cvelistv5 - cve-2026-33228

CVE-2026-33228 (GCVE-0-2026-33228)

Vulnerability from cvelistv5

Published

2026-03-20 23:06

Modified

2026-03-24 17:57

Severity ?

8.9 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

CWE

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Summary

flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key "__proto__" returns Array.prototype via the inherited getter. This object is then treated as a legitimate parsed value and assigned as a property of the output object, effectively leaking a live reference to Array.prototype to the consumer. Any code that subsequently writes to that property will pollute the global prototype. This issue has been patched in version 3.4.2.

References

URL

Tags

	https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh	x_refsource_CONFIRM
	https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802	x_refsource_MISC
	https://github.com/WebReflection/flatted/releases/tag/v3.4.2	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	WebReflection	flatted	Version: < 3.4.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33228",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-24T17:35:34.197834Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-24T17:57:22.866Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "flatted",
          "vendor": "WebReflection",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.4.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key \"__proto__\" returns Array.prototype via the inherited getter. This object is then treated as a legitimate parsed value and assigned as a property of the output object, effectively leaking a live reference to Array.prototype to the consumer. Any code that subsequently writes to that property will pollute the global prototype. This issue has been patched in version 3.4.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-20T23:06:48.485Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh"
        },
        {
          "name": "https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802"
        },
        {
          "name": "https://github.com/WebReflection/flatted/releases/tag/v3.4.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/WebReflection/flatted/releases/tag/v3.4.2"
        }
      ],
      "source": {
        "advisory": "GHSA-rf6f-7fwh-wjgh",
        "discovery": "UNKNOWN"
      },
      "title": "flatted: Prototype Pollution via parse()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33228",
    "datePublished": "2026-03-20T23:06:48.485Z",
    "dateReserved": "2026-03-18T02:42:27.507Z",
    "dateUpdated": "2026-03-24T17:57:22.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33228\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-24T17:35:34.197834Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-24T17:57:13.490Z\"}}], \"cna\": {\"title\": \"flatted: Prototype Pollution via parse()\", \"source\": {\"advisory\": \"GHSA-rf6f-7fwh-wjgh\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"WebReflection\", \"product\": \"flatted\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.4.2\"}]}], \"references\": [{\"url\": \"https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh\", \"name\": \"https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\", \"name\": \"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/WebReflection/flatted/releases/tag/v3.4.2\", \"name\": \"https://github.com/WebReflection/flatted/releases/tag/v3.4.2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"flatted is a circular JSON parser. Prior to version 3.4.2, the parse() function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key \\\"__proto__\\\" returns Array.prototype via the inherited getter. This object is then treated as a legitimate parsed value and assigned as a property of the output object, effectively leaking a live reference to Array.prototype to the consumer. Any code that subsequently writes to that property will pollute the global prototype. This issue has been patched in version 3.4.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1321\", \"description\": \"CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-20T23:06:48.485Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-33228\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-24T17:57:22.866Z\", \"dateReserved\": \"2026-03-18T02:42:27.507Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-20T23:06:48.485Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0500

