
    "datePublished": "2023-03-16T20:59:51.072Z",
    "dateReserved": "2023-03-16T20:44:44.527Z",
    "dateUpdated": "2025-02-26T15:02:24.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"collectionURL\": \"https://mvnrepository.com\", \"vendor\": \"jettison\", \"product\": \"jettison\", \"packageName\": \"org.codehaus.jettison:jettison\", \"versions\": [{\"lessThan\": \"1.5.4\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"maven\"}]}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cp\u003eAn infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.\u003c/p\u003e\"}], \"value\": \"An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.\\n\\n\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-674\", \"description\": \"CWE-674 Uncontrolled Recursion\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"48a46f29-ae42-4e1d-90dd-c1676c1e5e6d\", \"shortName\": \"JFROG\", \"dateUpdated\": \"2023-03-22T04:59:51.072Z\"}, \"references\": [{\"url\": \"https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/\"}], \"source\": {\"discovery\": \"INTERNAL\"}, \"title\": \"Infinite recursion in Jettison leads to denial of service when creating a crafted JSONArray\"}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:49:11.438Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-1436\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T15:02:11.232279Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-26T15:02:18.403Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-1436\", \"assignerOrgId\": \"48a46f29-ae42-4e1d-90dd-c1676c1e5e6d\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"JFROG\", \"dateReserved\": \"2023-03-16T20:44:44.527Z\", \"datePublished\": \"2023-03-16T20:59:51.072Z\", \"dateUpdated\": \"2025-02-26T15:02:24.639Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0564

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Oracle PeopleSoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	PeopleSoft	PeopleSoft versions 8.59 et 8.60

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2023 du 18 juillet 2023	None	vendor-advisory
Bulletin de sécurité Oracle cpujul2023verbose du 18 juillet 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PeopleSoft versions 8.59 et 8.60",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2023-22047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22047"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2023-22014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22014"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2022-23491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
    }
  ],
  "initial_release_date": "2023-07-19T00:00:00",
  "last_revision_date": "2023-07-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0564",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle PeopleSoft.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle PeopleSoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023 du 18 juillet 2023",
      "url": "https://www.oracle.com/security-alerts/cpujul2023.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023verbose du 18 juillet 2023",
      "url": "https://www.oracle.com/security-alerts/cpujul2023verbose.html#PS"
    }
  ]
}

CERTFR-2023-AVI-0705

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling	IBM Sterling Secure Proxy versions versions antérieures à 6.0.3 sans le correctif de sécurité iFix08
IBM	Sterling	IBM Sterling External Authentication Server versions antérieures à 6.0.3 sans le correctif de sécurité iFix 08
IBM	Sterling	IBM Sterling Secure Proxy versions versions antérieures à 6.1.0 sans le correctif de sécurité GA
IBM	QRadar User Behavior Analytics	IBM QRadar User Behavior Analytics versions antérieures à 4.1.13
IBM	Tivoli Monitoring	IBM Tivoli Monitoring versions 6.x.x antérieures à 6.3.0.7 Plus Service Pack 5
IBM	Cloud Pak	IBM Cognos Dashboards on Cloud Pak for Data versions 4.7.x antérieures à 4.7.2
IBM	Sterling	IBM Sterling External Authentication Server versions antérieures à 6.1.0 sans le correctif de sécurité iFix 04

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7029765 du 31 août 2023	None	vendor-advisory
Bulletin de sécurité IBM 7029766 du 31 août 2023	None	vendor-advisory
Bulletin de sécurité IBM 7027925 du 31 août 2023	None	vendor-advisory
Bulletin de sécurité IBM 7029732 du 31 août 2023	None	vendor-advisory
Bulletin de sécurité IBM 7029864 du 31 août 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Secure Proxy versions versions ant\u00e9rieures \u00e0 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix08",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 08",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Secure Proxy versions versions ant\u00e9rieures \u00e0 6.1.0 sans le correctif de s\u00e9curit\u00e9 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.13",
      "product": {
        "name": "QRadar User Behavior Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Tivoli Monitoring versions 6.x.x ant\u00e9rieures \u00e0 6.3.0.7 Plus Service Pack 5",
      "product": {
        "name": "Tivoli Monitoring",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Cognos Dashboards on Cloud Pak for Data versions 4.7.x ant\u00e9rieures \u00e0 4.7.2",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 04",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2022-32213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
    },
    {
      "name": "CVE-2023-32697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32697"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2020-28498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28498"
    },
    {
      "name": "CVE-2023-37920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2023-27554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27554"
    },
    {
      "name": "CVE-2023-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
    },
    {
      "name": "CVE-2021-23440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2020-13936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
    },
    {
      "name": "CVE-2023-26049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
    },
    {
      "name": "CVE-2023-32342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32342"
    },
    {
      "name": "CVE-2022-40149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
    },
    {
      "name": "CVE-2022-39161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39161"
    },
    {
      "name": "CVE-2021-43803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43803"
    },
    {
      "name": "CVE-2022-32222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32222"
    },
    {
      "name": "CVE-2023-24966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24966"
    },
    {
      "name": "CVE-2022-32212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
    },
    {
      "name": "CVE-2022-40150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
    },
    {
      "name": "CVE-2022-40609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
    },
    {
      "name": "CVE-2023-26920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26920"
    },
    {
      "name": "CVE-2021-33813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33813"
    },
    {
      "name": "CVE-2022-45693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
    },
    {
      "name": "CVE-2023-35890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35890"
    },
    {
      "name": "CVE-2022-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2022-32215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
    },
    {
      "name": "CVE-2021-3803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2023-29261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29261"
    },
    {
      "name": "CVE-2021-37699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37699"
    },
    {
      "name": "CVE-2023-34104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34104"
    },
    {
      "name": "CVE-2022-45685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
    },
    {
      "name": "CVE-2023-25690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2022-32214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
    },
    {
      "name": "CVE-2022-38900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2023-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22874"
    },
    {
      "name": "CVE-2023-26136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
    },
    {
      "name": "CVE-2023-26048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
    },
    {
      "name": "CVE-2023-32338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32338"
    },
    {
      "name": "CVE-2022-25858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
    }
  ],
  "initial_release_date": "2023-09-01T00:00:00",
  "last_revision_date": "2023-09-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0705",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7029765 du 31 ao\u00fbt 2023",
      "url": "https://www.ibm.com/support/pages/node/7029765"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7029766 du 31 ao\u00fbt 2023",
      "url": "https://www.ibm.com/support/pages/node/7029766"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7027925 du 31 ao\u00fbt 2023",
      "url": "https://www.ibm.com/support/pages/node/7027925"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7029732 du 31 ao\u00fbt 2023",
      "url": "https://www.ibm.com/support/pages/node/7029732"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7029864 du 31 ao\u00fbt 2023",
      "url": "https://www.ibm.com/support/pages/node/7029864"
    }
  ]
}

CERTFR-2023-AVI-0513

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, un déni de service, une injection de code indirecte à distance (XSS), une élévation de privilèges, un problème de sécurité non spécifié par l'éditeur, une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct File Agent versions 1.4.x antérieures à 1.4.0.2_iFix042
IBM	Sterling Connect:Direct	BM Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.17
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.x antérieures à 6.2.0.4_iFix039
IBM	QRadar SIEM	IBM QRadar SIEM version 7.5.x antérieures à 7.5.0 UP6
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.x antérieures à 6.1.0.2_iFix064
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.x antérieures à 6.0.0.4_iFix068
IBM	N/A	IBM Connect:Direct Web Services versions 6.1.x antérieures à 6.1.0.19
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct pour Microsoft Windows versions 6.3.x antérieures à 6.3.0.0_iFix007

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7010099 du 06 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7009987 du 06 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7009301 du 07 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7010095 du 06 juillet 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Connect:Direct File Agent versions 1.4.x ant\u00e9rieures \u00e0 1.4.0.2_iFix042",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "BM Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.17",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4_iFix039",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM version 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP6",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2_iFix064",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.x ant\u00e9rieures \u00e0 6.0.0.4_iFix068",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct pour Microsoft Windows versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.0_iFix007",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2021-3733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
    },
    {
      "name": "CVE-2023-28708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28708"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2021-23336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
    },
    {
      "name": "CVE-2023-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2022-23521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23521"
    },
    {
      "name": "CVE-2022-42703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
    },
    {
      "name": "CVE-2023-20861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20861"
    },
    {
      "name": "CVE-2022-41903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41903"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2022-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
    },
    {
      "name": "CVE-2020-26116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
    },
    {
      "name": "CVE-2022-43750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2022-40149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
    },
    {
      "name": "CVE-2021-43138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2015-0254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0254"
    },
    {
      "name": "CVE-2022-40150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
    },
    {
      "name": "CVE-2022-45693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2019-9740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
    },
    {
      "name": "CVE-2022-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
    },
    {
      "name": "CVE-2022-40151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2021-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2023-25194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
    },
    {
      "name": "CVE-2022-38023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
    },
    {
      "name": "CVE-2023-20863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
    },
    {
      "name": "CVE-2019-18348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18348"
    },
    {
      "name": "CVE-2022-45685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
    },
    {
      "name": "CVE-2023-20859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20859"
    },
    {
      "name": "CVE-2022-34917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34917"
    },
    {
      "name": "CVE-2023-20860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
    },
    {
      "name": "CVE-2016-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2021-28861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2015-20107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
    },
    {
      "name": "CVE-2023-1999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1999"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2019-8331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
    }
  ],
  "initial_release_date": "2023-07-07T00:00:00",
  "last_revision_date": "2023-07-07T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0513",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, un d\u00e9ni de service, une\ninjection de code indirecte \u00e0 distance (XSS), une \u00e9l\u00e9vation de\nprivil\u00e8ges, un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7010099 du 06 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7010099"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7009987 du 06 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7009987"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7009301 du 07 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7009301"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7010095 du 06 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7010095"
    }
  ]
}

CERTFR-2023-AVI-1055

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP7 IF03
IBM Sterling B2B Integrator versions 6.0.0.x antérieures à 6.0.3.9
IBM Sterling B2B Integrator versions 6.1.0.x antérieures à 6.1.0.8
IBM Sterling B2B Integrator versions 6.1.1.x antérieures à 6.1.1.4
IBM Sterling B2B Integrator versions 6.1.2.x antérieures à 6.1.2.3
IBM Sterling B2B Integrator versions 6.1.2.x antérieures à 6.2.0.0
IBM AIX version 7.3
IBM AIX version 7.2
IBM VIOS version 4.1
IBM VIOS version 3.1

Se référer aux bulletin de l'éditeur pour les versions des fichiers vulnérables (cf. section Documentation).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7099297 du 18 décembre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7101062 du 21 décembre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7099862 du 19 décembre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7099313 du 18 décembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eIBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF03\u003c/li\u003e \u003cli\u003eIBM Sterling B2B Integrator versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.3.9\u003c/li\u003e \u003cli\u003eIBM Sterling B2B Integrator versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.8\u003c/li\u003e \u003cli\u003eIBM Sterling B2B Integrator versions 6.1.1.x ant\u00e9rieures \u00e0 6.1.1.4\u003c/li\u003e \u003cli\u003eIBM Sterling B2B Integrator versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.3\u003c/li\u003e \u003cli\u003eIBM Sterling B2B Integrator versions 6.1.2.x ant\u00e9rieures \u00e0 6.2.0.0\u003c/li\u003e \u003cli\u003eIBM AIX version 7.3\u003c/li\u003e \u003cli\u003eIBM AIX version 7.2\u003c/li\u003e \u003cli\u003eIBM VIOS version 4.1\u003c/li\u003e \u003cli\u003eIBM VIOS version 3.1\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux bulletin de l\u0027\u00e9diteur pour les versions des fichiers vuln\u00e9rables (cf. section Documentation).\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-37920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
    },
    {
      "name": "CVE-2023-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-26049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
    },
    {
      "name": "CVE-2023-34040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34040"
    },
    {
      "name": "CVE-2022-40149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
    },
    {
      "name": "CVE-2023-42795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
    },
    {
      "name": "CVE-2022-40150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
    },
    {
      "name": "CVE-2023-36478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
    },
    {
      "name": "CVE-2023-45648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
    },
    {
      "name": "CVE-2023-40787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40787"
    },
    {
      "name": "CVE-2022-45693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
    },
    {
      "name": "CVE-2023-3341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2023-40167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
    },
    {
      "name": "CVE-2023-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
    },
    {
      "name": "CVE-2023-22049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
    },
    {
      "name": "CVE-2023-36479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
    },
    {
      "name": "CVE-2022-45685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
    },
    {
      "name": "CVE-2023-41835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41835"
    },
    {
      "name": "CVE-2023-46604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
    },
    {
      "name": "CVE-2023-35001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
    },
    {
      "name": "CVE-2023-41080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
    },
    {
      "name": "CVE-2023-46589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
    },
    {
      "name": "CVE-2023-47146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47146"
    },
    {
      "name": "CVE-2023-32233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
    }
  ],
  "initial_release_date": "2023-12-22T00:00:00",
  "last_revision_date": "2023-12-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-1055",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance,\u00a0un d\u00e9ni de\nservice \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7099297 du 18 d\u00e9cembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7099862"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7101062 du 21 d\u00e9cembre 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7099862 du 19 d\u00e9cembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7101062"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7099313 du 18 d\u00e9cembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7099313"
    }
  ]
}

CERTFR-2023-AVI-0567

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Oracle WebLogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	Weblogic	WebLogic versions 12.2.1.4.0 et 14.1.1.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2023verbose du 18 juillet 2023	None	vendor-advisory
Bulletin de sécurité Oracle cpujul2023 du 18 juillet 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "WebLogic versions 12.2.1.4.0 et 14.1.1.0.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2023-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
    },
    {
      "name": "CVE-2021-28168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28168"
    },
    {
      "name": "CVE-2023-22031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22031"
    },
    {
      "name": "CVE-2023-26119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26119"
    },
    {
      "name": "CVE-2022-24409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24409"
    },
    {
      "name": "CVE-2023-20863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
    },
    {
      "name": "CVE-2022-42890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2023-20860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20860"
    },
    {
      "name": "CVE-2023-22040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22040"
    }
  ],
  "initial_release_date": "2023-07-19T00:00:00",
  "last_revision_date": "2023-07-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0567",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle WebLogic.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle WebLogic",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023verbose du 18 juillet 2023",
      "url": "https://www.oracle.com/security-alerts/cpujul2023verbose.html#FMW"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023 du 18 juillet 2023",
      "url": "https://www.oracle.com/security-alerts/cpujul2023.html"
    }
  ]
}

CERTFR-2024-AVI-0324

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Solaris Cluster version 4 sans les derniers correctifs de sécurité
Oracle	N/A	Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de sécurité
Oracle	N/A	Oracle Solaris version 11 sans les derniers correctifs de sécurité
Oracle	N/A	Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2024verbose du 16 avril 2024	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2024 du 16 avril 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Solaris Cluster version 4 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Solaris version 11 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2022-45688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
    },
    {
      "name": "CVE-2021-36373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36373"
    },
    {
      "name": "CVE-2022-34381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34381"
    },
    {
      "name": "CVE-2024-21105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21105"
    },
    {
      "name": "CVE-2023-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
    },
    {
      "name": "CVE-2020-29508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29508"
    },
    {
      "name": "CVE-2021-36374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36374"
    },
    {
      "name": "CVE-2021-37533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
    },
    {
      "name": "CVE-2024-21059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21059"
    },
    {
      "name": "CVE-2020-35164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35164"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2023-20863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
    },
    {
      "name": "CVE-2022-42920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
    },
    {
      "name": "CVE-2022-42890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
    },
    {
      "name": "CVE-2024-21104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21104"
    },
    {
      "name": "CVE-2020-35166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35166"
    },
    {
      "name": "CVE-2020-35163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35163"
    },
    {
      "name": "CVE-2020-35168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35168"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-36033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
    },
    {
      "name": "CVE-2024-20999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20999"
    },
    {
      "name": "CVE-2022-24839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24839"
    },
    {
      "name": "CVE-2022-41704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
    },
    {
      "name": "CVE-2020-35167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35167"
    }
  ],
  "initial_release_date": "2024-04-18T00:00:00",
  "last_revision_date": "2024-04-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0324",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
      "url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
      "url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
    }
  ]
}

CERTFR-2025-AVI-0599

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	Database Server	Oracle Database Server versions versions 21.3 à 21.18
Oracle	Database Server	Oracle Database Server versions versions 23.4 à 23.8
Oracle	Database Server	Oracle Text versions 23.4 à 23.8
Oracle	Database Server	Oracle Text versions 19.3 à 19.27
Oracle	Database Server	JDBC versions 23.4 à 23.8
Oracle	Database Server	Oracle Database Server versions versions 19.3 à 19.27
Oracle	Database Server	Oracle Text versions 21.3 à 21.18

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle Database Server cpujul2025

2025-07-15

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Database Server versions versions 21.3 \u00e0 21.18",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Server versions versions 23.4 \u00e0 23.8",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Text versions 23.4 \u00e0 23.8",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Text versions 19.3 \u00e0 19.27",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "JDBC versions 23.4 \u00e0 23.8",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Server versions versions 19.3 \u00e0 19.27",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Text versions 21.3 \u00e0 21.18",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-50070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50070"
    },
    {
      "name": "CVE-2023-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
    },
    {
      "name": "CVE-2025-50069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50069"
    },
    {
      "name": "CVE-2025-30751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30751"
    },
    {
      "name": "CVE-2025-30750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30750"
    },
    {
      "name": "CVE-2025-50066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50066"
    },
    {
      "name": "CVE-2025-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
    }
  ],
  "initial_release_date": "2025-07-18T00:00:00",
  "last_revision_date": "2025-07-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0599",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database Server. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
  "vendor_advisories": [
    {
      "published_at": "2025-07-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Database Server cpujul2025",
      "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-1436 (GCVE-0-2023-1436)

Vulnerability from cvelistv5

CERTFR-2023-AVI-0564

Vulnerability from certfr_avis

Solution

CERTFR-2023-AVI-0705

Vulnerability from certfr_avis

Solution

CERTFR-2023-AVI-0513

Vulnerability from certfr_avis

Solution

CERTFR-2023-AVI-1055

Vulnerability from certfr_avis

Solution

CERTFR-2023-AVI-0567

Vulnerability from certfr_avis

Solution

CERTFR-2024-AVI-0324

Vulnerability from certfr_avis

Solution

CERTFR-2025-AVI-0599

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature