Vulnerability-Lookup

CVE-2024-36114 (GCVE-0-2024-36114)

Vulnerability from cvelistv5 – Published: 2024-05-29 20:24 – Updated: 2024-08-02 03:30

Title

Decompressors can crash the JVM and leak memory content in Aircompressor

Summary

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE

CWE-125 - Out-of-bounds Read
CWE-787 - Out-of-bounds Write

Assigner

GitHub_M

References

URL

Tags

	https://github.com/airlift/aircompressor/security…	x_refsource_CONFIRM
	https://github.com/airlift/aircompressor/commit/1…	x_refsource_MISC
	https://github.com/airlift/aircompressor/commit/2…	x_refsource_MISC
	https://github.com/airlift/aircompressor/commit/c…	x_refsource_MISC
	https://github.com/airlift/aircompressor/commit/d…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	airlift	aircompressor	Affected: < 0.27

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:airlift:aircompressor:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "aircompressor",
            "vendor": "airlift",
            "versions": [
              {
                "lessThan": "0.27",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36114",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-04T19:37:59.883008Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T19:42:22.047Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "ADP Container"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:13.037Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4"
          },
          {
            "name": "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071"
          },
          {
            "name": "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e"
          },
          {
            "name": "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f"
          },
          {
            "name": "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "aircompressor",
          "vendor": "airlift",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.27"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T20:24:53.906Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4"
        },
        {
          "name": "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071"
        },
        {
          "name": "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e"
        },
        {
          "name": "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f"
        },
        {
          "name": "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e"
        }
      ],
      "source": {
        "advisory": "GHSA-973x-65j7-xcf4",
        "discovery": "UNKNOWN"
      },
      "title": "Decompressors can crash the JVM and leak memory content in Aircompressor"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-36114",
    "datePublished": "2024-05-29T20:24:53.906Z",
    "dateReserved": "2024-05-20T21:07:48.187Z",
    "dateUpdated": "2024-08-02T03:30:13.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4\", \"name\": \"https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071\", \"name\": \"https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e\", \"name\": \"https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f\", \"name\": \"https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e\", \"name\": \"https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T03:30:13.037Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36114\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-04T19:37:59.883008Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:airlift:aircompressor:*:*:*:*:*:*:*:*\"], \"vendor\": \"airlift\", \"product\": \"aircompressor\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.27\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-04T19:39:59.422Z\"}}], \"cna\": {\"title\": \"Decompressors can crash the JVM and leak memory content in Aircompressor\", \"source\": {\"advisory\": \"GHSA-973x-65j7-xcf4\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"airlift\", \"product\": \"aircompressor\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.27\"}]}], \"references\": [{\"url\": \"https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4\", \"name\": \"https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071\", \"name\": \"https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e\", \"name\": \"https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f\", \"name\": \"https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e\", \"name\": \"https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125: Out-of-bounds Read\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787: Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-05-29T20:24:53.906Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-36114\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T03:30:13.037Z\", \"dateReserved\": \"2024-05-20T21:07:48.187Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-05-29T20:24:53.906Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-973X-65J7-XCF4

Vulnerability from github – Published: 2024-06-02 22:30 – Updated: 2024-06-02 22:30

Summary

Decompressors can crash the JVM and leak memory content in Aircompressor

Details

Summary

All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information).

Details

When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class sun.misc.Unsafe to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM.

Users should update to Aircompressor 0.27 or newer where these issues have been fixed.

Impact

When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process.

Severity ?

8.6 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.airlift:aircompressor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.27"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-36114"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-787"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-06-02T22:30:02Z",
    "nvd_published_at": "2024-05-29T21:15:49Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nAll decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information).\n\n### Details\nWhen decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM.\n\nUsers should update to Aircompressor 0.27 or newer where these issues have been fixed.\n\n### Impact\nWhen decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process.",
  "id": "GHSA-973x-65j7-xcf4",
  "modified": "2024-06-02T22:30:02Z",
  "published": "2024-06-02T22:30:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36114"
    },
    {
      "type": "WEB",
      "url": "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071"
    },
    {
      "type": "WEB",
      "url": "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e"
    },
    {
      "type": "WEB",
      "url": "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/airlift/aircompressor"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Decompressors can crash the JVM and leak memory content in Aircompressor"
}

FKIE_CVE-2024-36114

Vulnerability from fkie_nvd - Published: 2024-05-29 21:15 - Updated: 2024-11-21 09:21

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071
	security-advisories@github.com	https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e
	security-advisories@github.com	https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f
	security-advisories@github.com	https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e
	security-advisories@github.com	https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue."
    },
    {
      "lang": "es",
      "value": "Aircompressor es una librer\u00eda con puertos de los algoritmos de compresi\u00f3n Snappy, LZO, LZ4 y Zstandard a Java. Todas las implementaciones de descompresor de Aircompressor (LZ4, LZO, Snappy, Zstandard) pueden bloquear la JVM para determinadas entradas y, en algunos casos, tambi\u00e9n filtrar el contenido de otra memoria del proceso Java (que podr\u00eda contener informaci\u00f3n confidencial). Al descomprimir ciertos datos, los descompresores intentan acceder a la memoria fuera de los l\u00edmites de las matrices de bytes o b\u00faferes de bytes dados. Debido a que Aircompressor utiliza la clase JDK `sun.misc.Unsafe` para acelerar el acceso a la memoria, no se realizan comprobaciones de los l\u00edmites adicionales y esto tiene consecuencias de seguridad similares a las del acceso fuera de los l\u00edmites en C o C++, es decir, puede conducir a no comportamiento determinista o bloquear la JVM. Los usuarios deben actualizar a Aircompressor 0.27 o posterior donde se hayan solucionado estos problemas. Al descomprimir datos de usuarios que no son de confianza, esto puede aprovecharse para un ataque de denegaci\u00f3n de servicio al bloquear la JVM o para filtrar otra informaci\u00f3n confidencial del proceso Java. No se conocen workarounds para este problema."
    }
  ],
  "id": "CVE-2024-36114",
  "lastModified": "2024-11-21T09:21:38.970",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-29T21:15:49.237",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/airlift/aircompressor/commit/15e68df9eb0c2bfde7f796231ee7cd1982965071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/airlift/aircompressor/commit/2cea90a45534f9aacbb77426fb64e975504dee6e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/airlift/aircompressor/commit/cf66151541edb062ea88b6f3baab3f95e48b7b7f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/airlift/aircompressor/commit/d01ecb779375a092d00e224abe7869cdf49ddc3e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/airlift/aircompressor/security/advisories/GHSA-973x-65j7-xcf4"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

CERTFR-2024-AVI-1081

Vulnerability from certfr_avis - Published: 2024-12-13 - Updated: 2024-12-13

De multiples vulnérabilités ont été découvertes dans les produits IBM.Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar Suite Software	QRadar Suite Software versions antérieures à 1.11.0.0
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP10 IF02
IBM	Cognos Dashboards	Cognos Dashboards on Cloud Pak for Data versions 4.8.x à 5.0.x antérieures à 5.1
IBM	QRadar Incident Forensics	QRadar Incident Forensics 7.5.x antérieures à 7.5.0 UP10 IF02