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	VMware	N/A	Tanzu Greenplum Platform Extension Framework versions antérieures à 8.0.0
	VMware	N/A	Tanzu Data Lake versions antérieures à 4.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 37405	2026-04-24	vendor-advisory
Bulletin de sécurité VMware 37404	2026-04-24	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 4.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2019-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2026-2229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
    },
    {
      "name": "CVE-2018-19362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
    },
    {
      "name": "CVE-2026-33871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
    },
    {
      "name": "CVE-2026-22737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
    },
    {
      "name": "CVE-2026-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3449"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2021-21409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
    },
    {
      "name": "CVE-2026-22036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2023-33201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2026-24098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24098"
    },
    {
      "name": "CVE-2018-14719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
    },
    {
      "name": "CVE-2026-24734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
    },
    {
      "name": "CVE-2021-0341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
    },
    {
      "name": "CVE-2025-66614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2025-56200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2026-1527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2026-41239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2022-37603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
    },
    {
      "name": "CVE-2023-34610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34610"
    },
    {
      "name": "CVE-2024-47561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2026-34486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
    },
    {
      "name": "CVE-2026-1525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
    },
    {
      "name": "CVE-2018-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2026-29145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2025-49128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2018-14718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
    },
    {
      "name": "CVE-2020-10650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
    },
    {
      "name": "CVE-2025-1647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2026-23745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
    },
    {
      "name": "CVE-2025-7962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2019-20444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
    },
    {
      "name": "CVE-2020-35490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2026-33870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2020-13949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
    },
    {
      "name": "CVE-2023-33202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
    },
    {
      "name": "CVE-2024-13009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
    },
    {
      "name": "CVE-2023-26115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
    },
    {
      "name": "CVE-2025-54550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54550"
    },
    {
      "name": "CVE-2025-54920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54920"
    },
    {
      "name": "CVE-2024-34447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2025-33042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
    },
    {
      "name": "CVE-2024-11831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2026-34500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34500"
    },
    {
      "name": "CVE-2025-9624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9624"
    },
    {
      "name": "CVE-2026-34043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34043"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2025-64718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2025-62718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
    },
    {
      "name": "CVE-2026-4800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
    },
    {
      "name": "CVE-2026-33671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
    },
    {
      "name": "CVE-2026-33532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
    },
    {
      "name": "CVE-2025-68470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
    },
    {
      "name": "CVE-2025-67721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
    },
    {
      "name": "CVE-2024-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2021-37137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
    },
    {
      "name": "CVE-2019-14439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
    },
    {
      "name": "CVE-2026-33750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
    },
    {
      "name": "CVE-2025-66236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66236"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2024-48910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
    },
    {
      "name": "CVE-2024-8184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
    },
    {
      "name": "CVE-2025-11143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
    },
    {
      "name": "CVE-2026-34480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2026-33228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
    },
    {
      "name": "CVE-2025-12758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
    },
    {
      "name": "CVE-2024-21538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2026-40175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
    },
    {
      "name": "CVE-2024-57083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57083"
    },
    {
      "name": "CVE-2022-38749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
    },
    {
      "name": "CVE-2024-23953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23953"
    },
    {
      "name": "CVE-2026-29074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
    },
    {
      "name": "CVE-2025-68161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2026-41240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
    },
    {
      "name": "CVE-2026-26960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2024-53382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
    },
    {
      "name": "CVE-2018-12022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2022-37601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
    },
    {
      "name": "CVE-2018-5968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2026-27903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
    },
    {
      "name": "CVE-2021-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
    },
    {
      "name": "CVE-2024-45801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2025-27821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27821"
    },
    {
      "name": "CVE-2022-41404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41404"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2026-22732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2025-55163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
    },
    {
      "name": "CVE-2026-34487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
    },
    {
      "name": "CVE-2025-27555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27555"
    },
    {
      "name": "CVE-2025-65995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-65995"
    },
    {
      "name": "CVE-2022-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2026-24842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2026-23950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2026-2950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2018-10237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
    },
    {
      "name": "CVE-2019-12814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
    },
    {
      "name": "CVE-2020-35491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2026-32280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
    },
    {
      "name": "CVE-2023-52428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
    },
    {
      "name": "CVE-2025-69873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2024-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
    },
    {
      "name": "CVE-2025-67735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2025-68458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68458"
    },
    {
      "name": "CVE-2021-22569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2026-29786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
    },
    {
      "name": "CVE-2025-26791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2026-25854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
    },
    {
      "name": "CVE-2021-22573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2026-2332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
    },
    {
      "name": "CVE-2025-58056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
    },
    {
      "name": "CVE-2026-1526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
    },
    {
      "name": "CVE-2019-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
    },
    {
      "name": "CVE-2024-47875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2026-33672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2023-42503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
    },
    {
      "name": "CVE-2024-56373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56373"
    },
    {
      "name": "CVE-2026-25639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2021-31684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2022-38751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2026-22735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
    },
    {
      "name": "CVE-2025-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2026-24733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
    },
    {
      "name": "CVE-2022-38900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
    },
    {
      "name": "CVE-2025-68157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68157"
    },
    {
      "name": "CVE-2017-15095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2025-8916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
    },
    {
      "name": "CVE-2025-8885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
    },
    {
      "name": "CVE-2025-41249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
    },
    {
      "name": "CVE-2022-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2018-11307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
    },
    {
      "name": "CVE-2026-26996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2025-68675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68675"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2017-17485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
    },
    {
      "name": "CVE-2026-34483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34483"
    },
    {
      "name": "CVE-2022-37599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
    },
    {
      "name": "CVE-2026-32141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
    },
    {
      "name": "CVE-2025-59419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2023-26136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
    },
    {
      "name": "CVE-2026-33816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2026-25219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25219"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2026-31802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
    },
    {
      "name": "CVE-2025-13465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
    },
    {
      "name": "CVE-2025-22227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
    },
    {
      "name": "CVE-2026-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
    },
    {
      "name": "CVE-2026-1225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2016-1000027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2019-20445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    },
    {
      "name": "CVE-2025-11226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "initial_release_date": "2026-04-27T00:00:00",
  "last_revision_date": "2026-04-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0500",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
  "vendor_advisories": [
    {
      "published_at": "2026-04-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37405",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405"
    },
    {
      "published_at": "2026-04-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37404",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404"
    }
  ]
}

CERTFR-2026-AVI-0523

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling Connect:Direct	Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x antérieures à 6.3.0.6_iFix048
IBM	WebSphere	WebSphere Application Server - Liberty versions 17.0.0.3 à 26.0.0.4 sans le dernier correctif de sécurité
IBM	Informix Dynamic Server	Informix Dynamic Server versions 15.0 sans le correctif de sécurité HQ 3.2.2
IBM	Informix Dynamic Server	Informix Dynamic Server versions 12.10.x sans le correctif de sécurité HQ 3.2.2
IBM	Informix Dynamic Server	Informix Dynamic Server versions 14.10 sans le correctif de sécurité HQ 3.2.2
IBM	Sterling Connect:Direct	Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x antérieures à 6.4.0.4_iFix019
IBM	Security QRadar Log Management AQL	greffon Security QRadar Log Management AQL versions 1.x antérieures à 1.1.5

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7270805	2026-04-27	vendor-advisory
Bulletin de sécurité IBM 7270827	2026-04-27	vendor-advisory
Bulletin de sécurité IBM 7270869	2026-04-27	vendor-advisory
Bulletin de sécurité IBM 7270820	2026-04-27	vendor-advisory
Bulletin de sécurité IBM 7270845	2026-04-27	vendor-advisory
Bulletin de sécurité IBM 7270868	2026-04-27	vendor-advisory
Bulletin de sécurité IBM 7270775	2026-04-27	vendor-advisory
Bulletin de sécurité IBM 7270692	2026-04-24	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sterling Connect:Direct for Microsoft Windows versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.6_iFix048",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server - Liberty versions 17.0.0.3 \u00e0 26.0.0.4 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Informix Dynamic Server versions 15.0 sans le correctif de s\u00e9curit\u00e9  HQ 3.2.2",
      "product": {
        "name": "Informix Dynamic Server",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Informix Dynamic Server versions 12.10.x sans le correctif de s\u00e9curit\u00e9  HQ 3.2.2",
      "product": {
        "name": "Informix Dynamic Server",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Informix Dynamic Server versions 14.10 sans le correctif de s\u00e9curit\u00e9  HQ 3.2.2",
      "product": {
        "name": "Informix Dynamic Server",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct for Microsoft Windows versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.4_iFix019",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "greffon Security QRadar Log Management AQL versions 1.x ant\u00e9rieures \u00e0 1.1.5",
      "product": {
        "name": "Security QRadar Log Management AQL",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-22737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
    },
    {
      "name": "CVE-2026-22610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22610"
    },
    {
      "name": "CVE-2026-33186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
    },
    {
      "name": "CVE-2026-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3621"
    },
    {
      "name": "CVE-2025-66412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66412"
    },
    {
      "name": "CVE-2025-66035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66035"
    },
    {
      "name": "CVE-2026-2391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2391"
    },
    {
      "name": "CVE-2025-15284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
    },
    {
      "name": "CVE-2026-22029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
    },
    {
      "name": "CVE-2026-24051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24051"
    },
    {
      "name": "CVE-2021-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
    },
    {
      "name": "CVE-2026-4800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
    },
    {
      "name": "CVE-2025-67030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67030"
    },
    {
      "name": "CVE-2026-0540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0540"
    },
    {
      "name": "CVE-2026-33532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
    },
    {
      "name": "CVE-2025-68470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
    },
    {
      "name": "CVE-2026-33228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
    },
    {
      "name": "CVE-2026-27970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27970"
    },
    {
      "name": "CVE-2026-2950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
    },
    {
      "name": "CVE-2024-29371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
    },
    {
      "name": "CVE-2025-15599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15599"
    },
    {
      "name": "CVE-2024-31033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31033"
    },
    {
      "name": "CVE-2026-26278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26278"
    },
    {
      "name": "CVE-2026-22735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
    },
    {
      "name": "CVE-2026-27601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27601"
    },
    {
      "name": "CVE-2026-32141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
    },
    {
      "name": "CVE-2025-13465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
    }
  ],
  "initial_release_date": "2026-04-30T00:00:00",
  "last_revision_date": "2026-04-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0523",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2026-04-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7270805",
      "url": "https://www.ibm.com/support/pages/node/7270805"
    },
    {
      "published_at": "2026-04-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7270827",
      "url": "https://www.ibm.com/support/pages/node/7270827"
    },
    {
      "published_at": "2026-04-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7270869",
      "url": "https://www.ibm.com/support/pages/node/7270869"
    },
    {
      "published_at": "2026-04-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7270820",
      "url": "https://www.ibm.com/support/pages/node/7270820"
    },
    {
      "published_at": "2026-04-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7270845",
      "url": "https://www.ibm.com/support/pages/node/7270845"
    },
    {
      "published_at": "2026-04-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7270868",
      "url": "https://www.ibm.com/support/pages/node/7270868"
    },
    {
      "published_at": "2026-04-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7270775",
      "url": "https://www.ibm.com/support/pages/node/7270775"
    },
    {
      "published_at": "2026-04-24",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7270692",
      "url": "https://www.ibm.com/support/pages/node/7270692"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2026-33228 (GCVE-0-2026-33228)

Vulnerability from cvelistv5

CERTFR-2026-AVI-0500

Vulnerability from certfr_avis

Solutions

CERTFR-2026-AVI-0523

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature