Vulnerability-Lookup

	Vendor	Product	Version
	SnakeYAML	SnakeYAML	Affected: 0 , ≤ 2.0 (custom)

GSD-2022-1471

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

Aliases

CVE-2022-1471

Aliases

CVE-2022-1471

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-1471",
    "description": "SnakeYaml\u0027s Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml\u0027s SafeConsturctor when parsing untrusted content to restrict deserialization.",
    "id": "GSD-2022-1471",
    "references": [
      "https://access.redhat.com/errata/RHSA-2022:9032",
      "https://access.redhat.com/errata/RHSA-2022:9058",
      "https://www.suse.com/security/cve/CVE-2022-1471.html",
      "https://access.redhat.com/errata/RHSA-2023:0697",
      "https://access.redhat.com/errata/RHSA-2023:0758",
      "https://access.redhat.com/errata/RHSA-2023:0777",
      "https://access.redhat.com/errata/RHSA-2023:1043",
      "https://access.redhat.com/errata/RHSA-2023:1044",
      "https://access.redhat.com/errata/RHSA-2023:1045",
      "https://access.redhat.com/errata/RHSA-2023:1047",
      "https://access.redhat.com/errata/RHSA-2023:1049",
      "https://access.redhat.com/errata/RHSA-2023:1006"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-1471"
      ],
      "details": "SnakeYaml\u0027s Constructor() class does not restrict types which can be instantiated during deserialization.\u00a0Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml\u0027s SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.\n",
      "id": "GSD-2022-1471",
      "modified": "2023-12-13T01:19:28.061688Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@google.com",
        "ID": "CVE-2022-1471",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SnakeYAML",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "0",
                          "version_value": "2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SnakeYAML"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SnakeYaml\u0027s Constructor() class does not restrict types which can be instantiated during deserialization.\u00a0Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml\u0027s SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "CWE-20 Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
            "refsource": "MISC",
            "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
          },
          {
            "name": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479",
            "refsource": "MISC",
            "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479"
          },
          {
            "name": "https://github.com/mbechler/marshalsec",
            "refsource": "MISC",
            "url": "https://github.com/mbechler/marshalsec"
          },
          {
            "name": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
            "refsource": "MISC",
            "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"
          },
          {
            "name": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc",
            "refsource": "MISC",
            "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20230818-0015/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20230818-0015/"
          },
          {
            "name": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2023/11/19/1",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2023/11/19/1"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,2.0)",
          "affected_versions": "All versions before 2.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-937"
          ],
          "date": "2023-08-18",
          "description": "SnakeYaml\u0027s Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml\u0027s SafeConsturctor when parsing untrusted content to restrict deserialization.",
          "fixed_versions": [
            "2.0"
          ],
          "identifier": "CVE-2022-1471",
          "identifiers": [
            "CVE-2022-1471",
            "GHSA-mjmj-j48q-9wg2"
          ],
          "not_impacted": "All versions starting from 2.0",
          "package_slug": "maven/org.yaml/snakeyaml",
          "pubdate": "2022-12-01",
          "solution": "Upgrade to version 2.0 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-1471",
            "https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes",
            "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
          ],
          "uuid": "c7c8d536-098d-480f-9bf9-00571537baaa"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:snakeyaml_project:snakeyaml:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2022-1471"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SnakeYaml\u0027s Constructor() class does not restrict types which can be instantiated during deserialization.\u00a0Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml\u0027s SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
            },
            {
              "name": "https://github.com/mbechler/marshalsec",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/mbechler/marshalsec"
            },
            {
              "name": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"
            },
            {
              "name": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479"
            },
            {
              "name": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc",
              "refsource": "MISC",
              "tags": [],
              "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20230818-0015/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20230818-0015/"
            },
            {
              "name": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2023/11/19/1",
              "refsource": "",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2023/11/19/1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-11-19T15:15Z",
      "publishedDate": "2022-12-01T11:15Z"
    }
  }
}

CERTFR-2023-AVI-0762

Vulnerability from certfr_avis - Published: 2023-09-19 - Updated: 2023-09-19

De multiples vulnérabilités ont été découvertes dans les produits ElasticSearch. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Elastic	Elasticsearch	ElasticSearch versions 7.x antérieures à 7.17.13
Elastic	Elasticsearch	Kibana version 8.10.0
Elastic	Elasticsearch	ElasticSearch versions 8.x antérieures à 8.9.1

References

Title

Publication Time

Tags

Bulletin de sécurité ElasticSearch 343287 du 18 septembre 2023	None	vendor-advisory
Bulletin de sécurité ElasticSearch 343297 du 18 septembre 2023	None	vendor-advisory
Bulletin de sécurité ElasticSearch 343297 du 18 septembre 2023	-	other
Bulletin de sécurité ElasticSearch 343287 du 18 septembre 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ElasticSearch versions 7.x ant\u00e9rieures \u00e0 7.17.13",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Kibana version 8.10.0",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "ElasticSearch versions 8.x ant\u00e9rieures \u00e0 8.9.1",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-31419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31419"
    },
    {
      "name": "CVE-2023-31422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31422"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    }
  ],
  "initial_release_date": "2023-09-19T00:00:00",
  "last_revision_date": "2023-09-19T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch\u00a0343297 du 18 septembre 2023",
      "url": "https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch\u00a0343287 du 18 septembre 2023",
      "url": "https://discuss.elastic.co/t/kibana-8-10-1-security-update/343287"
    }
  ],
  "reference": "CERTFR-2023-AVI-0762",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-09-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits ElasticSearch\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits ElasticSearch",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 343287 du 18 septembre 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 343297 du 18 septembre 2023",
      "url": null
    }
  ]
}

CERTFR-2024-AVI-0199

Vulnerability from certfr_avis - Published: 2024-03-08 - Updated: 2024-03-08

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	WebSphere	WebSphere Service Registry and Repository versions 8.5.x antérieures à WSRR V8.5.6.3_IJ40949_IJ45702_IJ48644_IJ48939_IJ48940
IBM	WebSphere	WebSphere Service Registry and Repository Studio versions 8.5.x sans le dernier correctif de sécurité V8.5.6.3_IJ50069
IBM	Cloud Pak	Cloud Pak for Security versions 1.10.x.x antérieures à 1.10.19.0
IBM	QRadar Suite Software	QRadar Suite Software versions 1.10.x.x antérieures à 1.10.19.0
IBM	Sterling	Sterling External Authentication Server versions antérieures à 6.0.3 sans le correctif de sécurité iFix 10
IBM	Sterling	Sterling External Authentication Server versions antérieures à 6.1.0 sans le correctif de sécurité iFix 06

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7130806 du 07 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7129989 du 06 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7129833 du 04 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7129327 du 01 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7129821 du 04 mars 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "WebSphere Service Registry and Repository versions 8.5.x ant\u00e9rieures \u00e0 WSRR V8.5.6.3_IJ40949_IJ45702_IJ48644_IJ48939_IJ48940",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Service Registry and Repository Studio versions 8.5.x sans le dernier correctif de s\u00e9curit\u00e9 V8.5.6.3_IJ50069",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.19.0",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.19.0",
      "product": {
        "name": "QRadar Suite Software",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 10",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 06",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1099"
    },
    {
      "name": "CVE-2023-45857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
    },
    {
      "name": "CVE-2024-24762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24762"
    },
    {
      "name": "CVE-2021-43816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2022-31030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2018-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
    },
    {
      "name": "CVE-2023-22067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
    },
    {
      "name": "CVE-2020-15106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15106"
    },
    {
      "name": "CVE-2022-38749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
    },
    {
      "name": "CVE-2021-32760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32760"
    },
    {
      "name": "CVE-2023-34478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34478"
    },
    {
      "name": "CVE-2023-36478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
    },
    {
      "name": "CVE-2023-25173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
    },
    {
      "name": "CVE-2023-25153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
    },
    {
      "name": "CVE-2023-33850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
    },
    {
      "name": "CVE-2023-40167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
    },
    {
      "name": "CVE-2023-41900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
    },
    {
      "name": "CVE-2023-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
    },
    {
      "name": "CVE-2023-22049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
    },
    {
      "name": "CVE-2023-36479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2021-21334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21334"
    },
    {
      "name": "CVE-2023-5676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2022-38751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2022-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
    },
    {
      "name": "CVE-2022-23471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
    },
    {
      "name": "CVE-2024-23829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2023-47248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47248"
    },
    {
      "name": "CVE-2018-16886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16886"
    },
    {
      "name": "CVE-2022-23648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
    },
    {
      "name": "CVE-2023-42282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
    },
    {
      "name": "CVE-2023-39325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2023-22602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22602"
    },
    {
      "name": "CVE-2021-41103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41103"
    },
    {
      "name": "CVE-2023-40743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40743"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    },
    {
      "name": "CVE-2017-16137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
    },
    {
      "name": "CVE-2024-23334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
    }
  ],
  "initial_release_date": "2024-03-08T00:00:00",
  "last_revision_date": "2024-03-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0199",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7130806 du 07 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7130806"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7129989 du 06 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7129989"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7129833 du 04 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7129833"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7129327 du 01 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7129327"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7129821 du 04 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7129821"
    }
  ]
}

CERTFR-2025-AVI-0214

Vulnerability from certfr_avis - Published: 2025-03-14 - Updated: 2025-03-14

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cloud Pak System	Cloud Pak System versions antérieures à v2.3.4.1 pour Intel
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.16
IBM	Sterling	Sterling B2B Integrator versions 6.2.x antérieures à 6.2.0.4
IBM	Cloud Pak System	Cloud Pak System versions antérieures à v2.3.5.0 pour Power
IBM	QRadar SIEM	QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 IF03
IBM	Sterling	Sterling B2B Integrator versions antérieures à 6.1.2.7

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7185937	2025-03-14	vendor-advisory
Bulletin de sécurité IBM 7185675	2025-03-13	vendor-advisory
Bulletin de sécurité IBM 7185257	2025-03-10	vendor-advisory
Bulletin de sécurité IBM 7185938	2025-03-14	vendor-advisory
Bulletin de sécurité IBM 7185353	2025-03-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.4.1 pour Intel",
      "product": {
        "name": "Cloud Pak System",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.5.0 pour Power",
      "product": {
        "name": "Cloud Pak System",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11 IF03",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.1.2.7",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
    },
    {
      "name": "CVE-2022-48564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2024-11187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2024-45638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45638"
    },
    {
      "name": "CVE-2023-46234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
    },
    {
      "name": "CVE-2021-32804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2023-36632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2023-32762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32762"
    },
    {
      "name": "CVE-2022-48565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2025-22150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
    },
    {
      "name": "CVE-2022-49043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
    },
    {
      "name": "CVE-2023-32763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32763"
    },
    {
      "name": "CVE-2022-24302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
    },
    {
      "name": "CVE-2025-1244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1244"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-45338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2022-48566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48566"
    },
    {
      "name": "CVE-2024-21634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
    },
    {
      "name": "CVE-2024-27306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2019-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
    },
    {
      "name": "CVE-2021-32803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
    },
    {
      "name": "CVE-2024-52798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
    },
    {
      "name": "CVE-2024-27268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2022-48560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
    },
    {
      "name": "CVE-2024-45643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45643"
    },
    {
      "name": "CVE-2023-32573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2022-35737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2022-38900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
    },
    {
      "name": "CVE-2024-53104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
    },
    {
      "name": "CVE-2023-24329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2025-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2024-0690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0690"
    },
    {
      "name": "CVE-2022-1365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1365"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2022-4742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4742"
    }
  ],
  "initial_release_date": "2025-03-14T00:00:00",
  "last_revision_date": "2025-03-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0214",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-03-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185937",
      "url": "https://www.ibm.com/support/pages/node/7185937"
    },
    {
      "published_at": "2025-03-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185675",
      "url": "https://www.ibm.com/support/pages/node/7185675"
    },
    {
      "published_at": "2025-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185257",
      "url": "https://www.ibm.com/support/pages/node/7185257"
    },
    {
      "published_at": "2025-03-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185938",
      "url": "https://www.ibm.com/support/pages/node/7185938"
    },
    {
      "published_at": "2025-03-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7185353",
      "url": "https://www.ibm.com/support/pages/node/7185353"
    }
  ]
}

CERTFR-2025-AVI-0760

Vulnerability from certfr_avis - Published: 2025-09-05 - Updated: 2025-09-05

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	User Entity Behavior Analytics pour IBM QRadar SIEM versions antérieures à 5.0.1
IBM	WebSphere	IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x antérieures à 9.0.0.2
IBM	Db2	Db2 on Cloud Pak for Data versions antérieures à v5.2.1
IBM	WebSphere	IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de sécurité APAR PH67137 et APAR PH67132
IBM	WebSphere	Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité
IBM	WebSphere	Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité
IBM	WebSphere	IBM Common Licensing pour Websphere Liberty ART versions 9.0.x antérieures à 9.0.0.2
IBM	WebSphere	Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité
IBM	WebSphere	Cloud Pak for Applications versions 5.1 à 5.3 pour WebSphere Application Server Liberty sans les correctifs de sécurité APAR PH67132 et APAR PH67137
IBM	WebSphere	Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité
IBM	WebSphere	WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalités jsonp sans le dernier correctif de sécurité
IBM	WebSphere	WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité APAR PH67137, APAR PH67132,
IBM	Db2	Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.2.1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7243927	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243923	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243924	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7244012	2025-09-04	vendor-advisory
Bulletin de sécurité IBM 7243659	2025-09-01	vendor-advisory
Bulletin de sécurité IBM 7244002	2025-09-04	vendor-advisory
Bulletin de sécurité IBM 7243582	2025-08-29	vendor-advisory
Bulletin de sécurité IBM 7243928	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243925	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7244010	2025-09-04	vendor-advisory
Bulletin de sécurité IBM 7243922	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243673	2025-09-01	vendor-advisory
Bulletin de sécurité IBM 7243877	2025-09-03	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "User Entity Behavior Analytics pour IBM QRadar SIEM versions ant\u00e9rieures \u00e0 5.0.1",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Common Licensing pour Websphere Liberty Agent versions  9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de s\u00e9curit\u00e9 APAR PH67137 et  APAR PH67132",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Test Management versions 7.0.2 et 7.0.3  pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty  versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Common Licensing pour Websphere Liberty ART versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty  versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak for Applications versions 5.1 \u00e0 5.3 pour WebSphere Application Server Liberty sans les correctifs de s\u00e9curit\u00e9 APAR PH67132 et APAR PH67137",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalit\u00e9s jsonp sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 APAR PH67137, APAR PH67132,",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-31129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
    },
    {
      "name": "CVE-2025-53547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2025-0755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
    },
    {
      "name": "CVE-2025-25724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2024-55565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
    },
    {
      "name": "CVE-2024-51473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
    },
    {
      "name": "CVE-2015-5237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
    },
    {
      "name": "CVE-2025-3445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
    },
    {
      "name": "CVE-2025-32386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
    },
    {
      "name": "CVE-2025-46762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
    },
    {
      "name": "CVE-2025-32421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
    },
    {
      "name": "CVE-2016-4055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4055"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2024-49766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
    },
    {
      "name": "CVE-2024-45492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2024-56326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
    },
    {
      "name": "CVE-2025-22004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2025-30472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
    },
    {
      "name": "CVE-2025-24528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
    },
    {
      "name": "CVE-2024-45813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
    },
    {
      "name": "CVE-2022-36364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
    },
    {
      "name": "CVE-2023-5868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
    },
    {
      "name": "CVE-2025-48050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2025-33092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
    },
    {
      "name": "CVE-2024-51479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
    },
    {
      "name": "CVE-2025-1647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
    },
    {
      "name": "CVE-2023-39417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2024-0406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
    },
    {
      "name": "CVE-2024-11831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2025-33143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
    },
    {
      "name": "CVE-2021-3393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3393"
    },
    {
      "name": "CVE-2025-2533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2533"
    },
    {
      "name": "CVE-2019-10202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
    },
    {
      "name": "CVE-2023-5870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2025-36097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
    },
    {
      "name": "CVE-2024-45490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
    },
    {
      "name": "CVE-2025-36010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36010"
    },
    {
      "name": "CVE-2025-36047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36047"
    },
    {
      "name": "CVE-2024-45491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2022-49846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
    },
    {
      "name": "CVE-2025-32462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2023-5869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
    },
    {
      "name": "CVE-2024-8184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
    },
    {
      "name": "CVE-2025-48068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
    },
    {
      "name": "CVE-2024-48949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2025-33114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33114"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-27152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
    },
    {
      "name": "CVE-2022-41862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2025-21966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
    },
    {
      "name": "CVE-2023-22467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
    },
    {
      "name": "CVE-2022-24823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-48948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2019-9193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9193"
    },
    {
      "name": "CVE-2018-5968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
    },
    {
      "name": "CVE-2024-6763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2024-56332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2025-37799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37799"
    },
    {
      "name": "CVE-2022-24785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
    },
    {
      "name": "CVE-2024-56201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2023-26133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
    },
    {
      "name": "CVE-2024-6484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
    },
    {
      "name": "CVE-2024-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
    },
    {
      "name": "CVE-2023-2454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
    },
    {
      "name": "CVE-2024-9823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
    },
    {
      "name": "CVE-2025-26791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
    },
    {
      "name": "CVE-2024-56339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
    },
    {
      "name": "CVE-2024-49767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
    },
    {
      "name": "CVE-2022-1552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1552"
    },
    {
      "name": "CVE-2024-49828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
    },
    {
      "name": "CVE-2024-55549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
    },
    {
      "name": "CVE-2025-29927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
    },
    {
      "name": "CVE-2025-32387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
    },
    {
      "name": "CVE-2024-43800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
    },
    {
      "name": "CVE-2024-50602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
    },
    {
      "name": "CVE-2017-18214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2023-2455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
    },
    {
      "name": "CVE-2025-24855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
    },
    {
      "name": "CVE-2025-5702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
    },
    {
      "name": "CVE-2025-36071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
    },
    {
      "name": "CVE-2025-37749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
    },
    {
      "name": "CVE-2024-0985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
    },
    {
      "name": "CVE-2017-15095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2024-6827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
    },
    {
      "name": "CVE-2023-52933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52933"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2024-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
    },
    {
      "name": "CVE-2022-2625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2625"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2017-17485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
    },
    {
      "name": "CVE-2024-6762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6762"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2024-52894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
    },
    {
      "name": "CVE-2025-21759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2025-21887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
    },
    {
      "name": "CVE-2025-6442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
    },
    {
      "name": "CVE-2024-12133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
    },
    {
      "name": "CVE-2024-51504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
    },
    {
      "name": "CVE-2022-41881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2025-21756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
    },
    {
      "name": "CVE-2018-1000873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000873"
    },
    {
      "name": "CVE-2023-32305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
    },
    {
      "name": "CVE-2025-47287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    },
    {
      "name": "CVE-2025-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    }
  ],
  "initial_release_date": "2025-09-05T00:00:00",
  "last_revision_date": "2025-09-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0760",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Injection SQL (SQLi)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243927",
      "url": "https://www.ibm.com/support/pages/node/7243927"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243923",
      "url": "https://www.ibm.com/support/pages/node/7243923"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243924",
      "url": "https://www.ibm.com/support/pages/node/7243924"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7244012",
      "url": "https://www.ibm.com/support/pages/node/7244012"
    },
    {
      "published_at": "2025-09-01",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243659",
      "url": "https://www.ibm.com/support/pages/node/7243659"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7244002",
      "url": "https://www.ibm.com/support/pages/node/7244002"
    },
    {
      "published_at": "2025-08-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243582",
      "url": "https://www.ibm.com/support/pages/node/7243582"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243928",
      "url": "https://www.ibm.com/support/pages/node/7243928"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243925",
      "url": "https://www.ibm.com/support/pages/node/7243925"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7244010",
      "url": "https://www.ibm.com/support/pages/node/7244010"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243922",
      "url": "https://www.ibm.com/support/pages/node/7243922"
    },
    {
      "published_at": "2025-09-01",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243673",
      "url": "https://www.ibm.com/support/pages/node/7243673"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243877",
      "url": "https://www.ibm.com/support/pages/node/7243877"
    }
  ]
}

CERTFR-2023-AVI-0325

Vulnerability from certfr_avis - Published: 2023-04-19 - Updated: 2023-04-20

De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Java SE	Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20
Oracle	Database Server	Oracle Database Server 19c, 21c
Oracle	N/A	Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1
Oracle	PeopleSoft	Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2
Oracle	Virtualization	Oracle Virtualization versions 6.1.x antérieures à 6.1.44
Oracle	MySQL	Oracle MySQL versions 8.0.33 et antérieures
Oracle	Systems	Oracle Systems versions 10, 11
Oracle	Virtualization	Oracle Virtualization versions 7.0.x antérieures à 7.0.8
Oracle	MySQL	Oracle MySQL versions 5.7.41 et antérieures
Oracle	Weblogic	Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2023 du 18 avril 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database Server 19c, 21c",
      "product": {
        "name": "Database Server",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Virtualization versions 6.1.x ant\u00e9rieures \u00e0 6.1.44",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL versions 8.0.33 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Systems versions 10, 11",
      "product": {
        "name": "Systems",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Virtualization versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL versions 5.7.41 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2023-21916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21916"
    },
    {
      "name": "CVE-2023-21985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21985"
    },
    {
      "name": "CVE-2023-21979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21979"
    },
    {
      "name": "CVE-2023-21986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21986"
    },
    {
      "name": "CVE-2020-14343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2023-21940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21940"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2023-21962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21962"
    },
    {
      "name": "CVE-2022-31160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2023-21917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21917"
    },
    {
      "name": "CVE-2023-21984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21984"
    },
    {
      "name": "CVE-2023-21956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21956"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-21945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21945"
    },
    {
      "name": "CVE-2022-42916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
    },
    {
      "name": "CVE-2023-21966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21966"
    },
    {
      "name": "CVE-2023-21947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21947"
    },
    {
      "name": "CVE-2023-22002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22002"
    },
    {
      "name": "CVE-2023-21981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21981"
    },
    {
      "name": "CVE-2023-21987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21987"
    },
    {
      "name": "CVE-2023-21977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21977"
    },
    {
      "name": "CVE-2023-21971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21971"
    },
    {
      "name": "CVE-2023-21999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21999"
    },
    {
      "name": "CVE-2023-21928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21928"
    },
    {
      "name": "CVE-2023-21972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21972"
    },
    {
      "name": "CVE-2023-21960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21960"
    },
    {
      "name": "CVE-2021-37533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
    },
    {
      "name": "CVE-2023-21990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21990"
    },
    {
      "name": "CVE-2023-22000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22000"
    },
    {
      "name": "CVE-2023-21913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21913"
    },
    {
      "name": "CVE-2023-23918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
    },
    {
      "name": "CVE-2021-36090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
    },
    {
      "name": "CVE-2023-21963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
    },
    {
      "name": "CVE-2023-21980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
    },
    {
      "name": "CVE-2020-6950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
    },
    {
      "name": "CVE-2023-21996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21996"
    },
    {
      "name": "CVE-2022-40152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
    },
    {
      "name": "CVE-2023-21953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21953"
    },
    {
      "name": "CVE-2023-21934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21934"
    },
    {
      "name": "CVE-2023-22003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22003"
    },
    {
      "name": "CVE-2023-21998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21998"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2023-21946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21946"
    },
    {
      "name": "CVE-2023-21933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21933"
    },
    {
      "name": "CVE-2023-21931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21931"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2022-45143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45143"
    },
    {
      "name": "CVE-2023-21896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21896"
    },
    {
      "name": "CVE-2022-43551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
    },
    {
      "name": "CVE-2023-21964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21964"
    },
    {
      "name": "CVE-2021-22569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
    },
    {
      "name": "CVE-2022-34169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
    },
    {
      "name": "CVE-2022-43548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
    },
    {
      "name": "CVE-2023-21920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21920"
    },
    {
      "name": "CVE-2022-45685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
    },
    {
      "name": "CVE-2023-21918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21918"
    },
    {
      "name": "CVE-2023-21992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21992"
    },
    {
      "name": "CVE-2023-21911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21911"
    },
    {
      "name": "CVE-2023-21976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21976"
    },
    {
      "name": "CVE-2021-31684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2023-21991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21991"
    },
    {
      "name": "CVE-2023-21989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21989"
    },
    {
      "name": "CVE-2023-21982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21982"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2023-21935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21935"
    },
    {
      "name": "CVE-2020-25638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25638"
    },
    {
      "name": "CVE-2023-21955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21955"
    },
    {
      "name": "CVE-2023-21988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21988"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2022-45047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
    },
    {
      "name": "CVE-2022-36033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
    },
    {
      "name": "CVE-2023-21912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
    },
    {
      "name": "CVE-2023-21929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21929"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2023-22001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22001"
    },
    {
      "name": "CVE-2022-41881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
    },
    {
      "name": "CVE-2023-21948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21948"
    },
    {
      "name": "CVE-2023-21919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21919"
    }
  ],
  "initial_release_date": "2023-04-19T00:00:00",
  "last_revision_date": "2023-04-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0325",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-04-19T00:00:00.000000"
    },
    {
      "description": "Correction coquilles.",
      "revision_date": "2023-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2023 du 18 avril 2023",
      "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
    }
  ]
}

CERTFR-2024-AVI-0180

Vulnerability from certfr_avis - Published: 2024-03-01 - Updated: 2024-03-01

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.4 Fix Pack 3
IBM	Cognos Analytics	Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 8
IBM	AIX	AIX versions 7.2 et 7.3 sans le dernier correctif de sécurité OpenSSH
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.2
IBM	WebSphere	Websphere Liberty versions antérieures à 23.0.0.12
IBM	VIOS	VIOS versions 3.1 et 4.1 sans le dernier correctif de sécurité OpenSSH
IBM	Cloud Pak	Cognos Dashboards on Cloud Pak for Data versions antérieures à 4.8.3
IBM	N/A	Cognos Command Center versions antérieures à 10.2.5 IF1
IBM	Cognos Transformer	Cognos Transformer versions antérieures à 11.1.7 Fix Pack 8

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7112541 du 23 février 2024	None	vendor-advisory
Bulletin de sécurité IBM 7125640 du 28 février 2024	None	vendor-advisory
Bulletin de sécurité IBM 7124466 du 28 février 2024	None	vendor-advisory
Bulletin de sécurité IBM 7112504 du 28 février 2024	None	vendor-advisory
Bulletin de sécurité IBM 7125461 du 28 février 2024	None	vendor-advisory
Bulletin de sécurité IBM 7123154 du 23 février 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 Fix Pack 3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 7.2 et 7.3 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.2",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Websphere Liberty versions ant\u00e9rieures \u00e0 23.0.0.12",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS versions 3.1 et 4.1 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Dashboards on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.3",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Command Center versions ant\u00e9rieures \u00e0 10.2.5 IF1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Transformer versions ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
      "product": {
        "name": "Cognos Transformer",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2021-44906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
    },
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2022-21426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
    },
    {
      "name": "CVE-2021-35586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2023-45857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
    },
    {
      "name": "CVE-2021-35550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
    },
    {
      "name": "CVE-2023-51385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
    },
    {
      "name": "CVE-2023-46234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
    },
    {
      "name": "CVE-2023-38359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38359"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2022-21299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
    },
    {
      "name": "CVE-2023-50324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50324"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-45133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
    },
    {
      "name": "CVE-2020-28458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28458"
    },
    {
      "name": "CVE-2023-26115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2023-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2021-4160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
    },
    {
      "name": "CVE-2021-35559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2021-43138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2021-35565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
    },
    {
      "name": "CVE-2023-30589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30589"
    },
    {
      "name": "CVE-2021-23445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
    },
    {
      "name": "CVE-2021-35603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
    },
    {
      "name": "CVE-2022-46364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
    },
    {
      "name": "CVE-2021-3711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2021-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
    },
    {
      "name": "CVE-2022-40609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
    },
    {
      "name": "CVE-2023-32344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32344"
    },
    {
      "name": "CVE-2023-43051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43051"
    },
    {
      "name": "CVE-2023-36478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
    },
    {
      "name": "CVE-2019-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2021-35588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
    },
    {
      "name": "CVE-2021-23839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
    },
    {
      "name": "CVE-2023-30588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30588"
    },
    {
      "name": "CVE-2012-5784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5784"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2021-41035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41035"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2018-8032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8032"
    },
    {
      "name": "CVE-2022-21434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2022-34169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
    },
    {
      "name": "CVE-2023-22049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2021-35578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
    },
    {
      "name": "CVE-2021-28167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28167"
    },
    {
      "name": "CVE-2023-5676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
    },
    {
      "name": "CVE-2022-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
    },
    {
      "name": "CVE-2021-31684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
    },
    {
      "name": "CVE-2023-46604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
    },
    {
      "name": "CVE-2010-2084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2084"
    },
    {
      "name": "CVE-2019-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0227"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2022-34357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34357"
    },
    {
      "name": "CVE-2021-35564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
    },
    {
      "name": "CVE-2021-23840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
    },
    {
      "name": "CVE-2023-46158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
    },
    {
      "name": "CVE-2014-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3596"
    },
    {
      "name": "CVE-2022-21496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
    },
    {
      "name": "CVE-2021-35556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2023-26136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
    },
    {
      "name": "CVE-2022-21443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
    },
    {
      "name": "CVE-2021-23841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
    },
    {
      "name": "CVE-2021-35560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
    },
    {
      "name": "CVE-2023-51384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
    },
    {
      "name": "CVE-2022-34165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
    },
    {
      "name": "CVE-2023-30996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30996"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    }
  ],
  "initial_release_date": "2024-03-01T00:00:00",
  "last_revision_date": "2024-03-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0180",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7112541 du 23 f\u00e9vrier 2024",
      "url": "https://www.ibm.com/support/pages/node/7112541"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7125640 du 28 f\u00e9vrier 2024",
      "url": "https://www.ibm.com/support/pages/node/7125640"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7124466 du 28 f\u00e9vrier 2024",
      "url": "https://www.ibm.com/support/pages/node/7124466"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7112504 du 28 f\u00e9vrier 2024",
      "url": "https://www.ibm.com/support/pages/node/7112504"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7125461 du 28 f\u00e9vrier 2024",
      "url": "https://www.ibm.com/support/pages/node/7125461"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7123154 du 23 f\u00e9vrier 2024",
      "url": "https://www.ibm.com/support/pages/node/7123154"
    }
  ]
}

CERTFR-2023-AVI-1017

Vulnerability from certfr_avis - Published: 2023-12-13 - Updated: 2023-12-13

De multiples vulnérabilités ont été découvertes dans les produits ElasticSearch. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Elastic	Elasticsearch	ElasticSearch versions 8.x.x antérieures à 8.11.2
Elastic	Elasticsearch	Elastic Agent versions 7.x.x antérieures à 7.17.16
Elastic	Elasticsearch	Beats versions 7.x.x antérieures à 7.17.16
Elastic	Elasticsearch	Enterprise Search versions 7.x.x antérieures à 7.17.16
Elastic	Elasticsearch	Elastic Agent versions 8.x.x antérieures à 8.11.3
Elastic	Elasticsearch	Beats versions 8.x.x antérieures à 8.11.3
Elastic	Elasticsearch	ElasticSearch versions 7.x.x antérieures à 7.17.16
Elastic	Elasticsearch	Kibana versions 8.x.x antérieures à 8.11.2
Elastic	Elasticsearch	Kibana versions 7.x.x antérieures à 7.17.16
Elastic	Elasticsearch	Enterprise Search versions 8.x.x antérieures à 8.11.2

References

Title

Publication Time

Tags

Bulletin de sécurité ElasticSearch 349180 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité ElasticSearch 349182 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité ElasticSearch 349181 du 12 décembre 2023	None	vendor-advisory
Bulletin de sécurité ElasticSearch 349179 du 12 décembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ElasticSearch versions 8.x.x ant\u00e9rieures \u00e0 8.11.2",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Agent versions 7.x.x ant\u00e9rieures \u00e0 7.17.16",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Beats versions 7.x.x ant\u00e9rieures \u00e0 7.17.16",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Enterprise Search versions 7.x.x ant\u00e9rieures \u00e0 7.17.16",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Agent versions 8.x.x ant\u00e9rieures \u00e0 8.11.3",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Beats versions 8.x.x ant\u00e9rieures \u00e0 8.11.3",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "ElasticSearch versions 7.x.x ant\u00e9rieures \u00e0 7.17.16",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Kibana versions 8.x.x ant\u00e9rieures \u00e0 8.11.2",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Kibana versions 7.x.x ant\u00e9rieures \u00e0 7.17.16",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Enterprise Search versions 8.x.x ant\u00e9rieures \u00e0 8.11.2",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-49923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49923"
    },
    {
      "name": "CVE-2023-6687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6687"
    },
    {
      "name": "CVE-2023-46675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46675"
    },
    {
      "name": "CVE-2023-49922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49922"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2023-49921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49921"
    }
  ],
  "initial_release_date": "2023-12-13T00:00:00",
  "last_revision_date": "2023-12-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-1017",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits ElasticSearch\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits ElasticSearch",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 349180 du 12 d\u00e9cembre 2023",
      "url": "https://discuss.elastic.co/t/beats-and-elastic-agent-8-11-3-7-17-16-security-update-esa-2023-30/349180"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 349182 du 12 d\u00e9cembre 2023",
      "url": "https://discuss.elastic.co/t/kibana-8-11-2-7-17-16-security-update-esa-2023-27/349182"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 349181 du 12 d\u00e9cembre 2023",
      "url": "https://discuss.elastic.co/t/enterprise-search-8-11-2-7-17-16-security-update-esa-2023-31/349181"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 349179 du 12 d\u00e9cembre 2023",
      "url": "https://discuss.elastic.co/t/elasticsearch-8-11-2-7-17-16-security-update-esa-2023-29/349179"
    }
  ]
}

CERTFR-2023-AVI-0504

Vulnerability from certfr_avis - Published: 2023-06-30 - Updated: 2023-06-30

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Spectrum	IBM Spectrum Protect Backup-Archive Client versions 8.1.x antérieures à 8.1.19.0
IBM	Db2	Db2 Graph versions 1.0.0.592 à 1.0.0.1690 sans le dernier correctif de sécurité
IBM	N/A	IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions antérieures à 4.7

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7008449 du 29 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 6998815 du 28 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 7005519 du 26 juin 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Protect Backup-Archive Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.19.0",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Graph versions 1.0.0.592 \u00e0 1.0.0.1690 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-43927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43927"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2022-33980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33980"
    },
    {
      "name": "CVE-2023-27555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27555"
    },
    {
      "name": "CVE-2023-25165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25165"
    },
    {
      "name": "CVE-2022-41725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
    },
    {
      "name": "CVE-2023-23936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
    },
    {
      "name": "CVE-2019-18634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
    },
    {
      "name": "CVE-2023-24807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
    },
    {
      "name": "CVE-2023-28956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28956"
    },
    {
      "name": "CVE-2023-29257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29257"
    },
    {
      "name": "CVE-2019-19232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19232"
    },
    {
      "name": "CVE-2023-26021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26021"
    },
    {
      "name": "CVE-2022-37865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37865"
    },
    {
      "name": "CVE-2023-23920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
    },
    {
      "name": "CVE-2022-41716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
    },
    {
      "name": "CVE-2019-10743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10743"
    },
    {
      "name": "CVE-2022-38749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
    },
    {
      "name": "CVE-2023-23918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
    },
    {
      "name": "CVE-2022-37866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37866"
    },
    {
      "name": "CVE-2020-8244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8244"
    },
    {
      "name": "CVE-2022-42889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
    },
    {
      "name": "CVE-2023-24539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
    },
    {
      "name": "CVE-2014-3577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
    },
    {
      "name": "CVE-2022-41915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41915"
    },
    {
      "name": "CVE-2023-24532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
    },
    {
      "name": "CVE-2021-3156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2022-41721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
    },
    {
      "name": "CVE-2023-29400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
    },
    {
      "name": "CVE-2022-25881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
    },
    {
      "name": "CVE-2022-43548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
    },
    {
      "name": "CVE-2023-25930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25930"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2022-41724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
    },
    {
      "name": "CVE-2023-23919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
    },
    {
      "name": "CVE-2023-29255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29255"
    },
    {
      "name": "CVE-2023-24540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2022-38751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
    },
    {
      "name": "CVE-2023-24537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2022-43930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43930"
    },
    {
      "name": "CVE-2022-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
    },
    {
      "name": "CVE-2023-27559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27559"
    },
    {
      "name": "CVE-2022-43929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43929"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-41723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2019-19234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19234"
    },
    {
      "name": "CVE-2023-26022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26022"
    },
    {
      "name": "CVE-2022-41881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
    }
  ],
  "initial_release_date": "2023-06-30T00:00:00",
  "last_revision_date": "2023-06-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0504",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7008449 du 29 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7008449"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6998815 du 28 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/6998815"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7005519 du 26 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7005519"
    }
  ]
}

CERTFR-2023-AVI-0444

Vulnerability from certfr_avis - Published: 2023-06-08 - Updated: 2023-06-08

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling	IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.2.x antérieures à 6.2.2.1
IBM	MaaS360	IBM MaaS360 Cloud Extender Base Module versions antérieures à 3.000.100.069
IBM	Sterling	IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.0.x antérieures à 6.2.0.6
IBM	MaaS360	IBM MaaS360 PKI Certificate Module versions antérieures à 3.000.100
IBM	Sterling	IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.1.x antérieures à 6.2.1.3
IBM	Sterling	IBM Sterling Partner Engagement Manager Standard Edition versions 6.1.2.x antérieures à 6.1.2.8
IBM	Sterling	IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.0.x antérieures à 6.2.0.6
IBM	MaaS360	IBM MaaS360 VPN versions antérieures à 3.000.100
IBM	Sterling	IBM Sterling Partner Engagement Manager Essentials Edition versions 6.1.2.x antérieures à 6.1.2.8
IBM	QRadar User Behavior Analytics	IBM QRadar User Behavior Analytics versions 1.x à 4.1.x antérieures à 4.1.12
IBM	MaaS360	IBM MaaS360 Configuration Utility versions antérieures à 3.000.100
IBM	QRadar Deployment Intelligence App	IBM QRadar Deployment Intelligence App versions 2.x à 3.0.x antérieures à 3.0.10
IBM	MaaS360	IBM MaaS360 Mobile Enterprise Gateway versions antérieures à 3.000.100
IBM	Sterling	IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.2.x antérieures à 6.2.2.1
IBM	MaaS360	IBM MaaS360 Cloud Extender Agent versions antérieures à 3.000.100.069
IBM	Sterling	IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.1.x antérieures à 6.2.1.3

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7001723 du 06 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 7001639 du 06 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 7001571 du 06 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 7001689 du 06 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 7001643 du 06 juin 2023	None	vendor-advisory
Bulletin de sécurité IBM 7001815 du 07 juin 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 Cloud Extender Base Module versions ant\u00e9rieures \u00e0 3.000.100.069",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 PKI Certificate Module versions ant\u00e9rieures \u00e0 3.000.100",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.3",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.8",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 VPN versions ant\u00e9rieures \u00e0 3.000.100",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.8",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar User Behavior Analytics versions 1.x \u00e0 4.1.x ant\u00e9rieures \u00e0 4.1.12",
      "product": {
        "name": "QRadar User Behavior Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 Configuration Utility versions ant\u00e9rieures \u00e0 3.000.100",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Deployment Intelligence App versions 2.x \u00e0 3.0.x ant\u00e9rieures \u00e0 3.0.10",
      "product": {
        "name": "QRadar Deployment Intelligence App",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 Mobile Enterprise Gateway versions ant\u00e9rieures \u00e0 3.000.100",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Standard Edition versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM MaaS360 Cloud Extender Agent versions ant\u00e9rieures \u00e0 3.000.100.069",
      "product": {
        "name": "MaaS360",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Partner Engagement Manager Essentials Edition versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.3",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2023-27555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27555"
    },
    {
      "name": "CVE-2021-23440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
    },
    {
      "name": "CVE-2022-31160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2023-29257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29257"
    },
    {
      "name": "CVE-2023-26021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26021"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2021-37533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
    },
    {
      "name": "CVE-2023-27535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
    },
    {
      "name": "CVE-2022-40152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
    },
    {
      "name": "CVE-2022-24785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2022-41915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41915"
    },
    {
      "name": "CVE-2023-27534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
    },
    {
      "name": "CVE-2023-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2023-27533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
    },
    {
      "name": "CVE-2022-25881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
    },
    {
      "name": "CVE-2023-27538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
    },
    {
      "name": "CVE-2023-25930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25930"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2023-29255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29255"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2023-27559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27559"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2023-26022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26022"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2023-27537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
    },
    {
      "name": "CVE-2022-41881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
    },
    {
      "name": "CVE-2022-25168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
    },
    {
      "name": "CVE-2023-23916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
    }
  ],
  "initial_release_date": "2023-06-08T00:00:00",
  "last_revision_date": "2023-06-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0444",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7001723 du 06 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7001723"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7001639 du 06 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7001639"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7001571 du 06 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7001571"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7001689 du 06 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7001689"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7001643 du 06 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7001643"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7001815 du 07 juin 2023",
      "url": "https://www.ibm.com/support/pages/node/7001815"
    }
  ]
}

CERTFR-2023-AVI-0564

Vulnerability from certfr_avis - Published: 2023-07-19 - Updated: 2023-07-19

De multiples vulnérabilités ont été découvertes dans Oracle PeopleSoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	PeopleSoft	PeopleSoft versions 8.59 et 8.60

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2023 du 18 juillet 2023	None	vendor-advisory
Bulletin de sécurité Oracle cpujul2023verbose du 18 juillet 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PeopleSoft versions 8.59 et 8.60",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-1436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2023-22047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22047"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2023-22014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22014"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2022-23491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
    }
  ],
  "initial_release_date": "2023-07-19T00:00:00",
  "last_revision_date": "2023-07-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0564",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle PeopleSoft.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle PeopleSoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023 du 18 juillet 2023",
      "url": "https://www.oracle.com/security-alerts/cpujul2023.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023verbose du 18 juillet 2023",
      "url": "https://www.oracle.com/security-alerts/cpujul2023verbose.html#PS"
    }
  ]
}

CERTFR-2023-AVI-0820

Vulnerability from certfr_avis - Published: 2023-10-11 - Updated: 2023-10-11

De multiples vulnérabilités ont été découvertes dans les produits ElasticSearch. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Elastic	Elasticsearch	ElasticSearch Fleet Server versions 8.10.x antérieures à 8.10.3
Elastic	Elasticsearch	ElasticSearch Kibana versions 8.x.x antérieures à 8.10.3
Elastic	Elasticsearch	Elastic Sharepoint Online Python Connector versions antérieures à 8.10.3.0
Elastic	Elasticsearch	ElasticSearch Kibana versions 7.x.x antérieures à 7.17.14

References

Title

Publication Time

Tags

Bulletin de sécurité ElasticSearch 344737 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité ElasticSearch 344735 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité ElasticSearch 344732 du 10 octobre 2023	None	vendor-advisory
Bulletin de sécurité ElasticSearch 344737 du 10 octobre 2023	-	other
Bulletin de sécurité ElasticSearch 344735 du 10 octobre 2023	-	other
Bulletin de sécurité ElasticSearch 344732 du 10 octobre 2023	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ElasticSearch Fleet Server versions 8.10.x ant\u00e9rieures \u00e0 8.10.3",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "ElasticSearch Kibana versions 8.x.x ant\u00e9rieures \u00e0 8.10.3",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Sharepoint Online Python Connector versions ant\u00e9rieures \u00e0 8.10.3.0",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    },
    {
      "description": "ElasticSearch Kibana versions 7.x.x ant\u00e9rieures \u00e0 7.17.14",
      "product": {
        "name": "Elasticsearch",
        "vendor": {
          "name": "Elastic",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-5129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5129"
    },
    {
      "name": "CVE-2023-5217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5217"
    },
    {
      "name": "CVE-2023-4863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    }
  ],
  "initial_release_date": "2023-10-11T00:00:00",
  "last_revision_date": "2023-10-11T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch\u00a0344737 du 10 octobre 2023",
      "url": "https://discuss.elastic.co/t/fleet-server-v8-10-3-security-update/344737"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch\u00a0344735 du 10 octobre 2023",
      "url": "https://discuss.elastic.co/t/kibana-8-10-3-7-17-14-security-update/344735"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch\u00a0344732 du 10 octobre 2023",
      "url": "https://discuss.elastic.co/t/elastic-sharepoint-online-python-connector-v8-10-3-0-security-update/344732"
    }
  ],
  "reference": "CERTFR-2023-AVI-0820",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits ElasticSearch\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\nex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits ElasticSearch",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 344737 du 10 octobre 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 344735 du 10 octobre 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ElasticSearch 344732 du 10 octobre 2023",
      "url": null
    }
  ]
}

CERTFR-2025-AVI-0861

Vulnerability from certfr_avis - Published: 2025-10-10 - Updated: 2025-10-10

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.4.x antérieures à 6.4.0.4
IBM	Db2	DB2 Data Management Console on CPD versions 4.8.8 et 5.x antérieures à CPD 5.2.0
IBM	Db2	DB2 Data Management Console versions antérieures à 3.1.13.1
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.15
IBM	N/A	Db2 Intelligence Center versions 1.1.x antérieures à 1.1.2.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7247430	2025-10-08	vendor-advisory
Bulletin de sécurité IBM 7247086	2025-10-03	vendor-advisory
Bulletin de sécurité IBM 7247188	2025-10-06	vendor-advisory
Bulletin de sécurité IBM 7247285	2025-10-07	vendor-advisory
Bulletin de sécurité IBM 7247283	2025-10-07	vendor-advisory
Bulletin de sécurité IBM 7247431	2025-10-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sterling Connect:Direct Web Services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.4",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DB2 Data Management Console on CPD versions 4.8.8 et 5.x ant\u00e9rieures \u00e0 CPD 5.2.0",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13.1",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.15",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Intelligence Center versions 1.1.x ant\u00e9rieures \u00e0 1.1.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2022-41725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
    },
    {
      "name": "CVE-2024-22243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2025-41248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
    },
    {
      "name": "CVE-2025-57810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
    },
    {
      "name": "CVE-2020-8565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8565"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2019-11250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11250"
    },
    {
      "name": "CVE-2023-24532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
    },
    {
      "name": "CVE-2022-41724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2025-41249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2024-22259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
    },
    {
      "name": "CVE-2022-41723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2025-58754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
    }
  ],
  "initial_release_date": "2025-10-10T00:00:00",
  "last_revision_date": "2025-10-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0861",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7247430",
      "url": "https://www.ibm.com/support/pages/node/7247430"
    },
    {
      "published_at": "2025-10-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7247086",
      "url": "https://www.ibm.com/support/pages/node/7247086"
    },
    {
      "published_at": "2025-10-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7247188",
      "url": "https://www.ibm.com/support/pages/node/7247188"
    },
    {
      "published_at": "2025-10-07",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7247285",
      "url": "https://www.ibm.com/support/pages/node/7247285"
    },
    {
      "published_at": "2025-10-07",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7247283",
      "url": "https://www.ibm.com/support/pages/node/7247283"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7247431",
      "url": "https://www.ibm.com/support/pages/node/7247431"
    }
  ]
}

CERTFR-2023-AVI-1038

Vulnerability from certfr_avis - Published: 2023-12-15 - Updated: 2023-12-15

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une élévation de privilèges et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	AIX	IBM AIX versions 7.3 sans le dernier correctif
IBM	AIX	IBM AIX versions 7.2 sans le dernier correctif
IBM	Db2	IBM Db2 versions 11.1.4.x et 11.5.x sans les derniers correctifs de sécurité temporaires (les sorties des versions correctives seront annoncées ultérieurement)
IBM	VIOS	IBM VIOS versions 3.1 sans le dernier correctif

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7095022 du 11 décembre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7095807 du 12 décembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM AIX versions 7.3 sans le dernier correctif",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM AIX versions 7.2 sans le dernier correctif",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.1.4.x et 11.5.x sans les derniers correctifs de s\u00e9curit\u00e9 temporaires (les sorties des versions correctives seront annonc\u00e9es ult\u00e9rieurement)",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM VIOS versions 3.1 sans le dernier correctif",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-38749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
    },
    {
      "name": "CVE-2023-45170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45170"
    },
    {
      "name": "CVE-2023-45174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45174"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2023-45166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45166"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2022-38751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2022-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    }
  ],
  "initial_release_date": "2023-12-15T00:00:00",
  "last_revision_date": "2023-12-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-1038",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune \u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7095022 du 11 d\u00e9cembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7095022"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7095807 du 12 d\u00e9cembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7095807"
    }
  ]
}

CERTFR-2023-AVI-0574

Vulnerability from certfr_avis - Published: 2023-07-21 - Updated: 2023-07-21

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	IBM QRadar SIEM version 7.5.0 sans le correctif de sécurité 7.5.0-QRADAR-PROTOCOL-MQJMS-7.5-20230327175444
IBM	Sterling Control Center	IBM Sterling Control Center versions 6.1.3.x antérieures à 6.1.3.0 iFix18
IBM	Cognos Analytics	IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 7
IBM	Cognos Analytics	IBM Cognos Analytics versions 11.2.x antérieures à 11.2.4 Fix Pack 2
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct Browser User Interface versions 1.4.1.1 à 1.5.0.2.x antérieures à 1.5.0.2.iFix36
IBM	Db2	IBM Db2 Web Query for i versions 2.3.0 et 2.4.0 sans le correctif de sécurité
IBM	N/A	AIX versions 7.2. et 7.3 et VIOS version 3.1 avec un fichier bind.rte versions 7.1.916.0 à 7.1.916.2601 sans le dernier correctif de sécurité
IBM	QRadar SIEM	IBM QRadar SIEM version 7.4.0 sans le correctif de sécurité 7.4.0-QRADAR-PROTOCOL-MQJMS-7.4-20230327175451

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7013143 du 19 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7011771 du 13 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7013297 du 19 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7012711 du 18 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7012621 du 19 juillet 2023	None	vendor-advisory
Bulletin de sécurité IBM 7012395 du 17 juillet 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar SIEM version 7.5.0 sans le correctif de s\u00e9curit\u00e9 7.5.0-QRADAR-PROTOCOL-MQJMS-7.5-20230327175444",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Control Center versions 6.1.3.x ant\u00e9rieures \u00e0 6.1.3.0 iFix18",
      "product": {
        "name": "Sterling Control Center",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 7",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 Fix Pack 2",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct Browser User Interface versions 1.4.1.1 \u00e0 1.5.0.2.x ant\u00e9rieures \u00e0 1.5.0.2.iFix36",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Web Query for i versions 2.3.0 et 2.4.0 sans le correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 7.2. et 7.3 et VIOS version 3.1 avec un fichier bind.rte versions 7.1.916.0 \u00e0 7.1.916.2601 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM version 7.4.0 sans le correctif de s\u00e9curit\u00e9 7.4.0-QRADAR-PROTOCOL-MQJMS-7.4-20230327175451",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2023-25929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25929"
    },
    {
      "name": "CVE-2019-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4378"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2021-39034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39034"
    },
    {
      "name": "CVE-2020-4320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4320"
    },
    {
      "name": "CVE-2019-4049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4049"
    },
    {
      "name": "CVE-2021-38949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38949"
    },
    {
      "name": "CVE-2019-4055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4055"
    },
    {
      "name": "CVE-2022-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3736"
    },
    {
      "name": "CVE-2020-4682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4682"
    },
    {
      "name": "CVE-2023-28530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28530"
    },
    {
      "name": "CVE-2022-24999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
    },
    {
      "name": "CVE-2019-4614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4614"
    },
    {
      "name": "CVE-2019-4762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4762"
    },
    {
      "name": "CVE-2019-4655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4655"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2020-4338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4338"
    },
    {
      "name": "CVE-2019-4656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4656"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2022-3924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3924"
    },
    {
      "name": "CVE-2019-4227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4227"
    },
    {
      "name": "CVE-2022-3094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2019-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4619"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2019-4261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4261"
    },
    {
      "name": "CVE-2019-4719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4719"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2020-4310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4310"
    }
  ],
  "initial_release_date": "2023-07-21T00:00:00",
  "last_revision_date": "2023-07-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0574",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-07-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7013143 du 19 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7013143"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7011771 du 13 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7011771"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7013297 du 19 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7013297"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7012711 du 18 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7012711"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7012621 du 19 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7012621"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7012395 du 17 juillet 2023",
      "url": "https://www.ibm.com/support/pages/node/7012395"
    }
  ]
}

CERTFR-2023-AVI-0976

Vulnerability from certfr_avis - Published: 2023-11-23 - Updated: 2023-11-23

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Sterling Connect:Direct	Services Web IBM Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.20
IBM	Sterling Connect:Direct	Interface utilisateur IBM Sterling Connect:Direct versions 1.x antérieures à 1.5.0.2 iFix-39
IBM	QRadar	Agent QRadar WinCollect (Standalone) versions antérieures à 10.1.8
IBM	Sterling Connect:Direct	Services Web IBM Sterling Connect:Direct versions 6.0.x à 6.1.x antérieures à 6.1.0.22
IBM	QRadar	Suite QRadar versions 1.10.x antérieures à 1.10.17.0
IBM	Sterling	IBM Sterling B2B Integrator versions 6.0.x antérieures à 6.0.3.9
IBM	Sterling	IBM Sterling B2B Integrator versions 6.1.0.x à 6.1.2.x antérieures à 6.1.2.3
IBM	Cloud Pak	Cloud Pak for Security versions 1.10.x antérieures à 1.10.17.0
IBM	Sterling Connect:Direct	Services Web IBM Sterling Connect:Direct versions 6.3.x antérieures à 6.3.0.5

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7080118 du 20 novembre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7080174 du 21 novembre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7080106 du 20 novembre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7080058 du 20 novembre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7080117 du 20 novembre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7080177 du 21 novembre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7080176 du 21 novembre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7081403 du 22 novembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Services Web IBM Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.20",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Interface utilisateur IBM Sterling Connect:Direct versions 1.x ant\u00e9rieures \u00e0 1.5.0.2 iFix-39",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Agent QRadar WinCollect (Standalone) versions ant\u00e9rieures \u00e0 10.1.8",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Services Web IBM Sterling Connect:Direct versions 6.0.x \u00e0 6.1.x ant\u00e9rieures \u00e0 6.1.0.22",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Suite QRadar versions 1.10.x ant\u00e9rieures \u00e0 1.10.17.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.9",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling B2B Integrator versions 6.1.0.x \u00e0 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.3",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak for Security versions 1.10.x ant\u00e9rieures \u00e0 1.10.17.0",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Services Web IBM Sterling Connect:Direct versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.5",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-27191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
    },
    {
      "name": "CVE-2021-37701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
    },
    {
      "name": "CVE-2022-24921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
    },
    {
      "name": "CVE-2022-28327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
    },
    {
      "name": "CVE-2022-36313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36313"
    },
    {
      "name": "CVE-2021-42248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42248"
    },
    {
      "name": "CVE-2021-33196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
    },
    {
      "name": "CVE-2021-31525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
    },
    {
      "name": "CVE-2021-32804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
    },
    {
      "name": "CVE-2021-33198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2020-16845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16845"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2020-28367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28367"
    },
    {
      "name": "CVE-2022-41966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41966"
    },
    {
      "name": "CVE-2022-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
    },
    {
      "name": "CVE-2021-38297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
    },
    {
      "name": "CVE-2020-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-26279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26279"
    },
    {
      "name": "CVE-2022-40153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40153"
    },
    {
      "name": "CVE-2021-41771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
    },
    {
      "name": "CVE-2021-33197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
    },
    {
      "name": "CVE-2021-27918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
    },
    {
      "name": "CVE-2021-37713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
    },
    {
      "name": "CVE-2020-15586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15586"
    },
    {
      "name": "CVE-2021-39293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
    },
    {
      "name": "CVE-2021-37712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
    },
    {
      "name": "CVE-2022-38749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
    },
    {
      "name": "CVE-2023-36478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
    },
    {
      "name": "CVE-2022-40152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
    },
    {
      "name": "CVE-2021-4189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
    },
    {
      "name": "CVE-2021-3426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
    },
    {
      "name": "CVE-2022-24675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
    },
    {
      "name": "CVE-2021-32803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
    },
    {
      "name": "CVE-2022-40151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40151"
    },
    {
      "name": "CVE-2022-23806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
    },
    {
      "name": "CVE-2021-36221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
    },
    {
      "name": "CVE-2022-23773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
    },
    {
      "name": "CVE-2021-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
    },
    {
      "name": "CVE-2022-23772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
    },
    {
      "name": "CVE-2022-36777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36777"
    },
    {
      "name": "CVE-2023-32001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32001"
    },
    {
      "name": "CVE-2021-41772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
    },
    {
      "name": "CVE-2017-18640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18640"
    },
    {
      "name": "CVE-2021-3114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
    },
    {
      "name": "CVE-2023-34104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34104"
    },
    {
      "name": "CVE-2021-29923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2020-24553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24553"
    },
    {
      "name": "CVE-2021-42836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42836"
    },
    {
      "name": "CVE-2021-44716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
    },
    {
      "name": "CVE-2023-1255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
    },
    {
      "name": "CVE-2020-28362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2022-38751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2022-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
    },
    {
      "name": "CVE-2022-40156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40156"
    },
    {
      "name": "CVE-2022-40155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40155"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2023-41080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
    },
    {
      "name": "CVE-2023-38039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
    },
    {
      "name": "CVE-2015-20107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
    },
    {
      "name": "CVE-2021-39008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39008"
    },
    {
      "name": "CVE-2020-14039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14039"
    },
    {
      "name": "CVE-2022-40154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40154"
    },
    {
      "name": "CVE-2020-28366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28366"
    },
    {
      "name": "CVE-2021-33195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
    },
    {
      "name": "CVE-2022-48303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
    }
  ],
  "initial_release_date": "2023-11-23T00:00:00",
  "last_revision_date": "2023-11-23T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0976",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-11-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7080118 du 20 novembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7080118"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7080174 du 21 novembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7080174"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7080106 du 20 novembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7080106"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7080058 du 20 novembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7080058"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7080117 du 20 novembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7080117"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7080177 du 21 novembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7080177"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7080176 du 21 novembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7080176"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7081403 du 22 novembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7081403"
    }
  ]
}

CERTFR-2023-AVI-0287

Vulnerability from certfr_avis - Published: 2023-04-06 - Updated: 2023-04-06

De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	QRadar	IBM Qradar Advisor versions 2.5 à 2.6.3 antérieures à 2.6.4
IBM	Spectrum	IBM Spectrum Scale versions 5.1.0 à 5.1.2.9 antérieures à 5.1.2.10
IBM	Spectrum	IBM Spectrum Scale versions 5.1.3 à 5.1.6.1 antérieures à 5.1.7
IBM	Db2	IBM Db2 Mirror for i versions 7.5 sans le dernier correctif de sécurité
IBM	Db2	IBM Db2 Mirror for i versions 7.4 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6981595 du 05 avril 2023	None	vendor-advisory
Bulletin de sécurité IBM 6981067 du 05 avril 2023	None	vendor-advisory
Bulletin de sécurité IBM 6981113 du 05 avril 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Qradar Advisor versions 2.5 \u00e0 2.6.3 ant\u00e9rieures \u00e0 2.6.4",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Scale versions 5.1.0 \u00e0 5.1.2.9 ant\u00e9rieures \u00e0 5.1.2.10",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Scale versions 5.1.3 \u00e0 5.1.6.1 ant\u00e9rieures \u00e0 5.1.7",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Mirror for i versions 7.5 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 Mirror for i versions 7.4 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-23727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23727"
    },
    {
      "name": "CVE-2022-43928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43928"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    }
  ],
  "initial_release_date": "2023-04-06T00:00:00",
  "last_revision_date": "2023-04-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0287",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-04-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6981595 du 05 avril 2023",
      "url": "https://www.ibm.com/support/pages/node/6981595"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6981067 du 05 avril 2023",
      "url": "https://www.ibm.com/support/pages/node/6981067"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6981113 du 05 avril 2023",
      "url": "https://www.ibm.com/support/pages/node/6981113"
    }
  ]
}

CERTFR-2026-AVI-0199

Vulnerability from certfr_avis - Published: 2026-02-24 - Updated: 2026-02-24

De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Telco Cloud Platform	Telco Cloud Platform versions 4.x et 5.x sans le correctif de sécurité KB428241
VMware	Tanzu Data Services	Tanzu Data Flow versions antérieures à 2.0.2 sur Tanzu Platform
VMware	Azure Spring Enterprise	Harbor Registry versions antérieures à 2.14.2
VMware	Tanzu Data Intelligence	Tanzu pour MySQL versions 2.0.0 sur Kubernetes
VMware	Cloud Foundation	Cloud Foundation versions 9.x antérieures à 9.0.2.0
VMware	Tanzu Kubernetes Runtime	App Metrics versions antérieures à2.3.3
VMware	Tanzu Data Intelligence	Tanzu GemFire versions antérieures à 2.6.1 sur Kubernetes
VMware	Tanzu Kubernetes Runtime	CredHub Secrets Management pour Tanzu Platform versions antérieures à 1.6.8
VMware	Tanzu Data Intelligence	Tanzu pour Valkey version 3.3.1 sur Kubernetes
VMware	Tanzu Operations Manager	Foundation Core pour Tanzu Platform versions antérieures à 3.2.4
VMware	Aria Operations	Aria Operations versions 8.x antérieures à 8.18.6
VMware	Tanzu Kubernetes Runtime	cf-mgmt pour Tanzu Platform versions antérieures à 1.0.108
VMware	Tanzu Data Intelligence	Tanzu pour Valkey version 9.0.1
VMware	Tanzu Kubernetes Runtime	Extended App Support pour Tanzu Platform versions antérieures à 1.0.15
VMware	Tanzu Data Intelligence	Tanzu GemFire Management versions antérieures à 1.4.3
VMware	Tanzu Kubernetes Runtime	NodeJS Buildpack versions antérieures à 1.8.77
VMware	Tanzu Kubernetes Runtime	Cloud Native Buildpacks pour Tanzu Platform versions antérieures à 0.6.5
VMware	Cloud Foundation	Cloud Foundation versions 4.x et 5.x sans le correctif de sécurité KB92148
VMware	Tanzu Kubernetes Runtime	AI Services pour Tanzu Platform versions antérieures à 10.3.4
VMware	Tanzu Kubernetes Runtime	Java Buildpack versions antérieures à 4.89.0
VMware	Telco Cloud Infrastructure	Telco Cloud Infrastructure versions 2.x et 3.x sans le correctif de sécurité KB428241
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime pour Tanzu Platform versions antérieures à 6.0.25+LTS-T, 10.2.8+LTS-T et 10.3.5

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 37012	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37001	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37013	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37003	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37023	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37017	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37006	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37024	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 36997	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37004	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 36947	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37018	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37005	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37008	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37007	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37020	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 36998	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37002	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37021	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37022	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37016	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37019	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37010	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37009	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37000	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37011	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37015	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 37014	2026-02-24	vendor-advisory
Bulletin de sécurité VMware 36999	2026-02-24	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Telco Cloud Platform versions 4.x et 5.x sans le correctif de s\u00e9curit\u00e9 KB428241",
      "product": {
        "name": "Telco Cloud Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Data Flow versions ant\u00e9rieures \u00e0 2.0.2 sur Tanzu Platform",
      "product": {
        "name": "Tanzu Data Services",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Harbor Registry versions ant\u00e9rieures \u00e0 2.14.2",
      "product": {
        "name": "Azure Spring Enterprise",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour MySQL versions 2.0.0 sur Kubernetes",
      "product": {
        "name": "Tanzu Data Intelligence",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Foundation versions 9.x ant\u00e9rieures \u00e0 9.0.2.0",
      "product": {
        "name": "Cloud Foundation",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "App Metrics versions ant\u00e9rieures  \u00e02.3.3",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu GemFire versions ant\u00e9rieures \u00e0 2.6.1 sur Kubernetes",
      "product": {
        "name": "Tanzu Data Intelligence",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "CredHub Secrets Management pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.6.8",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Valkey version 3.3.1 sur Kubernetes",
      "product": {
        "name": "Tanzu Data Intelligence",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Foundation Core pour Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.4",
      "product": {
        "name": "Tanzu Operations Manager",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18.6",
      "product": {
        "name": "Aria Operations",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "cf-mgmt pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.108",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Valkey version 9.0.1",
      "product": {
        "name": "Tanzu Data Intelligence",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Extended App Support pour Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.15",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu GemFire Management versions ant\u00e9rieures \u00e0 1.4.3",
      "product": {
        "name": "Tanzu Data Intelligence",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.77",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Native Buildpacks pour Tanzu Platform versions ant\u00e9rieures \u00e0 0.6.5",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Foundation versions 4.x et 5.x sans le correctif de s\u00e9curit\u00e9 KB92148",
      "product": {
        "name": "Cloud Foundation",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "AI Services pour Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.4",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Java Buildpack versions ant\u00e9rieures \u00e0 4.89.0",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Telco Cloud Infrastructure versions 2.x et 3.x sans le correctif de s\u00e9curit\u00e9 KB428241",
      "product": {
        "name": "Telco Cloud Infrastructure",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime pour Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.25+LTS-T, 10.2.8+LTS-T et 10.3.5",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-6395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
    },
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2025-47219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47219"
    },
    {
      "name": "CVE-2021-22898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
    },
    {
      "name": "CVE-2021-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
    },
    {
      "name": "CVE-2021-42384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
    },
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2025-31651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
    },
    {
      "name": "CVE-2024-20919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
    },
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2025-61730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
    },
    {
      "name": "CVE-2022-32189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
    },
    {
      "name": "CVE-2017-16544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16544"
    },
    {
      "name": "CVE-2025-39987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39987"
    },
    {
      "name": "CVE-2021-42378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2025-21861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21861"
    },
    {
      "name": "CVE-2026-21933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
    },
    {
      "name": "CVE-2025-58183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2026-21932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
    },
    {
      "name": "CVE-2022-24450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24450"
    },
    {
      "name": "CVE-2025-66199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
    },
    {
      "name": "CVE-2025-15282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2024-9681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
    },
    {
      "name": "CVE-2021-37600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
    },
    {
      "name": "CVE-2021-42382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
    },
    {
      "name": "CVE-2020-10750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10750"
    },
    {
      "name": "CVE-2025-68973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
    },
    {
      "name": "CVE-2022-30631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
    },
    {
      "name": "CVE-2023-46218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
    },
    {
      "name": "CVE-2025-40055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40055"
    },
    {
      "name": "CVE-2021-42376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42376"
    },
    {
      "name": "CVE-2025-9714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
    },
    {
      "name": "CVE-2026-22801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
    },
    {
      "name": "CVE-2025-39876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39876"
    },
    {
      "name": "CVE-2025-40029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40029"
    },
    {
      "name": "CVE-2025-38561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38561"
    },
    {
      "name": "CVE-2025-10148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
    },
    {
      "name": "CVE-2023-28841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
    },
    {
      "name": "CVE-2023-28840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
    },
    {
      "name": "CVE-2025-40048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40048"
    },
    {
      "name": "CVE-2022-27191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
    },
    {
      "name": "CVE-2025-40219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
    },
    {
      "name": "CVE-2024-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
    },
    {
      "name": "CVE-2025-40043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40043"
    },
    {
      "name": "CVE-2020-8169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
    },
    {
      "name": "CVE-2021-41091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41091"
    },
    {
      "name": "CVE-2022-27781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
    },
    {
      "name": "CVE-2021-22925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
    },
    {
      "name": "CVE-2025-8556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8556"
    },
    {
      "name": "CVE-2026-21936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21936"
    },
    {
      "name": "CVE-2025-59775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59775"
    },
    {
      "name": "CVE-2026-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21937"
    },
    {
      "name": "CVE-2025-39973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39973"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-8941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
    },
    {
      "name": "CVE-2025-66614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
    },
    {
      "name": "CVE-2018-1000517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000517"
    },
    {
      "name": "CVE-2025-15469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15469"
    },
    {
      "name": "CVE-2025-39943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39943"
    },
    {
      "name": "CVE-2025-39945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39945"
    },
    {
      "name": "CVE-2025-39883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39883"
    },
    {
      "name": "CVE-2023-29404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2022-0563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
    },
    {
      "name": "CVE-2024-20926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2025-40019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40019"
    },
    {
      "name": "CVE-2025-40240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40240"
    },
    {
      "name": "CVE-2022-24921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2022-28327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
    },
    {
      "name": "CVE-2025-40081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40081"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2024-58011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58011"
    },
    {
      "name": "CVE-2025-12084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
    },
    {
      "name": "CVE-2025-40026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
    },
    {
      "name": "CVE-2025-40153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40153"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2023-45283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
    },
    {
      "name": "CVE-2025-40121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40121"
    },
    {
      "name": "CVE-2026-1642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1642"
    },
    {
      "name": "CVE-2025-45582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
    },
    {
      "name": "CVE-2024-21068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
    },
    {
      "name": "CVE-2025-55753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55753"
    },
    {
      "name": "CVE-2025-11468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
    },
    {
      "name": "CVE-2025-40204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40204"
    },
    {
      "name": "CVE-2025-40171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40171"
    },
    {
      "name": "CVE-2021-43816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43816"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2025-39911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39911"
    },
    {
      "name": "CVE-2025-69419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
    },
    {
      "name": "CVE-2025-6052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6052"
    },
    {
      "name": "CVE-2022-41725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
    },
    {
      "name": "CVE-2025-10543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10543"
    },
    {
      "name": "CVE-2025-40125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40125"
    },
    {
      "name": "CVE-2025-40349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40349"
    },
    {
      "name": "CVE-2025-6075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
    },
    {
      "name": "CVE-2019-5481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5481"
    },
    {
      "name": "CVE-2025-26646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26646"
    },
    {
      "name": "CVE-2022-30635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
    },
    {
      "name": "CVE-2022-29222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29222"
    },
    {
      "name": "CVE-2025-40187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40187"
    },
    {
      "name": "CVE-2025-58185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
    },
    {
      "name": "CVE-2022-41715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
    },
    {
      "name": "CVE-2024-21012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21012"
    },
    {
      "name": "CVE-2025-39913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39913"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2025-40092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40092"
    },
    {
      "name": "CVE-2022-41722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
    },
    {
      "name": "CVE-2025-61731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2025-39967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39967"
    },
    {
      "name": "CVE-2025-40115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40115"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2021-42386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
    },
    {
      "name": "CVE-2024-47561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
    },
    {
      "name": "CVE-2023-45285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
    },
    {
      "name": "CVE-2025-13837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
    },
    {
      "name": "CVE-2025-55752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
    },
    {
      "name": "CVE-2024-24783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
    },
    {
      "name": "CVE-2023-45284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
    },
    {
      "name": "CVE-2025-39949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39949"
    },
    {
      "name": "CVE-2023-29403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
    },
    {
      "name": "CVE-2022-27776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
    },
    {
      "name": "CVE-2022-29190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29190"
    },
    {
      "name": "CVE-2025-40173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40173"
    },
    {
      "name": "CVE-2024-24791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2022-42916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
    },
    {
      "name": "CVE-2022-28948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
    },
    {
      "name": "CVE-2025-58767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
    },
    {
      "name": "CVE-2024-56538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56538"
    },
    {
      "name": "CVE-2025-39923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39923"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2025-15367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
    },
    {
      "name": "CVE-2022-31030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
    },
    {
      "name": "CVE-2024-45341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
    },
    {
      "name": "CVE-2018-20679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20679"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2025-39953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39953"
    },
    {
      "name": "CVE-2025-15467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
    },
    {
      "name": "CVE-2023-2253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
    },
    {
      "name": "CVE-2024-58251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
    },
    {
      "name": "CVE-2026-2006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
    },
    {
      "name": "CVE-2022-21624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
    },
    {
      "name": "CVE-2023-28322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2025-40167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40167"
    },
    {
      "name": "CVE-2023-29405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
    },
    {
      "name": "CVE-2021-38297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38297"
    },
    {
      "name": "CVE-2025-39969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39969"
    },
    {
      "name": "CVE-2025-4598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
    },
    {
      "name": "CVE-2025-27144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
    },
    {
      "name": "CVE-2017-15873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15873"
    },
    {
      "name": "CVE-2022-30629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
    },
    {
      "name": "CVE-2025-40194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40194"
    },
    {
      "name": "CVE-2025-40245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40245"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
    },
    {
      "name": "CVE-2024-24557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
    },
    {
      "name": "CVE-2023-45289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
    },
    {
      "name": "CVE-2022-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
    },
    {
      "name": "CVE-2023-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
    },
    {
      "name": "CVE-2025-40001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40001"
    },
    {
      "name": "CVE-2026-1485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1485"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2022-27782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
    },
    {
      "name": "CVE-2022-32149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
    },
    {
      "name": "CVE-2025-40035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40035"
    },
    {
      "name": "CVE-2023-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
    },
    {
      "name": "CVE-2025-39988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39988"
    },
    {
      "name": "CVE-2026-22719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22719"
    },
    {
      "name": "CVE-2022-32148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
    },
    {
      "name": "CVE-2026-2005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
    },
    {
      "name": "CVE-2020-8177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2022-39399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39399"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2025-38584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38584"
    },
    {
      "name": "CVE-2021-42374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-40233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40233"
    },
    {
      "name": "CVE-2025-40020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40020"
    },
    {
      "name": "CVE-2023-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
    },
    {
      "name": "CVE-2025-40188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40188"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2023-22041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22041"
    },
    {
      "name": "CVE-2022-21626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
    },
    {
      "name": "CVE-2025-66200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66200"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2021-41771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
    },
    {
      "name": "CVE-2025-8291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
    },
    {
      "name": "CVE-2023-45290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
    },
    {
      "name": "CVE-2023-28320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
    },
    {
      "name": "CVE-2026-22795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
    },
    {
      "name": "CVE-2023-34231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34231"
    },
    {
      "name": "CVE-2026-0988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0988"
    },
    {
      "name": "CVE-2025-61727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
    },
    {
      "name": "CVE-2025-22866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
    },
    {
      "name": "CVE-2026-21925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-65637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-65637"
    },
    {
      "name": "CVE-2022-30630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
    },
    {
      "name": "CVE-2026-0861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0861"
    },
    {
      "name": "CVE-2023-47090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47090"
    },
    {
      "name": "CVE-2025-40049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40049"
    },
    {
      "name": "CVE-2025-47910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
    },
    {
      "name": "CVE-2021-4160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
    },
    {
      "name": "CVE-2025-40070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40070"
    },
    {
      "name": "CVE-2022-29946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29946"
    },
    {
      "name": "CVE-2025-40106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40106"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2022-43552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2021-3995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
    },
    {
      "name": "CVE-2021-22947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
    },
    {
      "name": "CVE-2025-40205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40205"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2025-6965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
    },
    {
      "name": "CVE-2023-28319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
    },
    {
      "name": "CVE-2025-10966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
    },
    {
      "name": "CVE-2021-22922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
    },
    {
      "name": "CVE-2025-47906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
    },
    {
      "name": "CVE-2022-22576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
    },
    {
      "name": "CVE-2021-38561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38561"
    },
    {
      "name": "CVE-2025-59375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
    },
    {
      "name": "CVE-2021-39293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
    },
    {
      "name": "CVE-2025-31133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2024-29018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
    },
    {
      "name": "CVE-2022-1705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2025-40027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
    },
    {
      "name": "CVE-2025-39885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39885"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2021-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
    },
    {
      "name": "CVE-2025-69421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
    },
    {
      "name": "CVE-2020-8284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
    },
    {
      "name": "CVE-2023-23915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2025-58188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
    },
    {
      "name": "CVE-2025-30215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30215"
    },
    {
      "name": "CVE-2016-9843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
    },
    {
      "name": "CVE-2023-39318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
    },
    {
      "name": "CVE-2024-40635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
    },
    {
      "name": "CVE-2022-41720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
    },
    {
      "name": "CVE-2026-21948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21948"
    },
    {
      "name": "CVE-2025-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
    },
    {
      "name": "CVE-2022-41716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
    },
    {
      "name": "CVE-2025-39970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39970"
    },
    {
      "name": "CVE-2021-3711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
    },
    {
      "name": "CVE-2025-39994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39994"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2024-56433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2022-29526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
    },
    {
      "name": "CVE-2025-40088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40088"
    },
    {
      "name": "CVE-2025-40220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40220"
    },
    {
      "name": "CVE-2021-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
    },
    {
      "name": "CVE-2022-30633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
    },
    {
      "name": "CVE-2023-22036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22036"
    },
    {
      "name": "CVE-2025-13151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
    },
    {
      "name": "CVE-2025-22058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22058"
    },
    {
      "name": "CVE-2024-21634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
    },
    {
      "name": "CVE-2022-28391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28391"
    },
    {
      "name": "CVE-2022-38749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
    },
    {
      "name": "CVE-2025-40109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40109"
    },
    {
      "name": "CVE-2025-40006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40006"
    },
    {
      "name": "CVE-2022-21628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2025-6020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
    },
    {
      "name": "CVE-2025-68161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
    },
    {
      "name": "CVE-2024-45336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
    },
    {
      "name": "CVE-2025-52881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
    },
    {
      "name": "CVE-2023-28842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
    },
    {
      "name": "CVE-2025-7425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
    },
    {
      "name": "CVE-2023-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
    },
    {
      "name": "CVE-2022-26652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26652"
    },
    {
      "name": "CVE-2025-40011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40011"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2025-40085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40085"
    },
    {
      "name": "CVE-2023-42365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42365"
    },
    {
      "name": "CVE-2025-40231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40231"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2022-27775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
    },
    {
      "name": "CVE-2026-22796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
    },
    {
      "name": "CVE-2021-42379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
    },
    {
      "name": "CVE-2025-61724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
    },
    {
      "name": "CVE-2024-5642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
    },
    {
      "name": "CVE-2023-23914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
    },
    {
      "name": "CVE-2025-23143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23143"
    },
    {
      "name": "CVE-2022-30632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
    },
    {
      "name": "CVE-2025-65082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-65082"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2022-27774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
    },
    {
      "name": "CVE-2023-25173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
    },
    {
      "name": "CVE-2025-61732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
    },
    {
      "name": "CVE-2025-61723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
    },
    {
      "name": "CVE-2025-9232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
    },
    {
      "name": "CVE-2023-29406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
    },
    {
      "name": "CVE-2023-39319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
    },
    {
      "name": "CVE-2026-21964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21964"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2024-24785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
    },
    {
      "name": "CVE-2025-46394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
    },
    {
      "name": "CVE-2022-36109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36109"
    },
    {
      "name": "CVE-2025-68146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68146"
    },
    {
      "name": "CVE-2025-40183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40183"
    },
    {
      "name": "CVE-2021-42381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42381"
    },
    {
      "name": "CVE-2026-21441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
    },
    {
      "name": "CVE-2022-1962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2024-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
    },
    {
      "name": "CVE-2022-41717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
    },
    {
      "name": "CVE-2025-39998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39998"
    },
    {
      "name": "CVE-2025-13836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2025-43857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43857"
    },
    {
      "name": "CVE-2023-28321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2025-40134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40134"
    },
    {
      "name": "CVE-2017-15874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15874"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2025-61725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
    },
    {
      "name": "CVE-2026-25210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
    },
    {
      "name": "CVE-2025-39968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39968"
    },
    {
      "name": "CVE-2023-24536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
    },
    {
      "name": "CVE-2022-42915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
    },
    {
      "name": "CVE-2022-32221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
    },
    {
      "name": "CVE-2022-29458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29458"
    },
    {
      "name": "CVE-2025-55163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
    },
    {
      "name": "CVE-2025-39986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39986"
    },
    {
      "name": "CVE-2025-39955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
    },
    {
      "name": "CVE-2025-66293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
    },
    {
      "name": "CVE-2022-24769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24769"
    },
    {
      "name": "CVE-2022-28131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
    },
    {
      "name": "CVE-2025-12818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
    },
    {
      "name": "CVE-2025-58098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58098"
    },
    {
      "name": "CVE-2025-32990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
    },
    {
      "name": "CVE-2021-22897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
    },
    {
      "name": "CVE-2025-40078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40078"
    },
    {
      "name": "CVE-2025-15366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
    },
    {
      "name": "CVE-2022-24675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
    },
    {
      "name": "CVE-2024-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
    },
    {
      "name": "CVE-2025-40116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40116"
    },
    {
      "name": "CVE-2025-68249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68249"
    },
    {
      "name": "CVE-2026-0990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0990"
    },
    {
      "name": "CVE-2025-39934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39934"
    },
    {
      "name": "CVE-2026-0865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2024-9143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
    },
    {
      "name": "CVE-2022-23806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23806"
    },
    {
      "name": "CVE-2025-40179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40179"
    },
    {
      "name": "CVE-2025-40127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40127"
    },
    {
      "name": "CVE-2025-32989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
    },
    {
      "name": "CVE-2025-39996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39996"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2026-22721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22721"
    },
    {
      "name": "CVE-2025-40053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40053"
    },
    {
      "name": "CVE-2026-24515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
    },
    {
      "name": "CVE-2025-39951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39951"
    },
    {
      "name": "CVE-2022-1271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
    },
    {
      "name": "CVE-2025-40120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40120"
    },
    {
      "name": "CVE-2024-28085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
    },
    {
      "name": "CVE-2024-41110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2022-48174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48174"
    },
    {
      "name": "CVE-2025-61594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61594"
    },
    {
      "name": "CVE-2023-21835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21835"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2022-2880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
    },
    {
      "name": "CVE-2025-5025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5025"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2025-40243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40243"
    },
    {
      "name": "CVE-2022-23773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23773"
    },
    {
      "name": "CVE-2021-41089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41089"
    },
    {
      "name": "CVE-2023-24539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
    },
    {
      "name": "CVE-2025-14104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
    },
    {
      "name": "CVE-2023-6237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
    },
    {
      "name": "CVE-2026-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21968"
    },
    {
      "name": "CVE-2021-46848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
    },
    {
      "name": "CVE-2025-30761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
    },
    {
      "name": "CVE-2025-47912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
    },
    {
      "name": "CVE-2023-25153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2025-68160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
    },
    {
      "name": "CVE-2023-42364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42364"
    },
    {
      "name": "CVE-2025-54410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
    },
    {
      "name": "CVE-2022-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
    },
    {
      "name": "CVE-2022-2879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
    },
    {
      "name": "CVE-2025-40118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40118"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2023-27534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2023-24532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
    },
    {
      "name": "CVE-2025-52565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
    },
    {
      "name": "CVE-2025-40021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40021"
    },
    {
      "name": "CVE-2025-67735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
    },
    {
      "name": "CVE-2022-23772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23772"
    },
    {
      "name": "CVE-2025-61728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
    },
    {
      "name": "CVE-2022-43551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2019-5747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5747"
    },
    {
      "name": "CVE-2025-58186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2025-40044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40044"
    },
    {
      "name": "CVE-2023-27533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
    },
    {
      "name": "CVE-2025-40105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40105"
    },
    {
      "name": "CVE-2018-1000500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000500"
    },
    {
      "name": "CVE-2025-9086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
    },
    {
      "name": "CVE-2026-26014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26014"
    },
    {
      "name": "CVE-2021-41772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
    },
    {
      "name": "CVE-2025-40112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40112"
    },
    {
      "name": "CVE-2024-27289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27289"
    },
    {
      "name": "CVE-2024-0727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
    },
    {
      "name": "CVE-2025-58187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
    },
    {
      "name": "CVE-2023-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
    },
    {
      "name": "CVE-2025-39971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
    },
    {
      "name": "CVE-2025-40154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40154"
    },
    {
      "name": "CVE-2025-13601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
    },
    {
      "name": "CVE-2025-12817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2026-23949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23949"
    },
    {
      "name": "CVE-2021-42385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
    },
    {
      "name": "CVE-2023-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
    },
    {
      "name": "CVE-2023-29400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
    },
    {
      "name": "CVE-2025-58056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2024-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
    },
    {
      "name": "CVE-2025-32988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
    },
    {
      "name": "CVE-2023-22049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
    },
    {
      "name": "CVE-2024-24787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
    },
    {
      "name": "CVE-2026-0915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0915"
    },
    {
      "name": "CVE-2025-15281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15281"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2022-41724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2022-30634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
    },
    {
      "name": "CVE-2025-40126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40126"
    },
    {
      "name": "CVE-2025-39972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39972"
    },
    {
      "name": "CVE-2025-24294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24294"
    },
    {
      "name": "CVE-2025-58181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
    },
    {
      "name": "CVE-2021-42836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42836"
    },
    {
      "name": "CVE-2021-44716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
    },
    {
      "name": "CVE-2025-47914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
    },
    {
      "name": "CVE-2023-1255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
    },
    {
      "name": "CVE-2025-69418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
    },
    {
      "name": "CVE-2025-58058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2025-40200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40200"
    },
    {
      "name": "CVE-2022-3358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
    },
    {
      "name": "CVE-2025-38236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38236"
    },
    {
      "name": "CVE-2025-15468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
    },
    {
      "name": "CVE-2025-40124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40124"
    },
    {
      "name": "CVE-2025-39880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39880"
    },
    {
      "name": "CVE-2025-58189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
    },
    {
      "name": "CVE-2025-6021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
    },
    {
      "name": "CVE-2025-40094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40094"
    },
    {
      "name": "CVE-2022-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
    },
    {
      "name": "CVE-2023-24540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2022-38751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2024-8096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
    },
    {
      "name": "CVE-2026-21945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
    },
    {
      "name": "CVE-2024-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2026-21941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21941"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2025-40215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40215"
    },
    {
      "name": "CVE-2025-40111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40111"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2025-40068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40068"
    },
    {
      "name": "CVE-2025-40042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40042"
    },
    {
      "name": "CVE-2025-32415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
    },
    {
      "name": "CVE-2023-24537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
    },
    {
      "name": "CVE-2025-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2026-22695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
    },
    {
      "name": "CVE-2026-23490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
    },
    {
      "name": "CVE-2026-24733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
    },
    {
      "name": "CVE-2026-0992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0992"
    },
    {
      "name": "CVE-2025-9230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
    },
    {
      "name": "CVE-2026-21947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21947"
    },
    {
      "name": "CVE-2025-66564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
    },
    {
      "name": "CVE-2023-45287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2019-5482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5482"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2021-22926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
    },
    {
      "name": "CVE-2025-8916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
    },
    {
      "name": "CVE-2025-32414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
    },
    {
      "name": "CVE-2025-39937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39937"
    },
    {
      "name": "CVE-2025-11187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2025-40060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40060"
    },
    {
      "name": "CVE-2026-2003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
    },
    {
      "name": "CVE-2019-5443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5443"
    },
    {
      "name": "CVE-2022-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
    },
    {
      "name": "CVE-2022-30580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
    },
    {
      "name": "CVE-2022-23471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
    },
    {
      "name": "CVE-2020-1967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1967"
    },
    {
      "name": "CVE-2025-68121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
    },
    {
      "name": "CVE-2025-60876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60876"
    },
    {
      "name": "CVE-2023-24531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
    },
    {
      "name": "CVE-2021-23840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
    },
    {
      "name": "CVE-2023-24538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
    },
    {
      "name": "CVE-2023-2975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2021-44717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
    },
    {
      "name": "CVE-2025-11065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11065"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2026-1484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1484"
    },
    {
      "name": "CVE-2025-4947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4947"
    },
    {
      "name": "CVE-2025-40178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40178"
    },
    {
      "name": "CVE-2022-29804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
    },
    {
      "name": "CVE-2025-39869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39869"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2025-39985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39985"
    },
    {
      "name": "CVE-2025-61726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
    },
    {
      "name": "CVE-2022-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
    },
    {
      "name": "CVE-2021-22923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
    },
    {
      "name": "CVE-2022-41723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
    },
    {
      "name": "CVE-2025-59464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
    },
    {
      "name": "CVE-2023-22006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22006"
    },
    {
      "name": "CVE-2019-5435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5435"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2025-8058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8058"
    },
    {
      "name": "CVE-2026-1489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1489"
    },
    {
      "name": "CVE-2023-39323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
    },
    {
      "name": "CVE-2023-29402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
    },
    {
      "name": "CVE-2026-2004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
    },
    {
      "name": "CVE-2026-0672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0672"
    },
    {
      "name": "CVE-2025-8732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
    },
    {
      "name": "CVE-2023-39326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2021-43565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
    },
    {
      "name": "CVE-2025-21502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
    },
    {
      "name": "CVE-2023-29409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
    },
    {
      "name": "CVE-2022-23648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23648"
    },
    {
      "name": "CVE-2021-23841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2023-39325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
    },
    {
      "name": "CVE-2025-5914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
    },
    {
      "name": "CVE-2026-22720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22720"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2023-42363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42363"
    },
    {
      "name": "CVE-2023-24534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
    },
    {
      "name": "CVE-2024-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
    },
    {
      "name": "CVE-2025-39980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39980"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2024-24786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2019-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
    },
    {
      "name": "CVE-2025-40346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40346"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2022-21619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
    },
    {
      "name": "CVE-2025-40030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40030"
    },
    {
      "name": "CVE-2025-40244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40244"
    },
    {
      "name": "CVE-2025-39995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39995"
    },
    {
      "name": "CVE-2025-68119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
    },
    {
      "name": "CVE-2022-21698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2025-22873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
    },
    {
      "name": "CVE-2023-5678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
    },
    {
      "name": "CVE-2024-24784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
    },
    {
      "name": "CVE-2022-27780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
    },
    {
      "name": "CVE-2025-39907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39907"
    },
    {
      "name": "CVE-2023-42366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    },
    {
      "name": "CVE-2026-25547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
    },
    {
      "name": "CVE-2025-69420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    },
    {
      "name": "CVE-2025-40140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40140"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2025-40223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40223"
    },
    {
      "name": "CVE-2022-27664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
    },
    {
      "name": "CVE-2026-1225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
    },
    {
      "name": "CVE-2024-53114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53114"
    },
    {
      "name": "CVE-2024-27304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27304"
    },
    {
      "name": "CVE-2026-22703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22703"
    },
    {
      "name": "CVE-2026-0989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0989"
    },
    {
      "name": "CVE-2025-61729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
    },
    {
      "name": "CVE-2025-39873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39873"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    },
    {
      "name": "CVE-2023-23916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
    },
    {
      "name": "CVE-2022-29189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29189"
    },
    {
      "name": "CVE-2025-38248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38248"
    },
    {
      "name": "CVE-2025-40351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40351"
    },
    {
      "name": "CVE-2025-40087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40087"
    },
    {
      "name": "CVE-2026-25646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25646"
    }
  ],
  "initial_release_date": "2026-02-24T00:00:00",
  "last_revision_date": "2026-02-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0199",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-02-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0 distance (XSS).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37012",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37012"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37001",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37001"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37013",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37013"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37003",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37003"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37023",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37023"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37017",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37017"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37006",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37006"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37024",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37024"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36997",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36997"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37004",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37004"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36947",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37018",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37018"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37005",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37005"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37008",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37008"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37007",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37007"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37020",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37020"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36998",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36998"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37002",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37002"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37021",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37021"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37022",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37022"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37016",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37016"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37019",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37019"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37010",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37010"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37009",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37009"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37000",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37000"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37011",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37011"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37015",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37015"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37014",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37014"
    },
    {
      "published_at": "2026-02-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36999",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36999"
    }
  ]
}

cve-2022-1471

Vulnerability from osv_almalinux

Published

2022-12-15 00:00

Modified

2022-12-16 10:11

Summary

Important: prometheus-jmx-exporter security update

Details

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target.

Security Fix(es):

SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "prometheus-jmx-exporter"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.12.0-9.el8_7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "prometheus-jmx-exporter-openjdk11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.12.0-9.el8_7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "prometheus-jmx-exporter-openjdk17"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.12.0-9.el8_7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "prometheus-jmx-exporter-openjdk8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.12.0-9.el8_7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target.\n\nSecurity Fix(es):\n\n* SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2022:9058",
  "modified": "2022-12-16T10:11:55Z",
  "published": "2022-12-15T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2022:9058"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-1471"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2150009"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2022-9058.html"
    }
  ],
  "related": [
    "CVE-2022-1471"
  ],
  "summary": "Important: prometheus-jmx-exporter security update"
}

FKIE_CVE-2022-1471

Vulnerability from fkie_nvd - Published: 2022-12-01 11:15 - Updated: 2025-06-18 09:15

Severity ?

8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.

References

URL	Tags
cve-coordination@google.com	http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html
cve-coordination@google.com	http://www.openwall.com/lists/oss-security/2023/11/19/1
cve-coordination@google.com	https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479	Issue Tracking, Third Party Advisory
cve-coordination@google.com	https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html
cve-coordination@google.com	https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2	Exploit, Third Party Advisory
cve-coordination@google.com	https://github.com/mbechler/marshalsec	Exploit, Third Party Advisory
cve-coordination@google.com	https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc
cve-coordination@google.com	https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c
cve-coordination@google.com	https://security.netapp.com/advisory/ntap-20230818-0015/
cve-coordination@google.com	https://security.netapp.com/advisory/ntap-20240621-0006/
cve-coordination@google.com	https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/11/19/1
af854a3a-2127-422b-91ae-364da2661108	https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/mbechler/marshalsec	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230818-0015/
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108	https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	snakeyaml_project	snakeyaml	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:snakeyaml_project:snakeyaml:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3598DC3A-DDD1-4A0B-ACDA-406B85A1EA1A",
              "versionEndExcluding": "2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SnakeYaml\u0027s Constructor() class does not restrict types which can be instantiated during deserialization.\u00a0Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml\u0027s SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond."
    },
    {
      "lang": "es",
      "value": "La clase Constructor() de SnakeYaml no restringe los tipos de los que se pueden crear instancias durante la deserializaci\u00f3n. La deserializaci\u00f3n del contenido yaml proporcionado por un atacante puede conducir a la ejecuci\u00f3n remota de c\u00f3digo. Recomendamos utilizar SafeConsturctor de SnakeYaml al analizar contenido que no es de confianza para restringir la deserializaci\u00f3n. Recomendamos actualizar a la versi\u00f3n 2.0 y posteriores."
    }
  ],
  "id": "CVE-2022-1471",
  "lastModified": "2025-06-18T09:15:47.243",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.5,
        "source": "cve-coordination@google.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-01T11:15:10.553",
  "references": [
    {
      "source": "cve-coordination@google.com",
      "url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "http://www.openwall.com/lists/oss-security/2023/11/19/1"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/mbechler/marshalsec"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0015/"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2023/11/19/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/mbechler/marshalsec"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0015/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"
    }
  ],
  "sourceIdentifier": "cve-coordination@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "cve-coordination@google.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-1471

Vulnerability from fstec - Published: 11.04.2022

Title

Уязвимость библиотеки для сериализации и десериализации YAML-документов SnakeYAML, связанная с восстановлением в памяти недостоверной структуры данных, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость библиотеки для сериализации и десериализации YAML-документов SnakeYAML связана с восстановлением в памяти недостоверной структуры данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вы-полнить произвольный код

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

ООО «Ред Софт», Сообщество свободного программного обеспечения, Wazuh, Inc, OpenSearch, Apache Software Foundation, Gradle Inc.

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), SnakeYAML, Wazuh, Logstash, Cassandra, Gradle

Software Version

7.3 (РЕД ОС), 1.30 (SnakeYAML), 4.4.5 (Wazuh), 8.9.0 (Logstash), 4.1.3 (Cassandra), 8.14.3 (Gradle)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для SnakeYAML: https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Компенсирующие меры: - использование SafeConsturctor SnakeYaml для ограничения десериализации; - создание черных списков классов, которые могут быть созданы с использованием SnakeYAML; - использование антивирусных средств защиты; - мониторинг действий пользователей; - запуск приложений от имени пользователя с минимальными возможными привилегиями в операционной системе; - применение систем обнаружения и предотвращения вторжений Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2022-1471 https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 https://github.com/mbechler/marshalsec https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

CWE

CWE-20, CWE-502

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Wazuh, Inc, OpenSearch, Apache Software Foundation, Gradle Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.30 (SnakeYAML), 4.4.5 (Wazuh), 8.9.0 (Logstash), 4.1.3 (Cassandra), 8.14.3 (Gradle)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f SnakeYAML:\nhttps://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 SafeConsturctor SnakeYaml \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438;\n- \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0447\u0435\u0440\u043d\u044b\u0445 \u0441\u043f\u0438\u0441\u043a\u043e\u0432 \u043a\u043b\u0430\u0441\u0441\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u044b \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c SnakeYAML;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u0437\u0430\u0449\u0438\u0442\u044b;\n- \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u0437\u0430\u043f\u0443\u0441\u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0441 \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0432 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435;\n- \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.04.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "10.02.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.01.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-00013",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-1471",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), SnakeYAML, Wazuh, Logstash, Cassandra, Gradle",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 YAML-\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 SnakeYAML,  \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u043e\u0439 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u0412\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-502)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0434\u043b\u044f \u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 YAML-\u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432 SnakeYAML \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u043e\u0439 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b-\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471\nhttps://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2\nhttps://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479\nhttps://github.com/mbechler/marshalsec\nhttps://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2\n\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0423\u0411\u0414",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-502",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

GHSA-MJMJ-J48Q-9WG2

Vulnerability from github – Published: 2022-12-12 21:19 – Updated: 2025-06-18 17:45

Summary

SnakeYaml Constructor Deserialization Remote Code Execution

Details

Summary

SnakeYaml's Constructor class, which inherits from SafeConstructor, allows any type be deserialized given the following line:

new Yaml(new Constructor(TestDataClass.class)).load(yamlContent);

Types do not have to match the types of properties in the target class. A ConstructorException is thrown, but only after a malicious payload is deserialized.

Severity

High, lack of type checks during deserialization allows remote code execution.

Proof of Concept

Execute bash run.sh. The PoC uses Constructor to deserialize a payload for RCE. RCE is demonstrated by using a payload which performs a http request to http://127.0.0.1:8000.

Example output of successful run of proof of concept:

$ bash run.sh

[+] Downloading snakeyaml if needed
[+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE
nc: no process found
[+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server.
[+] An exception is expected.
Exception:
Cannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0
 in 'string', line 1, column 1:
    payload: !!javax.script.ScriptEn ... 
    ^
Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager
 in 'string', line 1, column 10:
    payload: !!javax.script.ScriptEngineManag ... 
             ^

    at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291)
    at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172)
    at org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332)
    at org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230)
    at org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220)
    at org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174)
    at org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158)
    at org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491)
    at org.yaml.snakeyaml.Yaml.load(Yaml.java:416)
    at Main.main(Main.java:37)
Caused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager
    at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167)
    at java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171)
    at java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81)
    at java.base/java.lang.reflect.Field.set(Field.java:780)
    at org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44)
    at org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286)
    ... 9 more
[+] Dumping Received HTTP Request. Will not be empty if PoC worked
GET /proof-of-concept HTTP/1.1
User-Agent: Java/11.0.14
Host: localhost:8000
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

Further Analysis

Potential mitigations include, leveraging SnakeYaml's SafeConstructor while parsing untrusted content.

See https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject.

Timeline

Date reported: 4/11/2022 Date fixed: 30/12/2022 Date disclosed: 10/13/2022

Severity ?

8.3 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.33"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.yaml:snakeyaml"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-1471"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-502"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-12T21:19:47Z",
    "nvd_published_at": "2022-12-01T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nSnakeYaml\u0027s `Constructor` class, which inherits from `SafeConstructor`, allows\nany type be deserialized given the following line:\n\nnew Yaml(new Constructor(TestDataClass.class)).load(yamlContent);\n\nTypes do not have to match the types of properties in the\ntarget class. A `ConstructorException` is thrown, but only after a malicious\npayload is deserialized.\n\n### Severity\nHigh, lack of type checks during deserialization allows remote code execution.\n\n### Proof of Concept\nExecute `bash run.sh`. The PoC uses Constructor to deserialize a payload\nfor RCE. RCE is demonstrated by using a payload which performs a http request to\nhttp://127.0.0.1:8000.\n\nExample output of successful run of proof of concept:\n\n```\n$ bash run.sh\n\n[+] Downloading snakeyaml if needed\n[+] Starting mock HTTP server on 127.0.0.1:8000 to demonstrate RCE\nnc: no process found\n[+] Compiling and running Proof of Concept, which a payload that sends a HTTP request to mock web server.\n[+] An exception is expected.\nException:\nCannot create property=payload for JavaBean=Main$TestDataClass@3cbbc1e0\n in \u0027string\u0027, line 1, column 1:\n    payload: !!javax.script.ScriptEn ... \n    ^\nCan not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager\n in \u0027string\u0027, line 1, column 10:\n    payload: !!javax.script.ScriptEngineManag ... \n             ^\n\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:291)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.construct(Constructor.java:172)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructYamlObject.construct(Constructor.java:332)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectNoCheck(BaseConstructor.java:230)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructObject(BaseConstructor.java:220)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.constructDocument(BaseConstructor.java:174)\n\tat org.yaml.snakeyaml.constructor.BaseConstructor.getSingleData(BaseConstructor.java:158)\n\tat org.yaml.snakeyaml.Yaml.loadFromReader(Yaml.java:491)\n\tat org.yaml.snakeyaml.Yaml.load(Yaml.java:416)\n\tat Main.main(Main.java:37)\nCaused by: java.lang.IllegalArgumentException: Can not set java.lang.String field Main$TestDataClass.payload to javax.script.ScriptEngineManager\n\tat java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:167)\n\tat java.base/jdk.internal.reflect.UnsafeFieldAccessorImpl.throwSetIllegalArgumentException(UnsafeFieldAccessorImpl.java:171)\n\tat java.base/jdk.internal.reflect.UnsafeObjectFieldAccessorImpl.set(UnsafeObjectFieldAccessorImpl.java:81)\n\tat java.base/java.lang.reflect.Field.set(Field.java:780)\n\tat org.yaml.snakeyaml.introspector.FieldProperty.set(FieldProperty.java:44)\n\tat org.yaml.snakeyaml.constructor.Constructor$ConstructMapping.constructJavaBean2ndStep(Constructor.java:286)\n\t... 9 more\n[+] Dumping Received HTTP Request. Will not be empty if PoC worked\nGET /proof-of-concept HTTP/1.1\nUser-Agent: Java/11.0.14\nHost: localhost:8000\nAccept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2\nConnection: keep-alive\n```\n\n### Further Analysis\nPotential mitigations include, leveraging SnakeYaml\u0027s SafeConstructor while parsing untrusted content.\n\nSee https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479 for discussion on the subject.\n\n### Timeline\n**Date reported**: 4/11/2022\n**Date fixed**:  [30/12/2022](https://bitbucket.org/snakeyaml/snakeyaml/pull-requests/44)\n**Date disclosed**: 10/13/2022",
  "id": "GHSA-mjmj-j48q-9wg2",
  "modified": "2025-06-18T17:45:18Z",
  "published": "2022-12-12T21:19:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1471"
    },
    {
      "type": "WEB",
      "url": "https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/blog/unsafe-deserialization-snakeyaml-java-cve-2022-1471"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0015"
    },
    {
      "type": "WEB",
      "url": "https://infosecwriteups.com/%EF%B8%8F-inside-the-160-comment-fight-to-fix-snakeyamls-rce-default-1a20c5ca4d4c"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/mwrakFaEdnc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mbechler/marshalsec"
    },
    {
      "type": "WEB",
      "url": "https://confluence.atlassian.com/security/cve-2022-1471-snakeyaml-library-rce-vulnerability-in-multiple-products-1296171009.html"
    },
    {
      "type": "WEB",
      "url": "https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE-2022-1471"
    },
    {
      "type": "WEB",
      "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64876314"
    },
    {
      "type": "WEB",
      "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64634374"
    },
    {
      "type": "WEB",
      "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/561/cve-2022-1471-vulnerability-in#comment-64581479"
    },
    {
      "type": "WEB",
      "url": "https://bitbucket.org/snakeyaml/snakeyaml/commits/acc44099f5f4af26ff86b4e4e4cc1c874e2dc5c4"
    },
    {
      "type": "WEB",
      "url": "https://bitbucket.org/snakeyaml/snakeyaml/commits/5014df1a36f50aca54405bb8433bc99a8847f758"
    },
    {
      "type": "PACKAGE",
      "url": "https://bitbucket.org/snakeyaml/snakeyaml"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/175095/PyTorch-Model-Server-Registration-Deserialization-Remote-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/11/19/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SnakeYaml Constructor Deserialization Remote Code Execution"
}

CVE-2022-1471 (GCVE-0-2022-1471)

Tags

Sightings

Nomenclature

Action not permitted

CVE-2022-1471 (GCVE-0-2022-1471)

Solution

Solution

Solutions

Solutions

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solutions

Solution

Solution

Solution

Solution

Solutions

Vulnerability from osv_almalinux

Summary

Severity

Proof of Concept

Further Analysis

Timeline

Tags

Sightings

Nomenclature