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7177766	2024-12-11	vendor-advisory
Bulletin de sécurité IBM 7178224	2024-12-09	vendor-advisory
Bulletin de sécurité IBM 7178556	2024-12-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.11.0.0",
      "product": {
        "name": "QRadar Suite Software",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10 IF02",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Dashboards on Cloud Pak for Data versions 4.8.x \u00e0 5.0.x ant\u00e9rieures \u00e0 5.1",
      "product": {
        "name": "Cognos Dashboards",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Incident Forensics 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10 IF02",
      "product": {
        "name": "QRadar Incident Forensics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-42459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
    },
    {
      "name": "CVE-2024-21536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
    },
    {
      "name": "CVE-2024-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2024-28849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
    },
    {
      "name": "CVE-2023-31582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31582"
    },
    {
      "name": "CVE-2023-23613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23613"
    },
    {
      "name": "CVE-2023-52425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
    },
    {
      "name": "CVE-2023-37920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
    },
    {
      "name": "CVE-2024-28757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2024-25638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
    },
    {
      "name": "CVE-2022-31160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
    },
    {
      "name": "CVE-2023-52426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
    },
    {
      "name": "CVE-2024-42460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
    },
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-38998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38998"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2024-43796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2023-35116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
    },
    {
      "name": "CVE-2024-38820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
    },
    {
      "name": "CVE-2024-45491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2024-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
    },
    {
      "name": "CVE-2022-41917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41917"
    },
    {
      "name": "CVE-2024-48949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
    },
    {
      "name": "CVE-2024-41755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41755"
    },
    {
      "name": "CVE-2023-48161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
    },
    {
      "name": "CVE-2024-47764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
    },
    {
      "name": "CVE-2024-38372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38372"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2023-36478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2022-40152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2019-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2024-41110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
    },
    {
      "name": "CVE-2024-38999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
    },
    {
      "name": "CVE-2023-52428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
    },
    {
      "name": "CVE-2024-38986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38986"
    },
    {
      "name": "CVE-2022-41915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41915"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2021-22569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
    },
    {
      "name": "CVE-2024-10041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
    },
    {
      "name": "CVE-2024-10963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2024-43800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2024-52318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52318"
    },
    {
      "name": "CVE-2024-42461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
    },
    {
      "name": "CVE-2023-33546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33546"
    },
    {
      "name": "CVE-2024-41818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41818"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2024-52317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52317"
    },
    {
      "name": "CVE-2024-47175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
    },
    {
      "name": "CVE-2022-23491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
    },
    {
      "name": "CVE-2024-51504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
    },
    {
      "name": "CVE-2022-41881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
    },
    {
      "name": "CVE-2024-52316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2023-23612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23612"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    }
  ],
  "initial_release_date": "2024-12-13T00:00:00",
  "last_revision_date": "2024-12-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1081",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7177766",
      "url": "https://www.ibm.com/support/pages/node/7177766"
    },
    {
      "published_at": "2024-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7178224",
      "url": "https://www.ibm.com/support/pages/node/7178224"
    },
    {
      "published_at": "2024-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7178556",
      "url": "https://www.ibm.com/support/pages/node/7178556"
    }
  ]
}

CERTFR-2025-AVI-0760

Vulnerability from certfr_avis - Published: 2025-09-05 - Updated: 2025-09-05

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	User Entity Behavior Analytics pour IBM QRadar SIEM versions antérieures à 5.0.1
IBM	WebSphere	IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x antérieures à 9.0.0.2
IBM	Db2	Db2 on Cloud Pak for Data versions antérieures à v5.2.1
IBM	WebSphere	IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de sécurité APAR PH67137 et APAR PH67132
IBM	WebSphere	Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité
IBM	WebSphere	Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité
IBM	WebSphere	IBM Common Licensing pour Websphere Liberty ART versions 9.0.x antérieures à 9.0.0.2
IBM	WebSphere	Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité
IBM	WebSphere	Cloud Pak for Applications versions 5.1 à 5.3 pour WebSphere Application Server Liberty sans les correctifs de sécurité APAR PH67132 et APAR PH67137
IBM	WebSphere	Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité
IBM	WebSphere	WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalités jsonp sans le dernier correctif de sécurité
IBM	WebSphere	WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité APAR PH67137, APAR PH67132,
IBM	Db2	Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.2.1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7243927	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243923	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243924	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7244012	2025-09-04	vendor-advisory
Bulletin de sécurité IBM 7243659	2025-09-01	vendor-advisory
Bulletin de sécurité IBM 7244002	2025-09-04	vendor-advisory
Bulletin de sécurité IBM 7243582	2025-08-29	vendor-advisory
Bulletin de sécurité IBM 7243928	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243925	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7244010	2025-09-04	vendor-advisory
Bulletin de sécurité IBM 7243922	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243673	2025-09-01	vendor-advisory
Bulletin de sécurité IBM 7243877	2025-09-03	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "User Entity Behavior Analytics pour IBM QRadar SIEM versions ant\u00e9rieures \u00e0 5.0.1",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Common Licensing pour Websphere Liberty Agent versions  9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de s\u00e9curit\u00e9 APAR PH67137 et  APAR PH67132",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Test Management versions 7.0.2 et 7.0.3  pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty  versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Common Licensing pour Websphere Liberty ART versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty  versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak for Applications versions 5.1 \u00e0 5.3 pour WebSphere Application Server Liberty sans les correctifs de s\u00e9curit\u00e9 APAR PH67132 et APAR PH67137",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalit\u00e9s jsonp sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 APAR PH67137, APAR PH67132,",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-31129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
    },
    {
      "name": "CVE-2025-53547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2025-0755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
    },
    {
      "name": "CVE-2025-25724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2024-55565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
    },
    {
      "name": "CVE-2024-51473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
    },
    {
      "name": "CVE-2015-5237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
    },
    {
      "name": "CVE-2025-3445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
    },
    {
      "name": "CVE-2025-32386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
    },
    {
      "name": "CVE-2025-46762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
    },
    {
      "name": "CVE-2025-32421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
    },
    {
      "name": "CVE-2016-4055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4055"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2024-49766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
    },
    {
      "name": "CVE-2024-45492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2024-56326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
    },
    {
      "name": "CVE-2025-22004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2025-30472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
    },
    {
      "name": "CVE-2025-24528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
    },
    {
      "name": "CVE-2024-45813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
    },
    {
      "name": "CVE-2022-36364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
    },
    {
      "name": "CVE-2023-5868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
    },
    {
      "name": "CVE-2025-48050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2025-33092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
    },
    {
      "name": "CVE-2024-51479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
    },
    {
      "name": "CVE-2025-1647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
    },
    {
      "name": "CVE-2023-39417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2024-0406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
    },
    {
      "name": "CVE-2024-11831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2025-33143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
    },
    {
      "name": "CVE-2021-3393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3393"
    },
    {
      "name": "CVE-2025-2533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2533"
    },
    {
      "name": "CVE-2019-10202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
    },
    {
      "name": "CVE-2023-5870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2025-36097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
    },
    {
      "name": "CVE-2024-45490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
    },
    {
      "name": "CVE-2025-36010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36010"
    },
    {
      "name": "CVE-2025-36047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36047"
    },
    {
      "name": "CVE-2024-45491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2022-49846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
    },
    {
      "name": "CVE-2025-32462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2023-5869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
    },
    {
      "name": "CVE-2024-8184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
    },
    {
      "name": "CVE-2025-48068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
    },
    {
      "name": "CVE-2024-48949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2025-33114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33114"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-27152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
    },
    {
      "name": "CVE-2022-41862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2025-21966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
    },
    {
      "name": "CVE-2023-22467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
    },
    {
      "name": "CVE-2022-24823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-48948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2019-9193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9193"
    },
    {
      "name": "CVE-2018-5968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
    },
    {
      "name": "CVE-2024-6763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2024-56332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2025-37799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37799"
    },
    {
      "name": "CVE-2022-24785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
    },
    {
      "name": "CVE-2024-56201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2023-26133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
    },
    {
      "name": "CVE-2024-6484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
    },
    {
      "name": "CVE-2024-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
    },
    {
      "name": "CVE-2023-2454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
    },
    {
      "name": "CVE-2024-9823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
    },
    {
      "name": "CVE-2025-26791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
    },
    {
      "name": "CVE-2024-56339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
    },
    {
      "name": "CVE-2024-49767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
    },
    {
      "name": "CVE-2022-1552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1552"
    },
    {
      "name": "CVE-2024-49828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
    },
    {
      "name": "CVE-2024-55549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
    },
    {
      "name": "CVE-2025-29927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
    },
    {
      "name": "CVE-2025-32387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
    },
    {
      "name": "CVE-2024-43800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
    },
    {
      "name": "CVE-2024-50602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
    },
    {
      "name": "CVE-2017-18214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2023-2455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
    },
    {
      "name": "CVE-2025-24855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
    },
    {
      "name": "CVE-2025-5702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
    },
    {
      "name": "CVE-2025-36071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
    },
    {
      "name": "CVE-2025-37749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
    },
    {
      "name": "CVE-2024-0985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
    },
    {
      "name": "CVE-2017-15095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2024-6827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
    },
    {
      "name": "CVE-2023-52933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52933"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2024-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
    },
    {
      "name": "CVE-2022-2625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2625"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2017-17485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
    },
    {
      "name": "CVE-2024-6762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6762"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2024-52894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
    },
    {
      "name": "CVE-2025-21759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2025-21887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
    },
    {
      "name": "CVE-2025-6442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
    },
    {
      "name": "CVE-2024-12133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
    },
    {
      "name": "CVE-2024-51504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
    },
    {
      "name": "CVE-2022-41881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2025-21756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
    },
    {
      "name": "CVE-2018-1000873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000873"
    },
    {
      "name": "CVE-2023-32305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
    },
    {
      "name": "CVE-2025-47287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    },
    {
      "name": "CVE-2025-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    }
  ],
  "initial_release_date": "2025-09-05T00:00:00",
  "last_revision_date": "2025-09-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0760",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Injection SQL (SQLi)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243927",
      "url": "https://www.ibm.com/support/pages/node/7243927"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243923",
      "url": "https://www.ibm.com/support/pages/node/7243923"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243924",
      "url": "https://www.ibm.com/support/pages/node/7243924"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7244012",
      "url": "https://www.ibm.com/support/pages/node/7244012"
    },
    {
      "published_at": "2025-09-01",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243659",
      "url": "https://www.ibm.com/support/pages/node/7243659"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7244002",
      "url": "https://www.ibm.com/support/pages/node/7244002"
    },
    {
      "published_at": "2025-08-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243582",
      "url": "https://www.ibm.com/support/pages/node/7243582"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243928",
      "url": "https://www.ibm.com/support/pages/node/7243928"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243925",
      "url": "https://www.ibm.com/support/pages/node/7243925"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7244010",
      "url": "https://www.ibm.com/support/pages/node/7244010"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243922",
      "url": "https://www.ibm.com/support/pages/node/7243922"
    },
    {
      "published_at": "2025-09-01",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243673",
      "url": "https://www.ibm.com/support/pages/node/7243673"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243877",
      "url": "https://www.ibm.com/support/pages/node/7243877"
    }
  ]
}

CERTFR-2024-AVI-1103

Vulnerability from certfr_avis - Published: 2024-12-20 - Updated: 2024-12-20

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.4
IBM	Sterling	Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 ifix 01
IBM	QRadar SIEM	Security QRadar Log Management AQL Plugin versions antérieures à 1.1.0
IBM	Sterling	Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 (fixpack) GA
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5
IBM	Sterling	Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 (fixpack) GA
IBM	Sterling	Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.0 ifix 01
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11_ifix001

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7177142	2024-12-17	vendor-advisory
Bulletin de sécurité IBM 7177223	2024-12-17	vendor-advisory
Bulletin de sécurité IBM 7179044	2024-12-16	vendor-advisory
Bulletin de sécurité IBM 7179156	2024-12-17	vendor-advisory
Bulletin de sécurité IBM 7179166	2024-12-17	vendor-advisory
Bulletin de sécurité IBM 7178835	2024-12-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 ifix 01",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": " Security QRadar Log Management AQL Plugin versions ant\u00e9rieures \u00e0 1.1.0",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 (fixpack) GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 (fixpack) GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.0 ifix 01",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11_ifix001",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2017-9937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
    },
    {
      "name": "CVE-2023-52356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
    },
    {
      "name": "CVE-2023-41334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41334"
    },
    {
      "name": "CVE-2023-37536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2024-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22871"
    },
    {
      "name": "CVE-2024-7006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
    },
    {
      "name": "CVE-2023-3316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
    },
    {
      "name": "CVE-2024-36138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
    },
    {
      "name": "CVE-2018-14042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
    },
    {
      "name": "CVE-2024-29041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
    },
    {
      "name": "CVE-2021-45960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
    },
    {
      "name": "CVE-2024-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
    },
    {
      "name": "CVE-2022-3626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
    },
    {
      "name": "CVE-2023-38264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
    },
    {
      "name": "CVE-2024-22201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
    },
    {
      "name": "CVE-2020-12401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
    },
    {
      "name": "CVE-2018-15209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15209"
    },
    {
      "name": "CVE-2024-28849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
    },
    {
      "name": "CVE-2018-17100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17100"
    },
    {
      "name": "CVE-2022-3599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
    },
    {
      "name": "CVE-2022-34266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34266"
    },
    {
      "name": "CVE-2020-35521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35521"
    },
    {
      "name": "CVE-2023-0796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
    },
    {
      "name": "CVE-2023-50386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
    },
    {
      "name": "CVE-2024-4068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
    },
    {
      "name": "CVE-2023-52425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
    },
    {
      "name": "CVE-2024-23944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
    },
    {
      "name": "CVE-2022-48554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
    },
    {
      "name": "CVE-2024-39008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39008"
    },
    {
      "name": "CVE-2018-14040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
    },
    {
      "name": "CVE-2024-28757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
    },
    {
      "name": "CVE-2023-30086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
    },
    {
      "name": "CVE-2019-11727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
    },
    {
      "name": "CVE-2024-25638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
    },
    {
      "name": "CVE-2022-2057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
    },
    {
      "name": "CVE-2019-6128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6128"
    },
    {
      "name": "CVE-2023-26965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2023-52426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
    },
    {
      "name": "CVE-2022-2058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
    },
    {
      "name": "CVE-2024-45082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45082"
    },
    {
      "name": "CVE-2023-50782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
    },
    {
      "name": "CVE-2022-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
    },
    {
      "name": "CVE-2022-2867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2022-3598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
    },
    {
      "name": "CVE-2023-0798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
    },
    {
      "name": "CVE-2019-11358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
    },
    {
      "name": "CVE-2023-2731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
    },
    {
      "name": "CVE-2023-0803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2023-30774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
    },
    {
      "name": "CVE-2023-4759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4759"
    },
    {
      "name": "CVE-2017-11613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11613"
    },
    {
      "name": "CVE-2017-12652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
    },
    {
      "name": "CVE-2024-41752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41752"
    },
    {
      "name": "CVE-2023-50447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50447"
    },
    {
      "name": "CVE-2018-18508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18508"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2024-34447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
    },
    {
      "name": "CVE-2024-33883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2022-22844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
    },
    {
      "name": "CVE-2014-1544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1544"
    },
    {
      "name": "CVE-2023-4421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4421"
    },
    {
      "name": "CVE-2023-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
    },
    {
      "name": "CVE-2023-4813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2024-43796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
    },
    {
      "name": "CVE-2023-50298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
    },
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2023-50292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50292"
    },
    {
      "name": "CVE-2018-20676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
    },
    {
      "name": "CVE-2023-0802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
    },
    {
      "name": "CVE-2022-2056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2021-43138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
    },
    {
      "name": "CVE-2020-25648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
    },
    {
      "name": "CVE-2019-17023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
    },
    {
      "name": "CVE-2022-21699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
    },
    {
      "name": "CVE-2024-28176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
    },
    {
      "name": "CVE-2019-7317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2019-17007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17007"
    },
    {
      "name": "CVE-2023-0767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
    },
    {
      "name": "CVE-2023-51074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2022-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
    },
    {
      "name": "CVE-2023-38289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38289"
    },
    {
      "name": "CVE-2018-20677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
    },
    {
      "name": "CVE-2010-1205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
    },
    {
      "name": "CVE-2020-23064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2015-7182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7182"
    },
    {
      "name": "CVE-2022-23990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
    },
    {
      "name": "CVE-2018-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16335"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2021-36770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
    },
    {
      "name": "CVE-2020-19144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19144"
    },
    {
      "name": "CVE-2023-3164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
    },
    {
      "name": "CVE-2022-3597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
    },
    {
      "name": "CVE-2024-27983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
    },
    {
      "name": "CVE-2017-12627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12627"
    },
    {
      "name": "CVE-2018-17101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17101"
    },
    {
      "name": "CVE-2023-50291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
    },
    {
      "name": "CVE-2014-1568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
    },
    {
      "name": "CVE-2020-26261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26261"
    },
    {
      "name": "CVE-2023-24816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24816"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2023-0801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
    },
    {
      "name": "CVE-2022-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
    },
    {
      "name": "CVE-2019-17546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17546"
    },
    {
      "name": "CVE-2022-2869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
    },
    {
      "name": "CVE-2022-3479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3479"
    },
    {
      "name": "CVE-2023-40745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
    },
    {
      "name": "CVE-2024-27982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2020-15110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15110"
    },
    {
      "name": "CVE-2023-25435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25435"
    },
    {
      "name": "CVE-2024-37372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
    },
    {
      "name": "CVE-2021-38153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
    },
    {
      "name": "CVE-2023-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2017-18869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18869"
    },
    {
      "name": "CVE-2022-0562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
    },
    {
      "name": "CVE-2023-38325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
    },
    {
      "name": "CVE-2019-11719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
    },
    {
      "name": "CVE-2022-0891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0891"
    },
    {
      "name": "CVE-2018-7456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7456"
    },
    {
      "name": "CVE-2023-38288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38288"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2023-0799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
    },
    {
      "name": "CVE-2019-17006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
    },
    {
      "name": "CVE-2020-12403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
    },
    {
      "name": "CVE-2023-6237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
    },
    {
      "name": "CVE-2023-6228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
    },
    {
      "name": "CVE-2021-46848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2023-0795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2023-50495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
    },
    {
      "name": "CVE-2017-18013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18013"
    },
    {
      "name": "CVE-2023-25194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
    },
    {
      "name": "CVE-2023-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
    },
    {
      "name": "CVE-2016-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1938"
    },
    {
      "name": "CVE-2017-11698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11698"
    },
    {
      "name": "CVE-2022-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
    },
    {
      "name": "CVE-2024-38337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38337"
    },
    {
      "name": "CVE-2018-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
    },
    {
      "name": "CVE-2018-12404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
    },
    {
      "name": "CVE-2019-14973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14973"
    },
    {
      "name": "CVE-2020-36191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36191"
    },
    {
      "name": "CVE-2024-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
    },
    {
      "name": "CVE-2023-0804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
    },
    {
      "name": "CVE-2023-30775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30775"
    },
    {
      "name": "CVE-2023-0797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
    },
    {
      "name": "CVE-2018-14041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
    },
    {
      "name": "CVE-2023-1916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2020-19131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19131"
    },
    {
      "name": "CVE-2015-7575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7575"
    },
    {
      "name": "CVE-2023-41175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2018-5784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5784"
    },
    {
      "name": "CVE-2018-17000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17000"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2023-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
    },
    {
      "name": "CVE-2023-4806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
    },
    {
      "name": "CVE-2020-35523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35523"
    },
    {
      "name": "CVE-2016-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2022-34749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34749"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2020-19189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
    },
    {
      "name": "CVE-2022-0908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
    },
    {
      "name": "CVE-2023-49083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2019-11745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
    },
    {
      "name": "CVE-2019-11729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
    },
    {
      "name": "CVE-2024-34102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34102"
    },
    {
      "name": "CVE-2019-11756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
    },
    {
      "name": "CVE-2021-32862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32862"
    },
    {
      "name": "CVE-2022-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
    },
    {
      "name": "CVE-2024-4367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4367"
    },
    {
      "name": "CVE-2024-25016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25016"
    },
    {
      "name": "CVE-2022-40090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
    },
    {
      "name": "CVE-2023-25434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25434"
    },
    {
      "name": "CVE-2024-29896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29896"
    },
    {
      "name": "CVE-2015-7181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7181"
    },
    {
      "name": "CVE-2020-18768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-18768"
    },
    {
      "name": "CVE-2022-34526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
    },
    {
      "name": "CVE-2022-2868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
    },
    {
      "name": "CVE-2017-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5461"
    },
    {
      "name": "CVE-2014-1569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1569"
    },
    {
      "name": "CVE-2020-12400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
    },
    {
      "name": "CVE-2023-31130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2017-11695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11695"
    },
    {
      "name": "CVE-2023-2908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2020-6829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
    },
    {
      "name": "CVE-2017-11697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11697"
    },
    {
      "name": "CVE-2023-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
    },
    {
      "name": "CVE-2023-5388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
    },
    {
      "name": "CVE-2024-27980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
    },
    {
      "name": "CVE-2023-5678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
    },
    {
      "name": "CVE-2024-51504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
    },
    {
      "name": "CVE-2018-19210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19210"
    },
    {
      "name": "CVE-2013-2099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2099"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2019-10255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10255"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2020-35524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35524"
    },
    {
      "name": "CVE-2019-8331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
    },
    {
      "name": "CVE-2024-36137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
    },
    {
      "name": "CVE-2020-35522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35522"
    },
    {
      "name": "CVE-2022-3570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
    },
    {
      "name": "CVE-2017-11696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11696"
    },
    {
      "name": "CVE-2022-0561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
    }
  ],
  "initial_release_date": "2024-12-20T00:00:00",
  "last_revision_date": "2024-12-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1103",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7177142",
      "url": "https://www.ibm.com/support/pages/node/7177142"
    },
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7177223",
      "url": "https://www.ibm.com/support/pages/node/7177223"
    },
    {
      "published_at": "2024-12-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7179044",
      "url": "https://www.ibm.com/support/pages/node/7179044"
    },
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7179156",
      "url": "https://www.ibm.com/support/pages/node/7179156"
    },
    {
      "published_at": "2024-12-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7179166",
      "url": "https://www.ibm.com/support/pages/node/7179166"
    },
    {
      "published_at": "2024-12-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7178835",
      "url": "https://www.ibm.com/support/pages/node/7178835"
    }
  ]
}

CERTFR-2024-AVI-1061

Vulnerability from certfr_avis - Published: 2024-12-11 - Updated: 2024-12-11

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Splunk	Universal Forwarder	Splunk Universal Forwarders versions 9.1.x antérieures à 9.1.7
Splunk	Universal Forwarder	Splunk Universal Forwarders versions 9.2.x antérieures à 9.2.4
Splunk	Universal Forwarder	Splunk Universal Forwarders versions 9.3.x antérieures à 9.3.2
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.2.2406.x antérieures à 9.2.2406.107
Splunk	Splunk Enterprise	Splunk Entreprise versions 9.2.x antérieures à 9.2.4
Splunk	Splunk Secure Gateway	Splunk Secure Gateway versions 3.8.x antérieures à 3.8.5
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.2.2403.x antérieures à 9.2.2403.111
Splunk	Splunk Enterprise	Splunk Entreprise versions 9.1.x antérieures à 9.1.7
Splunk	Splunk Enterprise	Splunk Entreprise versions 9.3.x antérieures à 9.3.2
Splunk	Splunk Secure Gateway	Splunk Secure Gateway versions 3.4.x antérieures à 3.4.262
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.3.2408.x antérieures à 9.3.2408.101
Splunk	Splunk Secure Gateway	Splunk Secure Gateway versions 3.7.x antérieures à 3.7.18
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.1.2312.x antérieures à 9.1.2312.206

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2024-1204	2024-12-10	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1201	2024-12-10	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1203	2024-12-10	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1207	2024-12-10	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1206	2024-12-10	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1205	2024-12-10	vendor-advisory
Bulletin de sécurité Splunk SVD-2024-1202	2024-12-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk Universal Forwarders versions 9.1.x ant\u00e9rieures \u00e0 9.1.7",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Universal Forwarders versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Universal Forwarders versions 9.3.x ant\u00e9rieures \u00e0 9.3.2",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.2.2406.x ant\u00e9rieures \u00e0 9.2.2406.107",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Entreprise versions 9.2.x ant\u00e9rieures \u00e0 9.2.4",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Secure Gateway versions 3.8.x ant\u00e9rieures \u00e0 3.8.5",
      "product": {
        "name": "Splunk Secure Gateway",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.2.2403.x ant\u00e9rieures \u00e0 9.2.2403.111",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Entreprise versions 9.1.x ant\u00e9rieures \u00e0 9.1.7",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Entreprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.2",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Secure Gateway versions 3.4.x ant\u00e9rieures \u00e0 3.4.262",
      "product": {
        "name": "Splunk Secure Gateway",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.3.2408.x ant\u00e9rieures \u00e0 9.3.2408.101",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Secure Gateway versions 3.7.x ant\u00e9rieures \u00e0 3.7.18",
      "product": {
        "name": "Splunk Secure Gateway",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.1.2312.x ant\u00e9rieures \u00e0 9.1.2312.206",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-42459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
    },
    {
      "name": "CVE-2024-6531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
    },
    {
      "name": "CVE-2024-53245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53245"
    },
    {
      "name": "CVE-2024-42460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2024-53247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53247"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2024-53244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53244"
    },
    {
      "name": "CVE-2024-53243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53243"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2024-42461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
    },
    {
      "name": "CVE-2024-36129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36129"
    },
    {
      "name": "CVE-2021-44531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
    },
    {
      "name": "CVE-2024-53246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53246"
    }
  ],
  "initial_release_date": "2024-12-11T00:00:00",
  "last_revision_date": "2024-12-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1061",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1204",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1204"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1201",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1201"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1203",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1203"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1207",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1207"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1206",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1206"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1205",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1205"
    },
    {
      "published_at": "2024-12-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-1202",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-1202"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-36114 (GCVE-0-2024-36114)

GHSA-973X-65J7-XCF4

Summary

Details

Impact

FKIE_CVE-2024-36114

CERTFR-2024-AVI-1081

Solutions

CERTFR-2025-AVI-0760

Solutions

CERTFR-2024-AVI-1103

Solutions

CERTFR-2024-AVI-1061

Solutions

Tags

Sightings

Nomenclature