Vulnerability-Lookup

CERTFR-2025-AVI-1034

Vulnerability from certfr_avis - Published: 2025-11-21 - Updated: 2025-11-21

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling	Sterling B2B Integrator versions 6.2.1 antérieures à 6.2.1.1_1
IBM	Sterling	Sterling B2B Integrator versions antérieures à 6.1.2.7_2
IBM	Sterling	Sterling Secure Proxy versions 6.1.0.x antérieures à 6.1.0.2 GA
IBM	Sterling	Sterling File Gateway versions 6.2.1 antérieures à 6.2.1.1_1
IBM	Sterling	Sterling File Gateway versions 6.2.0 antérieures à 6.2.0.5_1
IBM	Sterling	Sterling Secure Proxy versions 6.2.0.x antérieures à 6.2.0.2 GA
IBM	Sterling	Sterling B2B Integrator versions 6.2.0 antérieures à 6.2.0.5_1
IBM	WebSphere	WebSphere Application Server versions 8.5 et 9.0 sans le correctif APAR PH68418
IBM	Sterling	Sterling File Gateway versions antérieures à 6.1.2.7_2
IBM	Sterling	Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.3 GA
IBM	Sterling	Sterling Secure Proxy versions 6.2.1.x antérieures à 6.2.1.1 GA
IBM	Cloud Pak	Cloud Pak versions antérieures à 5.3 sans les correctifs APAR PH68424 et PH68418
IBM	Sterling	Sterling External Authentication Server versions 6.1.1.x antérieures à 6.1.1.1 GA
IBM	WebSphere	WebSphere Hybrid Edition 5.1 sans le correctif APAR PH68418
IBM	WebSphere	WebSphere Application Server Liberty versions antérieures à 25.0.0.11 sans le correctif APAR PH68424

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7252195	2025-11-21	vendor-advisory
Bulletin de sécurité IBM 7251899	2025-11-19	vendor-advisory
Bulletin de sécurité IBM 7252194	2025-11-21	vendor-advisory
Bulletin de sécurité IBM 7252193	2025-11-21	vendor-advisory
Bulletin de sécurité IBM 7251468	2025-11-17	vendor-advisory
Bulletin de sécurité IBM 7251492	2025-11-17	vendor-advisory
Bulletin de sécurité IBM 7251474	2025-11-17	vendor-advisory
Bulletin de sécurité IBM 7251466	2025-11-17	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sterling B2B Integrator versions 6.2.1 ant\u00e9rieures \u00e0 6.2.1.1_1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.1.2.7_2",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling File Gateway versions 6.2.1 ant\u00e9rieures \u00e0 6.2.1.1_1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling File Gateway versions 6.2.0 ant\u00e9rieures \u00e0 6.2.0.5_1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.2 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions 6.2.0 ant\u00e9rieures \u00e0 6.2.0.5_1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 8.5 et 9.0 sans le correctif APAR PH68418",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling File Gateway versions ant\u00e9rieures \u00e0 6.1.2.7_2",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.3 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.1 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak versions ant\u00e9rieures \u00e0 5.3 sans les correctifs APAR PH68424 et PH68418",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling External Authentication Server versions 6.1.1.x ant\u00e9rieures \u00e0 6.1.1.1 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Hybrid Edition 5.1 sans le correctif APAR PH68418",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 25.0.0.11 sans le correctif APAR PH68424",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-5878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5878"
    },
    {
      "name": "CVE-2025-7962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-30761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    }
  ],
  "initial_release_date": "2025-11-21T00:00:00",
  "last_revision_date": "2025-11-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1034",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252195",
      "url": "https://www.ibm.com/support/pages/node/7252195"
    },
    {
      "published_at": "2025-11-19",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7251899",
      "url": "https://www.ibm.com/support/pages/node/7251899"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252194",
      "url": "https://www.ibm.com/support/pages/node/7252194"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252193",
      "url": "https://www.ibm.com/support/pages/node/7252193"
    },
    {
      "published_at": "2025-11-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7251468",
      "url": "https://www.ibm.com/support/pages/node/7251468"
    },
    {
      "published_at": "2025-11-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7251492",
      "url": "https://www.ibm.com/support/pages/node/7251492"
    },
    {
      "published_at": "2025-11-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7251474",
      "url": "https://www.ibm.com/support/pages/node/7251474"
    },
    {
      "published_at": "2025-11-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7251466",
      "url": "https://www.ibm.com/support/pages/node/7251466"
    }
  ]
}

CERTFR-2025-AVI-1051

Vulnerability from certfr_avis - Published: 2025-11-28 - Updated: 2025-11-28

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling File Gateway	Sterling File Gateway versions antérieures à 6.2.1.1_1
IBM	Db2	Db2 versions V11.5.x sans le correctif APAR DT433150
IBM	Spectrum	Spectrum Control versions antérieures à 5.4.13.2
IBM	Db2	Db2 versions V11.1.x sans le correctif APAR DT433150
IBM	Db2	Db2 versions V12.1.3 sans le correctif APAR DT433150
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.21
IBM	WebSphere Service Registry and Repository	WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de sécurité
IBM	Sterling B2B Integrator	Sterling B2B Integrator versions antérieures à 6.2.1.1_1
IBM	QRadar Deployment Intelligence App	QRadar Deployment Intelligence App versions antérieures à 3.0.19
IBM	Informix Dynamic Server	Informix Dynamic Server versions 14.10 antérieures à 14.10.xC11W1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7252704	2025-11-26	vendor-advisory
Bulletin de sécurité IBM 7252903	2025-11-27	vendor-advisory
Bulletin de sécurité IBM 7252597	2025-11-28	vendor-advisory
Bulletin de sécurité IBM 7252211	2025-11-21	vendor-advisory
Bulletin de sécurité IBM 7252908	2025-11-27	vendor-advisory
Bulletin de sécurité IBM 7250474	2025-11-26	vendor-advisory
Bulletin de sécurité IBM 7252718	2025-11-26	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sterling File Gateway versions ant\u00e9rieures \u00e0 6.2.1.1_1",
      "product": {
        "name": "Sterling File Gateway",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions V11.5.x sans le correctif APAR DT433150",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Control versions ant\u00e9rieures \u00e0 5.4.13.2",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions V11.1.x sans le correctif APAR DT433150",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions V12.1.3 sans le correctif APAR DT433150",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.21",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere Service Registry and Repository",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.2.1.1_1",
      "product": {
        "name": "Sterling B2B Integrator",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.19",
      "product": {
        "name": "QRadar Deployment Intelligence App",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Informix Dynamic Server versions 14.10 ant\u00e9rieures \u00e0 14.10.xC11W1",
      "product": {
        "name": "Informix Dynamic Server",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2025-58369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58369"
    },
    {
      "name": "CVE-2025-47279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47279"
    },
    {
      "name": "CVE-2025-7962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2025-36097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
    },
    {
      "name": "CVE-2018-25031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25031"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2023-32732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
    },
    {
      "name": "CVE-2025-54121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54121"
    },
    {
      "name": "CVE-2024-45675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45675"
    },
    {
      "name": "CVE-2025-59822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59822"
    },
    {
      "name": "CVE-2024-56339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
    },
    {
      "name": "CVE-2025-23184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
    },
    {
      "name": "CVE-2023-32731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
    },
    {
      "name": "CVE-2025-7339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2025-58754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    }
  ],
  "initial_release_date": "2025-11-28T00:00:00",
  "last_revision_date": "2025-11-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1051",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252704",
      "url": "https://www.ibm.com/support/pages/node/7252704"
    },
    {
      "published_at": "2025-11-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252903",
      "url": "https://www.ibm.com/support/pages/node/7252903"
    },
    {
      "published_at": "2025-11-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252597",
      "url": "https://www.ibm.com/support/pages/node/7252597"
    },
    {
      "published_at": "2025-11-21",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252211",
      "url": "https://www.ibm.com/support/pages/node/7252211"
    },
    {
      "published_at": "2025-11-27",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252908",
      "url": "https://www.ibm.com/support/pages/node/7252908"
    },
    {
      "published_at": "2025-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7250474",
      "url": "https://www.ibm.com/support/pages/node/7250474"
    },
    {
      "published_at": "2025-11-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7252718",
      "url": "https://www.ibm.com/support/pages/node/7252718"
    }
  ]
}

CERTFR-2025-AVI-0760

Vulnerability from certfr_avis - Published: 2025-09-05 - Updated: 2025-09-05

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	User Entity Behavior Analytics pour IBM QRadar SIEM versions antérieures à 5.0.1
IBM	WebSphere	IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x antérieures à 9.0.0.2
IBM	Db2	Db2 on Cloud Pak for Data versions antérieures à v5.2.1
IBM	WebSphere	IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de sécurité APAR PH67137 et APAR PH67132
IBM	WebSphere	Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité
IBM	WebSphere	Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité
IBM	WebSphere	IBM Common Licensing pour Websphere Liberty ART versions 9.0.x antérieures à 9.0.0.2
IBM	WebSphere	Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité
IBM	WebSphere	Cloud Pak for Applications versions 5.1 à 5.3 pour WebSphere Application Server Liberty sans les correctifs de sécurité APAR PH67132 et APAR PH67137
IBM	WebSphere	Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité
IBM	WebSphere	WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalités jsonp sans le dernier correctif de sécurité
IBM	WebSphere	WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité APAR PH67137, APAR PH67132,
IBM	Db2	Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.2.1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7243927	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243923	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243924	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7244012	2025-09-04	vendor-advisory
Bulletin de sécurité IBM 7243659	2025-09-01	vendor-advisory
Bulletin de sécurité IBM 7244002	2025-09-04	vendor-advisory
Bulletin de sécurité IBM 7243582	2025-08-29	vendor-advisory
Bulletin de sécurité IBM 7243928	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243925	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7244010	2025-09-04	vendor-advisory
Bulletin de sécurité IBM 7243922	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243673	2025-09-01	vendor-advisory
Bulletin de sécurité IBM 7243877	2025-09-03	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "User Entity Behavior Analytics pour IBM QRadar SIEM versions ant\u00e9rieures \u00e0 5.0.1",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Common Licensing pour Websphere Liberty Agent versions  9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de s\u00e9curit\u00e9 APAR PH67137 et  APAR PH67132",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Test Management versions 7.0.2 et 7.0.3  pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty  versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Common Licensing pour Websphere Liberty ART versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty  versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak for Applications versions 5.1 \u00e0 5.3 pour WebSphere Application Server Liberty sans les correctifs de s\u00e9curit\u00e9 APAR PH67132 et APAR PH67137",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalit\u00e9s jsonp sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 APAR PH67137, APAR PH67132,",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-31129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
    },
    {
      "name": "CVE-2025-53547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2025-0755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
    },
    {
      "name": "CVE-2025-25724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2024-55565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
    },
    {
      "name": "CVE-2024-51473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
    },
    {
      "name": "CVE-2015-5237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
    },
    {
      "name": "CVE-2025-3445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
    },
    {
      "name": "CVE-2025-32386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
    },
    {
      "name": "CVE-2025-46762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
    },
    {
      "name": "CVE-2025-32421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
    },
    {
      "name": "CVE-2016-4055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4055"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2024-49766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
    },
    {
      "name": "CVE-2024-45492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2024-56326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
    },
    {
      "name": "CVE-2025-22004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2025-30472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
    },
    {
      "name": "CVE-2025-24528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
    },
    {
      "name": "CVE-2024-45813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
    },
    {
      "name": "CVE-2022-36364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
    },
    {
      "name": "CVE-2023-5868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
    },
    {
      "name": "CVE-2025-48050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2025-33092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
    },
    {
      "name": "CVE-2024-51479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
    },
    {
      "name": "CVE-2025-1647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
    },
    {
      "name": "CVE-2023-39417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2024-0406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
    },
    {
      "name": "CVE-2024-11831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2025-33143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
    },
    {
      "name": "CVE-2021-3393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3393"
    },
    {
      "name": "CVE-2025-2533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2533"
    },
    {
      "name": "CVE-2019-10202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
    },
    {
      "name": "CVE-2023-5870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2025-36097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
    },
    {
      "name": "CVE-2024-45490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
    },
    {
      "name": "CVE-2025-36010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36010"
    },
    {
      "name": "CVE-2025-36047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36047"
    },
    {
      "name": "CVE-2024-45491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2022-49846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
    },
    {
      "name": "CVE-2025-32462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2023-5869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
    },
    {
      "name": "CVE-2024-8184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
    },
    {
      "name": "CVE-2025-48068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
    },
    {
      "name": "CVE-2024-48949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2025-33114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33114"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-27152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
    },
    {
      "name": "CVE-2022-41862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2025-21966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
    },
    {
      "name": "CVE-2023-22467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
    },
    {
      "name": "CVE-2022-24823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-48948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2019-9193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9193"
    },
    {
      "name": "CVE-2018-5968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
    },
    {
      "name": "CVE-2024-6763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2024-56332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2025-37799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37799"
    },
    {
      "name": "CVE-2022-24785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
    },
    {
      "name": "CVE-2024-56201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2023-26133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
    },
    {
      "name": "CVE-2024-6484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
    },
    {
      "name": "CVE-2024-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
    },
    {
      "name": "CVE-2023-2454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
    },
    {
      "name": "CVE-2024-9823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
    },
    {
      "name": "CVE-2025-26791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
    },
    {
      "name": "CVE-2024-56339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
    },
    {
      "name": "CVE-2024-49767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
    },
    {
      "name": "CVE-2022-1552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1552"
    },
    {
      "name": "CVE-2024-49828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
    },
    {
      "name": "CVE-2024-55549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
    },
    {
      "name": "CVE-2025-29927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
    },
    {
      "name": "CVE-2025-32387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
    },
    {
      "name": "CVE-2024-43800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
    },
    {
      "name": "CVE-2024-50602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
    },
    {
      "name": "CVE-2017-18214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2023-2455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
    },
    {
      "name": "CVE-2025-24855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
    },
    {
      "name": "CVE-2025-5702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
    },
    {
      "name": "CVE-2025-36071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
    },
    {
      "name": "CVE-2025-37749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
    },
    {
      "name": "CVE-2024-0985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
    },
    {
      "name": "CVE-2017-15095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2024-6827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
    },
    {
      "name": "CVE-2023-52933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52933"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2024-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
    },
    {
      "name": "CVE-2022-2625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2625"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2017-17485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
    },
    {
      "name": "CVE-2024-6762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6762"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2024-52894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
    },
    {
      "name": "CVE-2025-21759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2025-21887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
    },
    {
      "name": "CVE-2025-6442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
    },
    {
      "name": "CVE-2024-12133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
    },
    {
      "name": "CVE-2024-51504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
    },
    {
      "name": "CVE-2022-41881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2025-21756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
    },
    {
      "name": "CVE-2018-1000873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000873"
    },
    {
      "name": "CVE-2023-32305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
    },
    {
      "name": "CVE-2025-47287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    },
    {
      "name": "CVE-2025-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    }
  ],
  "initial_release_date": "2025-09-05T00:00:00",
  "last_revision_date": "2025-09-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0760",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Injection SQL (SQLi)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243927",
      "url": "https://www.ibm.com/support/pages/node/7243927"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243923",
      "url": "https://www.ibm.com/support/pages/node/7243923"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243924",
      "url": "https://www.ibm.com/support/pages/node/7243924"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7244012",
      "url": "https://www.ibm.com/support/pages/node/7244012"
    },
    {
      "published_at": "2025-09-01",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243659",
      "url": "https://www.ibm.com/support/pages/node/7243659"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7244002",
      "url": "https://www.ibm.com/support/pages/node/7244002"
    },
    {
      "published_at": "2025-08-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243582",
      "url": "https://www.ibm.com/support/pages/node/7243582"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243928",
      "url": "https://www.ibm.com/support/pages/node/7243928"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243925",
      "url": "https://www.ibm.com/support/pages/node/7243925"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7244010",
      "url": "https://www.ibm.com/support/pages/node/7244010"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243922",
      "url": "https://www.ibm.com/support/pages/node/7243922"
    },
    {
      "published_at": "2025-09-01",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243673",
      "url": "https://www.ibm.com/support/pages/node/7243673"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243877",
      "url": "https://www.ibm.com/support/pages/node/7243877"
    }
  ]
}

CERTFR-2025-AVI-1100

Vulnerability from certfr_avis - Published: 2025-12-12 - Updated: 2025-12-12

De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Atlassian	Jira	Jira Software Data Center et Server versions 9.12.x antérieures à 9.12.30
Atlassian	Jira	Jira Software Data Center et Server versions 10.3.x antérieures à 10.3.15
Atlassian	Confluence	Confluence Data Center et Server versions 9.5.x antérieures à 9.5.2
Atlassian	Jira	Jira Service Management Data Center et Server versions 11.x antérieures à 11.2.1
Atlassian	Confluence	Confluence Data Center et Server versions 10.0.x antérieures à 10.0.2
Atlassian	Confluence	Confluence Data Center et Server versions 8.5.x antérieures à 8.5.30
Atlassian	Confluence	Confluence Data Center et Server versions 10.1.x antérieures à 10.1.0
Atlassian	Confluence	Confluence Data Center et Server versions 9.2.x antérieures à 9.2.12
Atlassian	Confluence	Confluence Data Center et Server versions 9.3.x antérieures à 9.3.1
Atlassian	Confluence	Confluence Data Center et Server versions 9.4.x antérieures à 9.4.0
Atlassian	Jira	Jira Service Management Data Center et Server versions 10.3.x antérieures à 10.3.15
Atlassian	Jira	Jira Software Data Center et Server versions 11.x antérieures à 11.2.1
Atlassian	Confluence	Confluence Data Center et Server versions 10.2.x antérieures à 10.2.1

References

Title

Publication Time

Tags

Bulletin de sécurité Atlassian JSDSERVER-16469	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26599	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-101574	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26636	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26600	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSDSERVER-16461	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSDSERVER-16478	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26614	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSDSERVER-16458	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26630	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26627	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26634	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSDSERVER-16466	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-101788	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-101478	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-101573	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSDSERVER-16477	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26635	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSDSERVER-16470	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26629	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSDSERVER-16479	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26625	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26626	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-101575	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSDSERVER-16462	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-101489	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26619	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSDSERVER-16456	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26615	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26628	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSDSERVER-16480	2025-12-11	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26620	2025-12-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Jira Software Data Center et Server versions 9.12.x ant\u00e9rieures \u00e0 9.12.30",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.15",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center et Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.2",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Service Management Data Center et Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center et Server versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center et Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.30",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center et Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.0",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center et Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.12",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center et Server versions 9.3.x ant\u00e9rieures \u00e0 9.3.1",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center et Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.0",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Service Management Data Center et Server versions 10.3.x ant\u00e9rieures \u00e0 10.3.15",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Data Center et Server versions 11.x ant\u00e9rieures \u00e0 11.2.1",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center et Server versions 10.2.x ant\u00e9rieures \u00e0 10.2.1",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2021-39227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39227"
    },
    {
      "name": "CVE-2022-37603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
    },
    {
      "name": "CVE-2025-66516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
    },
    {
      "name": "CVE-2024-29415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
    },
    {
      "name": "CVE-2025-41248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
    },
    {
      "name": "CVE-2025-27152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
    },
    {
      "name": "CVE-2024-21634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
    },
    {
      "name": "CVE-2022-37601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2022-45693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45693"
    },
    {
      "name": "CVE-2016-1181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1181"
    },
    {
      "name": "CVE-2025-54988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54988"
    },
    {
      "name": "CVE-2025-55163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
    },
    {
      "name": "CVE-2023-49735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49735"
    },
    {
      "name": "CVE-2022-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
    },
    {
      "name": "CVE-2024-12905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
    },
    {
      "name": "CVE-2020-8203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
    },
    {
      "name": "CVE-2022-37599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
    },
    {
      "name": "CVE-2025-58754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
    },
    {
      "name": "CVE-2016-1182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1182"
    }
  ],
  "initial_release_date": "2025-12-12T00:00:00",
  "last_revision_date": "2025-12-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1100",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
  "vendor_advisories": [
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16469",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16469"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26599",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26599"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101574",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101574"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26636",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26636"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26600",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26600"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16461",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16461"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16478",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16478"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26614",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26614"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16458",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16458"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26630",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26630"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26627",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26627"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26634",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26634"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16466",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16466"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101788",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101788"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101478",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101478"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101573",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101573"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16477",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16477"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26635",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26635"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16470",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16470"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26629",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26629"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16479",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16479"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26625",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26625"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26626",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26626"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101575",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101575"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16462",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16462"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101489",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101489"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26619",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26619"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16456",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16456"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26615",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26615"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26628",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26628"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16480",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16480"
    },
    {
      "published_at": "2025-12-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26620",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26620"
    }
  ]
}

CERTFR-2025-AVI-0727

Vulnerability from certfr_avis - Published: 2025-08-25 - Updated: 2025-08-25

De multiples vulnérabilités ont été découvertes dans les produits ESET. Elles permettent à un attaquant de provoquer un déni de service à distance et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
ESET	Server Security	Server Security pour Windows Server (anciennement File Security pour Microsoft Windows Server) sans le dernier correctif de sécurité
ESET	Mail Security	Mail Security pour Microsoft Exchange Server sans le dernier correctif de sécurité
ESET	File Security	File Security pour Microsoft Azure sans le dernier correctif de sécurité
ESET	PROTECT On-Prem	PROTECT On-Prem versions 12.1.x antérieures à 12.1.11.0
ESET	Security Ultimate	Security Ultimate sans le dernier correctif de sécurité
ESET	Endpoint Antivirus	Endpoint Antivirus pour Windows sans le dernier correctif de sécurité
ESET	Endpoint Security	Endpoint Security pour Windows sans le dernier correctif de sécurité
ESET	Security	Security pour Microsoft SharePoint Server sans le dernier correctif de sécurité
ESET	Safe Server	Safe Server sans le dernier correctif de sécurité
ESET	Small Business Security	Small Business Security sans le dernier correctif de sécurité
ESET	PROTECT On-Prem	PROTECT On-Prem versions 11.1.x antérieures à 11.1.18.0
ESET	Smart Security Premium	Smart Security Premium sans le dernier correctif de sécurité
ESET	NOD32 Antivirus	NOD32 Antivirus sans le dernier correctif de sécurité
ESET	PROTECT On-Prem	PROTECT On-Prem versions 12.0.x antérieures à 12.0.15.0
ESET	Mail Security	Mail Security pour IBM Domino sans le dernier correctif de sécurité
ESET	Internet Security	Internet Security sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité ESET ca8854	2025-08-21	vendor-advisory
Bulletin de sécurité ESET ca8853	2025-08-21	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Server Security pour Windows Server (anciennement File Security pour Microsoft Windows Server) sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Server Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Mail Security pour Microsoft Exchange Server sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Mail Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "File Security pour Microsoft Azure sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "File Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "PROTECT On-Prem versions 12.1.x ant\u00e9rieures \u00e0 12.1.11.0",
      "product": {
        "name": "PROTECT On-Prem",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Security Ultimate sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Security Ultimate",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Endpoint Antivirus pour Windows sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Endpoint Antivirus",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Endpoint Security pour Windows sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Endpoint Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Security pour Microsoft SharePoint Server sans le dernier correctif de s\u00e9curit\u00e9\n\n",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Safe Server sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Safe Server",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Small Business Security sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Small Business Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "PROTECT On-Prem versions 11.1.x ant\u00e9rieures \u00e0 11.1.18.0",
      "product": {
        "name": "PROTECT On-Prem",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Smart Security Premium sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Smart Security Premium",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "NOD32 Antivirus sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NOD32 Antivirus",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "PROTECT On-Prem versions 12.0.x ant\u00e9rieures \u00e0 12.0.15.0",
      "product": {
        "name": "PROTECT On-Prem",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Mail Security pour IBM Domino sans le dernier correctif de s\u00e9curit\u00e9\n",
      "product": {
        "name": "Mail Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Security sans le dernier correctif de s\u00e9curit\u00e9\n",
      "product": {
        "name": "Internet Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-8352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8352"
    },
    {
      "name": "CVE-2025-4952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4952"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-48988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
    }
  ],
  "initial_release_date": "2025-08-25T00:00:00",
  "last_revision_date": "2025-08-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0727",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits ESET. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits ESET",
  "vendor_advisories": [
    {
      "published_at": "2025-08-21",
      "title": "Bulletin de s\u00e9curit\u00e9 ESET ca8854",
      "url": "https://support-feed.eset.com/link/15370/17124579/ca8854"
    },
    {
      "published_at": "2025-08-21",
      "title": "Bulletin de s\u00e9curit\u00e9 ESET ca8853",
      "url": "https://support-feed.eset.com/link/15370/17124580/ca8853"
    }
  ]
}

CERTFR-2025-AVI-0746

Vulnerability from certfr_avis - Published: 2025-08-29 - Updated: 2025-08-29

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cognos Dashboards	Cognos Command Center versions 10.2.4.1 et 10.2.5 antérieures à 10.2.5 FP1 IF1
IBM	Sterling	Sterling Secure Proxy versions 6.1.0.x antérieures à 6.1.0.2 GA
IBM	QRadar	QRadar SIEM versions 7.5.0 antérieures à QRadar 7.5.0 UP13 IF01
IBM	Sterling	Sterling Connect:Direct pour Microsoft Windows versions 6.4.x antérieures à 6.4.0.3
IBM	WebSphere	WebSphere Remote Server versions 9.1, 8.0 et 8.5 sans le dernier correctif de sécurité
IBM	Cognos Dashboards	Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.2.1
IBM	Sterling	Sterling Secure Proxy versions 6.2.0.x antérieures à 6.2.0.2 GA
IBM	QRadar	QRadar Incident Forensics versions 7.5.0 antérieures à QIF 7.5.0 UP13 IF01
IBM	Sterling	Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.3 GA
IBM	Sterling	Sterling Connect:Direct pour Microsoft Windows versions 6.3.x antérieures à 6.3.0.6
IBM	Db2	Db2 Bridge versions antérieures à 1.1.1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7243411	2025-08-28	vendor-advisory
Bulletin de sécurité IBM 7242915	2025-08-22	vendor-advisory
Bulletin de sécurité IBM 7243372	2025-08-28	vendor-advisory
Bulletin de sécurité IBM 7242159	2025-08-26	vendor-advisory
Bulletin de sécurité IBM 7243146	2025-08-26	vendor-advisory
Bulletin de sécurité IBM 7242161	2025-08-28	vendor-advisory
Bulletin de sécurité IBM 7243144	2025-08-26	vendor-advisory
Bulletin de sécurité IBM 7243011	2025-08-25	vendor-advisory
Bulletin de sécurité IBM 7243373	2025-08-28	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cognos Command Center versions 10.2.4.1 et 10.2.5 ant\u00e9rieures \u00e0 10.2.5 FP1 IF1",
      "product": {
        "name": "Cognos Dashboards",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 QRadar 7.5.0 UP13 IF01",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct pour Microsoft Windows versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.3",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Remote Server versions 9.1, 8.0 et 8.5 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.2.1",
      "product": {
        "name": "Cognos Dashboards",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Secure Proxy versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.2 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Incident Forensics versions 7.5.0 ant\u00e9rieures \u00e0 QIF 7.5.0 UP13 IF01",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.3 GA",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct pour Microsoft Windows versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.6",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Bridge versions ant\u00e9rieures \u00e0 1.1.1",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-6531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6531"
    },
    {
      "name": "CVE-2025-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
    },
    {
      "name": "CVE-2024-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
    },
    {
      "name": "CVE-2025-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24789"
    },
    {
      "name": "CVE-2022-50020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-50020"
    },
    {
      "name": "CVE-2025-47944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
    },
    {
      "name": "CVE-2024-50349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50349"
    },
    {
      "name": "CVE-2025-46835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46835"
    },
    {
      "name": "CVE-2024-57980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
    },
    {
      "name": "CVE-2024-43420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43420"
    },
    {
      "name": "CVE-2025-49794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
    },
    {
      "name": "CVE-2025-22004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
    },
    {
      "name": "CVE-2025-27614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27614"
    },
    {
      "name": "CVE-2022-49111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49111"
    },
    {
      "name": "CVE-2025-1470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1470"
    },
    {
      "name": "CVE-2022-49058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49058"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2024-52006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52006"
    },
    {
      "name": "CVE-2025-4373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
    },
    {
      "name": "CVE-2024-13009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-48385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48385"
    },
    {
      "name": "CVE-2025-48060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
    },
    {
      "name": "CVE-2024-50154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50154"
    },
    {
      "name": "CVE-2025-27613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27613"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2024-10917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
    },
    {
      "name": "CVE-2022-49136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49136"
    },
    {
      "name": "CVE-2025-6965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
    },
    {
      "name": "CVE-2022-49846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
    },
    {
      "name": "CVE-2019-17543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17543"
    },
    {
      "name": "CVE-2025-38086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
    },
    {
      "name": "CVE-2025-48384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-27152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
    },
    {
      "name": "CVE-2025-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1471"
    },
    {
      "name": "CVE-2025-38079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
    },
    {
      "name": "CVE-2025-20012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20012"
    },
    {
      "name": "CVE-2025-7425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
    },
    {
      "name": "CVE-2025-37738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37738"
    },
    {
      "name": "CVE-2024-53920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2025-52520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52520"
    },
    {
      "name": "CVE-2024-52533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
    },
    {
      "name": "CVE-2024-28956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28956"
    },
    {
      "name": "CVE-2025-2697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2697"
    },
    {
      "name": "CVE-2025-47935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-21928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
    },
    {
      "name": "CVE-2025-30761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2025-1494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1494"
    },
    {
      "name": "CVE-2025-1994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1994"
    },
    {
      "name": "CVE-2025-52434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
    },
    {
      "name": "CVE-2025-24495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24495"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2022-49977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49977"
    },
    {
      "name": "CVE-2024-54661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-54661"
    },
    {
      "name": "CVE-2025-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
    },
    {
      "name": "CVE-2025-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
    },
    {
      "name": "CVE-2025-27533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27533"
    },
    {
      "name": "CVE-2025-6021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
    },
    {
      "name": "CVE-2025-55668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2024-58002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58002"
    },
    {
      "name": "CVE-2025-32415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
    },
    {
      "name": "CVE-2025-21905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21905"
    },
    {
      "name": "CVE-2024-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2025-38052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
    },
    {
      "name": "CVE-2025-2900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
    },
    {
      "name": "CVE-2025-53506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
    },
    {
      "name": "CVE-2019-5427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5427"
    },
    {
      "name": "CVE-2022-49788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49788"
    },
    {
      "name": "CVE-2025-20623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-20623"
    },
    {
      "name": "CVE-2025-48997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
    },
    {
      "name": "CVE-2020-5260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5260"
    },
    {
      "name": "CVE-2025-49796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
    },
    {
      "name": "CVE-2025-21919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21919"
    },
    {
      "name": "CVE-2024-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
    },
    {
      "name": "CVE-2024-34397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
    },
    {
      "name": "CVE-2025-21991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
    },
    {
      "name": "CVE-2025-7338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
    },
    {
      "name": "CVE-2025-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24790"
    },
    {
      "name": "CVE-2024-45332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45332"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2025-23150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23150"
    }
  ],
  "initial_release_date": "2025-08-29T00:00:00",
  "last_revision_date": "2025-08-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0746",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-08-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243411",
      "url": "https://www.ibm.com/support/pages/node/7243411"
    },
    {
      "published_at": "2025-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7242915",
      "url": "https://www.ibm.com/support/pages/node/7242915"
    },
    {
      "published_at": "2025-08-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243372",
      "url": "https://www.ibm.com/support/pages/node/7243372"
    },
    {
      "published_at": "2025-08-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7242159",
      "url": "https://www.ibm.com/support/pages/node/7242159"
    },
    {
      "published_at": "2025-08-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243146",
      "url": "https://www.ibm.com/support/pages/node/7243146"
    },
    {
      "published_at": "2025-08-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7242161",
      "url": "https://www.ibm.com/support/pages/node/7242161"
    },
    {
      "published_at": "2025-08-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243144",
      "url": "https://www.ibm.com/support/pages/node/7243144"
    },
    {
      "published_at": "2025-08-25",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243011",
      "url": "https://www.ibm.com/support/pages/node/7243011"
    },
    {
      "published_at": "2025-08-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243373",
      "url": "https://www.ibm.com/support/pages/node/7243373"
    }
  ]
}

CERTFR-2025-AVI-1025

Vulnerability from certfr_avis - Published: 2025-11-19 - Updated: 2025-11-19

De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une falsification de requêtes côté serveur (SSRF).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Atlassian	Jira	Jira Software Data Center versions antérieures à 11.2.0
Atlassian	Jira	Jira Software Data Center versions antérieures à 10.3.10
Atlassian	Jira	Jira Service Management Server versions antérieures à 10.7.3
Atlassian	Confluence	Confluence Server versions antérieures à 9.5.4
Atlassian	Confluence	Confluence Server versions antérieures à 9.2.6
Atlassian	Jira	Jira Service Management Data Center versions antérieures à 10.7.3
Atlassian	Jira	Jira Service Management Data Center versions antérieures à 11.2.0
Atlassian	Jira	Jira Service Management Data Center versions antérieures à 5.12.26
Atlassian	Jira	Jira Service Management Data Center versions antérieures à 10.3.10
Atlassian	Jira	Jira Service Management Server versions antérieures à 11.2.0
Atlassian	Jira	Jira Software Server versions antérieures à 10.7.3
Atlassian	Jira	Jira Software Server versions antérieures à 11.2.0
Atlassian	Confluence	Confluence Data Center versions antérieures à 9.2.6
Atlassian	Confluence	Confluence Data Center versions antérieures à 10.0.2
Atlassian	Jira	Jira Software Data Center versions antérieures à 9.12.26
Atlassian	Confluence	Confluence Data Center versions antérieures à 10.1.1
Atlassian	Confluence	Confluence Server versions antérieures à 10.1.1
Atlassian	Jira	Jira Service Management Server versions antérieures à 5.12.26
Atlassian	Confluence	Confluence Data Center versions antérieures à 9.3.1
Atlassian	Jira	Jira Software Data Center versions antérieures à 10.7.3
Atlassian	Jira	Jira Software Server versions antérieures à 10.3.10
Atlassian	Jira	Jira Software Server versions antérieures à 9.12.26
Atlassian	Confluence	Confluence Server versions antérieures à 8.5.20
Atlassian	Confluence	Confluence Server versions antérieures à 9.4.0
Atlassian	Confluence	Confluence Server versions antérieures à 10.0.2
Atlassian	Confluence	Confluence Data Center versions antérieures à 9.5.4
Atlassian	Confluence	Confluence Data Center versions antérieures à 8.5.20
Atlassian	Confluence	Confluence Data Center versions antérieures à 9.4.0
Atlassian	Jira	Jira Service Management Server versions antérieures à 10.3.10
Atlassian	Confluence	Confluence Server versions antérieures à 9.3.1

References

Title

Publication Time

Tags

Bulletin de sécurité Atlassian CONFSERVER-101488	2025-11-18	vendor-advisory
Bulletin de sécurité Atlassian JSDSERVER-16435	2025-11-18	vendor-advisory
Bulletin de sécurité Atlassian JSWSERVER-26537	2025-11-18	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-101480	2025-11-18	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-101486	2025-11-18	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-101487	2025-11-18	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-101485	2025-11-18	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-101479	2025-11-18	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-101477	2025-11-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 11.2.0",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.10",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.7.3",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.5.4",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.6",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.7.3",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 11.2.0",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.26",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.10",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 11.2.0",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.7.3",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Server versions ant\u00e9rieures \u00e0 11.2.0",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.6",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.0.2",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.26",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.1.1",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions ant\u00e9rieures \u00e0 10.1.1",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.26",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.3.1",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.7.3",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.3.10",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.26",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.20",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.4.0",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions ant\u00e9rieures \u00e0 10.0.2",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.5.4",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.20",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.4.0",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.10",
      "product": {
        "name": "Jira",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions ant\u00e9rieures \u00e0 9.3.1",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2025-41248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2022-38900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
    },
    {
      "name": "CVE-2023-42282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
    },
    {
      "name": "CVE-2025-48387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
    }
  ],
  "initial_release_date": "2025-11-19T00:00:00",
  "last_revision_date": "2025-11-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1025",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
  "vendor_advisories": [
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101488",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101488"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16435",
      "url": "https://jira.atlassian.com/browse/JSDSERVER-16435"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26537",
      "url": "https://jira.atlassian.com/browse/JSWSERVER-26537"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101480",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101480"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101486",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101486"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101487",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101487"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101485",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101485"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101479",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101479"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101477",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101477"
    }
  ]
}

CERTFR-2025-AVI-0701

Vulnerability from certfr_avis - Published: 2025-08-14 - Updated: 2025-08-14

Une vulnérabilité a été découverte dans IBM WebSphere. Elle permet à un attaquant de provoquer un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

L'éditeur indique que les versions correctives suivantes seront mises à disposition ultérieurement : - WebSphere Application Server 9.0.5.26 (troisième trimestre 2025) - WebSphere Application Server 8.5.5.29 (premier trimestre 2026) - WebSphere Application Server Liberty 25.0.0.9 (troisième trimestre 2025)

Impacted products

	Vendor	Product	Description
	IBM	WebSphere	WebSphere Application Server versions 8.5.x et 9.0.x sans le correctif de sécurité PH67137
	IBM	WebSphere	WebSphere Application Server Liberty avec la fonctionnalité servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 ou servlet-6.0 sans le correctif de sécurité PH67132

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7242088

2025-08-13

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "WebSphere Application Server versions 8.5.x et 9.0.x sans le correctif de s\u00e9curit\u00e9 PH67137",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server Liberty avec la fonctionnalit\u00e9 servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 ou servlet-6.0 sans le correctif de s\u00e9curit\u00e9 PH67132",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "L\u0027\u00e9diteur indique que les versions correctives suivantes seront mises \u00e0 disposition ult\u00e9rieurement : \n- WebSphere Application Server 9.0.5.26 (troisi\u00e8me trimestre 2025)\n- WebSphere Application Server 8.5.5.29 (premier trimestre 2026)\n- WebSphere Application Server Liberty 25.0.0.9 (troisi\u00e8me trimestre 2025)",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    }
  ],
  "initial_release_date": "2025-08-14T00:00:00",
  "last_revision_date": "2025-08-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0701",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans IBM WebSphere. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
  "title": "Vuln\u00e9rabilit\u00e9 dans IBM WebSphere",
  "vendor_advisories": [
    {
      "published_at": "2025-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7242088",
      "url": "https://www.ibm.com/support/pages/node/7242088"
    }
  ]
}

CERTFR-2025-AVI-0516

Vulnerability from certfr_avis - Published: 2025-06-17 - Updated: 2025-06-17

De multiples vulnérabilités ont été découvertes dans Apache Tomcat. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Apache	Tomcat	Tomcat versions 10.1.x antérieures à 10.1.42
Apache	Tomcat	Tomcat versions 9.0.x antérieures à 9.0.106
Apache	Tomcat	Tomcat versions 11.0.x antérieures à 11.0.8

References

Title

Publication Time

Tags

Bulletin de sécurité Apache Tomcat Apache_Tomcat_10.1.42	2025-06-09	vendor-advisory
Bulletin de sécurité Apache Tomcat Apache_Tomcat_9.0.106	2025-06-10	vendor-advisory
Bulletin de sécurité Apache Tomcat Apache_Tomcat_11.0.8	2025-06-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tomcat versions 10.1.x ant\u00e9rieures \u00e0 10.1.42",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Tomcat versions 9.0.x ant\u00e9rieures \u00e0 9.0.106",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    },
    {
      "description": "Tomcat versions 11.0.x ant\u00e9rieures \u00e0 11.0.8",
      "product": {
        "name": "Tomcat",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-48988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
    },
    {
      "name": "CVE-2025-49124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
    }
  ],
  "initial_release_date": "2025-06-17T00:00:00",
  "last_revision_date": "2025-06-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0516",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache Tomcat. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache Tomcat",
  "vendor_advisories": [
    {
      "published_at": "2025-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_10.1.42",
      "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.42"
    },
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_9.0.106",
      "url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.106"
    },
    {
      "published_at": "2025-06-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Apache Tomcat Apache_Tomcat_11.0.8",
      "url": "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.8"
    }
  ]
}

CERTFR-2025-AVI-0608

Vulnerability from certfr_avis - Published: 2025-07-18 - Updated: 2025-07-18

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	QRadar SIEM versions 7.5.0 sans les derniers correctifs de sécurité pour les protocoles GoogleCloudPubSub, GoogleCommon et GoogleGSuiteActivityReportsRESTAPI
IBM	QRadar SIEM	QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP12 IF03
IBM	WebSphere	WebSphere Remote Server sans les derniers correctifs de sécurité
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.4.x antérieures à 6.4.0.2 pour Unix
IBM	Sterling	Sterling Connect:Direct FTP+ versions 1.3.0 antérieures à 1.3.0.1
IBM	Db2 Query Management Facility	Db2 Query Management Facility versions 13.1 et 12.2.0.5 sans le JRE 8.0.8.45
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.3.x antérieures à 6.3.0.5 pour Unix
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.3
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.7 pour Windows
IBM	QRadar Incident Forensics	QRadar Incident Forensics versions 7.5.0 antérieures à 7.5.0 UP12 IF03
IBM	WebSphere	WebSphere Application Server Liberty versions antérieures à 25.0.0.8
IBM	Sterling Connect:Direct	Sterling Connect:Direct versions 6.2.x antérieures à 6.2.0.7.iFix052 pour Unix
IBM	Cognos Analytics	Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 5
IBM	WebSphere	WebSphere Application Server versions 9.0.0.x antérieures à 9.0.5.25
IBM	WebSphere	WebSphere eXtreme Scale versions 8.6.1.x antérieures à 8.6.1.6 sans le correctif PH67142 iFix

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7239645	2025-07-14	vendor-advisory
Bulletin de sécurité IBM 7239617	2025-07-14	vendor-advisory
Bulletin de sécurité IBM 7239753	2025-07-15	vendor-advisory
Bulletin de sécurité IBM 7239757	2025-07-15	vendor-advisory
Bulletin de sécurité IBM 7239856	2025-07-16	vendor-advisory
Bulletin de sécurité IBM 7239492	2025-07-11	vendor-advisory
Bulletin de sécurité IBM 6615285	2025-07-15	vendor-advisory
Bulletin de sécurité IBM 7239816	2025-07-15	vendor-advisory
Bulletin de sécurité IBM 7239564	2025-07-11	vendor-advisory
Bulletin de sécurité IBM 7239627	2025-07-14	vendor-advisory
Bulletin de sécurité IBM 7239598	2025-07-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar SIEM versions 7.5.0 sans les derniers correctifs de s\u00e9curit\u00e9 pour les protocoles GoogleCloudPubSub, GoogleCommon et GoogleGSuiteActivityReportsRESTAPI",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP12 IF03",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Remote Server sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.2 pour Unix",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct FTP+ versions 1.3.0 ant\u00e9rieures \u00e0 1.3.0.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Query Management Facility versions 13.1 et 12.2.0.5 sans le JRE 8.0.8.45",
      "product": {
        "name": "Db2 Query Management Facility",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.5 pour Unix",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.7 pour Windows",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Incident Forensics versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP12 IF03",
      "product": {
        "name": "QRadar Incident Forensics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 25.0.0.8",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.7.iFix052 pour Unix",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 5",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 9.0.0.x ant\u00e9rieures \u00e0 9.0.5.25",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere eXtreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 sans le correctif PH67142 iFix",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
    },
    {
      "name": "CVE-2020-4301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4301"
    },
    {
      "name": "CVE-2024-52005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52005"
    },
    {
      "name": "CVE-2021-20468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20468"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2025-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
    },
    {
      "name": "CVE-2021-29823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29823"
    },
    {
      "name": "CVE-2021-44532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
    },
    {
      "name": "CVE-2025-36097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
    },
    {
      "name": "CVE-2022-36773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36773"
    },
    {
      "name": "CVE-2021-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2022-29078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29078"
    },
    {
      "name": "CVE-2023-33953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33953"
    },
    {
      "name": "CVE-2021-23438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23438"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2023-32732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
    },
    {
      "name": "CVE-2025-48988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
    },
    {
      "name": "CVE-2022-30614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30614"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2022-49395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49395"
    },
    {
      "name": "CVE-2021-44533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2021-29418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29418"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2021-39045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39045"
    },
    {
      "name": "CVE-2022-21824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
    },
    {
      "name": "CVE-2022-21803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21803"
    },
    {
      "name": "CVE-2021-39009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39009"
    },
    {
      "name": "CVE-2025-32414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
    },
    {
      "name": "CVE-2020-16156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16156"
    },
    {
      "name": "CVE-2025-2900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
    },
    {
      "name": "CVE-2025-5283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
    },
    {
      "name": "CVE-2021-44531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
    },
    {
      "name": "CVE-2021-28918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28918"
    },
    {
      "name": "CVE-2025-36038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36038"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2021-3749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3749"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    }
  ],
  "initial_release_date": "2025-07-18T00:00:00",
  "last_revision_date": "2025-07-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0608",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-07-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239645",
      "url": "https://www.ibm.com/support/pages/node/7239645"
    },
    {
      "published_at": "2025-07-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239617",
      "url": "https://www.ibm.com/support/pages/node/7239617"
    },
    {
      "published_at": "2025-07-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239753",
      "url": "https://www.ibm.com/support/pages/node/7239753"
    },
    {
      "published_at": "2025-07-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239757",
      "url": "https://www.ibm.com/support/pages/node/7239757"
    },
    {
      "published_at": "2025-07-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239856",
      "url": "https://www.ibm.com/support/pages/node/7239856"
    },
    {
      "published_at": "2025-07-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239492",
      "url": "https://www.ibm.com/support/pages/node/7239492"
    },
    {
      "published_at": "2025-07-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6615285",
      "url": "https://www.ibm.com/support/pages/node/6615285"
    },
    {
      "published_at": "2025-07-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239816",
      "url": "https://www.ibm.com/support/pages/node/7239816"
    },
    {
      "published_at": "2025-07-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239564",
      "url": "https://www.ibm.com/support/pages/node/7239564"
    },
    {
      "published_at": "2025-07-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239627",
      "url": "https://www.ibm.com/support/pages/node/7239627"
    },
    {
      "published_at": "2025-07-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7239598",
      "url": "https://www.ibm.com/support/pages/node/7239598"
    }
  ]
}

CERTFR-2025-AVI-1079

Vulnerability from certfr_avis - Published: 2025-12-09 - Updated: 2025-12-09

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
SAP	SAPUI5 framework	SAPUI5 framework (Markdown-it component) versions SAP_UI 755, 756, 757 et 758 sans le dernier correctif de sécurité
SAP	BusinessObjects	Business Objects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité
SAP	NetWeaver	NetWeaver Internet Communication Framework versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de sécurité
SAP	Web Dispatcher, Internet Communication Manager et Content Server	Web Dispatcher, Internet Communication Manager et Content Server versions KRNL64UC 7.53, WEBDISP 7.53, 7.54, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, CONTSERV 7.53, 7.54, KERNEL 7.53 et 7.54 sans le dernier correctif de sécurité
SAP	jConnect	jConnect - SDK for ASE versions SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4 et 16.1 sans le dernier correctif de sécurité
SAP	NetWeaver Enterprise Portal	NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de sécurité
SAP	Enterprise Search pour ABAP	Enterprise Search pour ABAP versions SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de sécurité
SAP	Web Dispatcher et Internet Communication Manager (ICM)	Web Dispatcher et Internet Communication Manager (ICM) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, WEBDISP 7.22_EXT, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de sécurité
SAP	S/4HANA	S/4 HANA Private Cloud (Financials General Ledger) versions S4CORE 104, 105, 106, 107, 108 et 109 sans le dernier correctif de sécurité
SAP	NetWeaver	NetWeaver (remote service for Xcelsius) versions BI-BASE-E 7.50, BI-BASE-B 7.50, BI-IBC 7.50, BI-BASE-S 7.50 et BIWEBAPP 7.50 sans le dernier correctif de sécurité
SAP	Commerce Cloud	Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et COM_CLOUD 2211-JDK21 sans le dernier correctif de sécurité
SAP	Business Objects Business Intelligence Platform	Business Objects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de sécurité
SAP	Solution Manager	Solution Manager version ST 720 sans le dernier correctif de sécurité
SAP	Application Server ABAP	Application Server ABAP versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.16 et 9.17 sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité SAP december-2025

2025-12-09

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAPUI5 framework (Markdown-it component) versions SAP_UI 755, 756, 757 et 758 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "SAPUI5 framework",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Business Objects versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "BusinessObjects",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Internet Communication Framework versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Web Dispatcher, Internet Communication Manager et Content Server versions KRNL64UC 7.53, WEBDISP 7.53, 7.54, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, CONTSERV 7.53, 7.54, KERNEL 7.53 et 7.54 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Web Dispatcher, Internet Communication Manager et Content Server",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "jConnect - SDK for ASE versions SYBASE_SOFTWARE_DEVELOPER_KIT 16.0.4 et 16.1 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "jConnect",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver Enterprise Portal version EP-RUNTIME 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver Enterprise Portal",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Enterprise Search pour ABAP versions SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758 et SAP_BASIS 816 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Enterprise Search pour ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Web Dispatcher et Internet Communication Manager (ICM) versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, WEBDISP 7.22_EXT, 7.53, 7.54, 7.77, 7.89, 7.93, 9.16, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93 et 9.16 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Web Dispatcher et Internet Communication Manager (ICM)",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4 HANA Private Cloud (Financials General Ledger) versions S4CORE 104, 105, 106, 107, 108 et 109 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "S/4HANA",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "NetWeaver (remote service for Xcelsius) versions BI-BASE-E 7.50, BI-BASE-B 7.50, BI-IBC 7.50, BI-BASE-S 7.50 et BIWEBAPP 7.50 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "NetWeaver",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce Cloud versions HY_COM 2205, COM_CLOUD 2211 et COM_CLOUD 2211-JDK21 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Commerce Cloud",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Business Objects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Business Objects Business Intelligence Platform",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Solution Manager version ST 720 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Solution Manager",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "Application Server ABAP versions KRNL64UC 7.53, KERNEL 7.53, 7.54, 7.77, 7.89, 7.93, 9.16 et 9.17 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Application Server ABAP",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-42875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42875"
    },
    {
      "name": "CVE-2025-55752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
    },
    {
      "name": "CVE-2025-42904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42904"
    },
    {
      "name": "CVE-2025-42891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42891"
    },
    {
      "name": "CVE-2025-42877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42877"
    },
    {
      "name": "CVE-2025-42880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42880"
    },
    {
      "name": "CVE-2025-55754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
    },
    {
      "name": "CVE-2025-42874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42874"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-42873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42873"
    },
    {
      "name": "CVE-2025-42878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42878"
    },
    {
      "name": "CVE-2025-42876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42876"
    },
    {
      "name": "CVE-2025-42872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42872"
    },
    {
      "name": "CVE-2025-42928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42928"
    },
    {
      "name": "CVE-2025-42896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-42896"
    }
  ],
  "initial_release_date": "2025-12-09T00:00:00",
  "last_revision_date": "2025-12-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1079",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": "2025-12-09",
      "title": "Bulletin de s\u00e9curit\u00e9 SAP december-2025",
      "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2025.html"
    }
  ]
}

CERTFR-2026-AVI-0020

Vulnerability from certfr_avis - Published: 2026-01-09 - Updated: 2026-01-09

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Spectrum	IBM Spectrum Symphony version 7.3.2 sans le correctif de sécurité sym-7.3.2-build602620
IBM	WebSphere	Rational Application Developer (RAD) pour WebSphere Software version 10.0 sans le correctif de sécurité temporaire Java17SR17FP10
IBM	WebSphere	Rational Application Developer (RAD) pour WebSphere Software versions 9.6 et 9.7 sans le correctif de sécurité temporaire Java8SR8FP55
IBM	Sterling Connect:Direct	IBM Sterling Connect:Direct FTP+ versions antérieures 1.3.x à 1.3.0.3

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7256327	2026-01-06	vendor-advisory
Bulletin de sécurité IBM 7256473	2026-01-07	vendor-advisory
Bulletin de sécurité IBM 7256481	2026-01-07	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Symphony version 7.3.2 sans le correctif de s\u00e9curit\u00e9 sym-7.3.2-build602620",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Rational Application Developer (RAD) pour WebSphere Software version 10.0 sans le correctif de s\u00e9curit\u00e9 temporaire Java17SR17FP10",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Rational Application Developer (RAD) pour WebSphere Software versions 9.6 et 9.7 sans le correctif de s\u00e9curit\u00e9 temporaire Java8SR8FP55",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Sterling Connect:Direct FTP+ versions ant\u00e9rieures 1.3.x \u00e0 1.3.0.3",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-36047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36047"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-36000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36000"
    },
    {
      "name": "CVE-2025-36124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36124"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    }
  ],
  "initial_release_date": "2026-01-09T00:00:00",
  "last_revision_date": "2026-01-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0020",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-01-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2026-01-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7256327",
      "url": "https://www.ibm.com/support/pages/node/7256327"
    },
    {
      "published_at": "2026-01-07",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7256473",
      "url": "https://www.ibm.com/support/pages/node/7256473"
    },
    {
      "published_at": "2026-01-07",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7256481",
      "url": "https://www.ibm.com/support/pages/node/7256481"
    }
  ]
}

CERTFR-2026-AVI-0074

Vulnerability from certfr_avis - Published: 2026-01-21 - Updated: 2026-01-21

De multiples vulnérabilités ont été découvertes dans Oracle Weblogic. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	Weblogic	Oracle WebLogic Server version 14.1.2.0.0
Oracle	Weblogic	Oracle WebLogic Server version 12.2.1.4.0
Oracle	Weblogic	Oracle WebLogic Server version 15.1.1.0.0
Oracle	Weblogic	Oracle Weblogic Server Proxy Plug-in ( for Apache HTTP Server) versions 12.2.1.4.0 et 14.1.1.0.0
Oracle	Weblogic	Oracle WebLogic Server version 14.1.1.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle Weblogic cpujan2026

2026-01-20

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle WebLogic Server version 14.1.2.0.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server version 12.2.1.4.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server version 15.1.1.0.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Weblogic Server Proxy Plug-in ( for Apache HTTP Server) versions 12.2.1.4.0 et 14.1.1.0.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server version 14.1.1.0.0",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-41342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41342"
    },
    {
      "name": "CVE-2026-21962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21962"
    },
    {
      "name": "CVE-2025-12383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12383"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-41249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
    },
    {
      "name": "CVE-2022-40196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40196"
    },
    {
      "name": "CVE-2025-53864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
    }
  ],
  "initial_release_date": "2026-01-21T00:00:00",
  "last_revision_date": "2026-01-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0074",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Weblogic. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Weblogic",
  "vendor_advisories": [
    {
      "published_at": "2026-01-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Weblogic cpujan2026",
      "url": "https://www.oracle.com/security-alerts/cpujan2026.html"
    }
  ]
}

CERTFR-2025-AVI-0622

Vulnerability from certfr_avis - Published: 2025-07-25 - Updated: 2025-07-25

De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Platform	Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry Windows
VMware	Tanzu Platform	Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry Windows
VMware	N/A	Stemcells sans le dernier correctif de sécurité
VMware	Tanzu Platform	Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry
VMware	Tanzu Platform	Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry Windows
VMware	Tanzu	Anti-Virus sans le dernier correctif de sécurité pour Tanzu version 2.4.0
VMware	Tanzu	Scheduler sans le dernier correctif de sécurité pour Tanzu version 2.0.19
VMware	Tanzu Platform	Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry
VMware	Tanzu Platform	GenAI sans le dernier correctif de sécurité pour Tanzu Platform pour Cloud Foundry version 10.2.1
VMware	Tanzu Application Service	Tanzu Application Service versions antérieures à 1.16.11
VMware	Tanzu Platform	Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry isolation segment
VMware	Tanzu Platform	Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry isolation segment
VMware	Tanzu	Spring Cloud Services sans le dernier correctif de sécurité pour Tanzu version 3.3.8
VMware	Tanzu Platform	Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry
VMware	Tanzu Platform	Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry isolation segment
VMware	Tanzu	Spring Cloud Data Flow sans le dernier correctif de sécurité pour Tanzu version 1.14.7
VMware	Tanzu Platform	Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry isolation segment
VMware	Tanzu Platform	Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry
VMware	Tanzu Application Service	Single Sign-On sans le dernier correctif de sécurité pour Tanzu Application Service version 1.16.11
VMware	Tanzu	File Integrity Monitoring sans le dernier correctif de sécurité pour Tanzu version 2.1.47

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 35981	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35967	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35980	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35974	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35979	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35984	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35970	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35983	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35978	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35968	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35973	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35976	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35969	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35966	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35972	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35977	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35982	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35971	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35975	2025-07-24	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry Windows",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry Windows",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry Windows",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Anti-Virus sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.4.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Scheduler sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.0.19",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "GenAI sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Platform pour Cloud Foundry version 10.2.1",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.11",
      "product": {
        "name": "Tanzu Application Service",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry isolation segment",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry isolation segment",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Cloud Services sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 3.3.8",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry isolation segment",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Cloud Data Flow sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 1.14.7",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry isolation segment",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Single Sign-On sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Application Service version 1.16.11",
      "product": {
        "name": "Tanzu Application Service",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "File Integrity Monitoring sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.1.47",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2022-30633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
    },
    {
      "name": "CVE-2022-1705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
    },
    {
      "name": "CVE-2022-27664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
    },
    {
      "name": "CVE-2022-28131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
    },
    {
      "name": "CVE-2022-32148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
    },
    {
      "name": "CVE-2022-32189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
    },
    {
      "name": "CVE-2022-1962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
    },
    {
      "name": "CVE-2022-30635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
    },
    {
      "name": "CVE-2022-32149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
    },
    {
      "name": "CVE-2022-30631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
    },
    {
      "name": "CVE-2022-30632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
    },
    {
      "name": "CVE-2022-30630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2022-29526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2022-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
    },
    {
      "name": "CVE-2022-24921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
    },
    {
      "name": "CVE-2022-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2022-27774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
    },
    {
      "name": "CVE-2022-27775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
    },
    {
      "name": "CVE-2022-22576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
    },
    {
      "name": "CVE-2022-27776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
    },
    {
      "name": "CVE-2022-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
    },
    {
      "name": "CVE-2022-27191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
    },
    {
      "name": "CVE-2022-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
    },
    {
      "name": "CVE-2022-25647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
    },
    {
      "name": "CVE-2022-28327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
    },
    {
      "name": "CVE-2022-24675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
    },
    {
      "name": "CVE-2022-27782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2022-27781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2022-3358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
    },
    {
      "name": "CVE-2022-1271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
    },
    {
      "name": "CVE-2022-32221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
    },
    {
      "name": "CVE-2022-42916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
    },
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2022-42915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
    },
    {
      "name": "CVE-2022-43551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
    },
    {
      "name": "CVE-2022-43552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2023-23915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
    },
    {
      "name": "CVE-2023-23914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
    },
    {
      "name": "CVE-2023-23916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
    },
    {
      "name": "CVE-2022-41717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2022-2879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
    },
    {
      "name": "CVE-2022-41715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
    },
    {
      "name": "CVE-2022-2880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
    },
    {
      "name": "CVE-2022-41716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2023-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
    },
    {
      "name": "CVE-2022-30629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
    },
    {
      "name": "CVE-2022-41723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
    },
    {
      "name": "CVE-2022-41722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
    },
    {
      "name": "CVE-2022-30580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
    },
    {
      "name": "CVE-2022-41720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
    },
    {
      "name": "CVE-2022-41725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
    },
    {
      "name": "CVE-2022-41724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
    },
    {
      "name": "CVE-2023-24532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
    },
    {
      "name": "CVE-2023-24537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2022-30634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
    },
    {
      "name": "CVE-2023-27533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
    },
    {
      "name": "CVE-2023-27534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
    },
    {
      "name": "CVE-2022-27780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
    },
    {
      "name": "CVE-2022-29804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
    },
    {
      "name": "CVE-2023-24536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
    },
    {
      "name": "CVE-2023-24538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
    },
    {
      "name": "CVE-2023-1255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
    },
    {
      "name": "CVE-2023-28322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
    },
    {
      "name": "CVE-2023-28320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
    },
    {
      "name": "CVE-2023-28321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
    },
    {
      "name": "CVE-2023-24540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
    },
    {
      "name": "CVE-2023-29400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
    },
    {
      "name": "CVE-2023-24539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
    },
    {
      "name": "CVE-2023-2975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2023-28319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2023-29404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
    },
    {
      "name": "CVE-2023-29402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
    },
    {
      "name": "CVE-2023-29403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
    },
    {
      "name": "CVE-2023-29405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2023-29409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
    },
    {
      "name": "CVE-2023-29406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
    },
    {
      "name": "CVE-2023-40403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-33201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
    },
    {
      "name": "CVE-2016-1000027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
    },
    {
      "name": "CVE-2023-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2023-5678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2022-0563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2023-6237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
    },
    {
      "name": "CVE-2023-39323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
    },
    {
      "name": "CVE-2023-36617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36617"
    },
    {
      "name": "CVE-2022-23471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
    },
    {
      "name": "CVE-2023-25153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
    },
    {
      "name": "CVE-2023-24534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
    },
    {
      "name": "CVE-2023-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
    },
    {
      "name": "CVE-2023-46218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
    },
    {
      "name": "CVE-2023-39318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
    },
    {
      "name": "CVE-2023-39319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
    },
    {
      "name": "CVE-2024-0727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
    },
    {
      "name": "CVE-2023-39325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
    },
    {
      "name": "CVE-2023-25173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
    },
    {
      "name": "CVE-2022-31030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2023-36632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
    },
    {
      "name": "CVE-2024-28085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2020-22916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
    },
    {
      "name": "CVE-2023-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
    },
    {
      "name": "CVE-2023-2253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2024-21068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2024-21012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21012"
    },
    {
      "name": "CVE-2023-28841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
    },
    {
      "name": "CVE-2023-28842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
    },
    {
      "name": "CVE-2023-39326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
    },
    {
      "name": "CVE-2023-45283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
    },
    {
      "name": "CVE-2023-28840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
    },
    {
      "name": "CVE-2023-45285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
    },
    {
      "name": "CVE-2023-45284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2023-6378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
    },
    {
      "name": "CVE-2023-45289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
    },
    {
      "name": "CVE-2023-45290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
    },
    {
      "name": "CVE-2024-24783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
    },
    {
      "name": "CVE-2024-24784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
    },
    {
      "name": "CVE-2024-24785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2024-35255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
    },
    {
      "name": "CVE-2024-24557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
    },
    {
      "name": "CVE-2024-24786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
    },
    {
      "name": "CVE-2024-28180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2024-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
    },
    {
      "name": "CVE-2024-4030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
    },
    {
      "name": "CVE-2024-4032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2024-36945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
    },
    {
      "name": "CVE-2024-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
    },
    {
      "name": "CVE-2024-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
    },
    {
      "name": "CVE-2024-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
    },
    {
      "name": "CVE-2024-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
    },
    {
      "name": "CVE-2024-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
    },
    {
      "name": "CVE-2024-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
    },
    {
      "name": "CVE-2023-28756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28756"
    },
    {
      "name": "CVE-2024-6923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
    },
    {
      "name": "CVE-2024-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
    },
    {
      "name": "CVE-2023-45287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
    },
    {
      "name": "CVE-2024-24787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
    },
    {
      "name": "CVE-2024-42230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2022-24769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24769"
    },
    {
      "name": "CVE-2024-41110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
    },
    {
      "name": "CVE-2024-38816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2024-8096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
    },
    {
      "name": "CVE-2024-46812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
    },
    {
      "name": "CVE-2024-46821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2024-46753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46753"
    },
    {
      "name": "CVE-2024-46787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
    },
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2024-9143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
    },
    {
      "name": "CVE-2024-38819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
    },
    {
      "name": "CVE-2024-38820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
    },
    {
      "name": "CVE-2024-34447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2024-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
    },
    {
      "name": "CVE-2024-9681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
    },
    {
      "name": "CVE-2024-11168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
    },
    {
      "name": "CVE-2024-38828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
    },
    {
      "name": "CVE-2024-50047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2024-53051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
    },
    {
      "name": "CVE-2024-0406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
    },
    {
      "name": "CVE-2024-53144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
    },
    {
      "name": "CVE-2024-8805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
    },
    {
      "name": "CVE-2025-21502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
    },
    {
      "name": "CVE-2024-27282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2024-56664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2024-50602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2025-1795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-24791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
    },
    {
      "name": "CVE-2025-22228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
    },
    {
      "name": "CVE-2023-24531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
    },
    {
      "name": "CVE-2024-45336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2024-45341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
    },
    {
      "name": "CVE-2025-22866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2024-56171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
    },
    {
      "name": "CVE-2025-27113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
    },
    {
      "name": "CVE-2020-36843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36843"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2025-30691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2025-24928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
    },
    {
      "name": "CVE-2025-21941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
    },
    {
      "name": "CVE-2025-21956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
    },
    {
      "name": "CVE-2025-21957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
    },
    {
      "name": "CVE-2025-21959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
    },
    {
      "name": "CVE-2025-21962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
    },
    {
      "name": "CVE-2025-21963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
    },
    {
      "name": "CVE-2025-21964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
    },
    {
      "name": "CVE-2025-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
    },
    {
      "name": "CVE-2025-21970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
    },
    {
      "name": "CVE-2025-21975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
    },
    {
      "name": "CVE-2025-21981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
    },
    {
      "name": "CVE-2025-21991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
    },
    {
      "name": "CVE-2025-21992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
    },
    {
      "name": "CVE-2025-21994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
    },
    {
      "name": "CVE-2025-21996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
    },
    {
      "name": "CVE-2025-21999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
    },
    {
      "name": "CVE-2025-22004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
    },
    {
      "name": "CVE-2025-22005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
    },
    {
      "name": "CVE-2025-22007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
    },
    {
      "name": "CVE-2025-22008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
    },
    {
      "name": "CVE-2025-22010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
    },
    {
      "name": "CVE-2025-22014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
    },
    {
      "name": "CVE-2020-15250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
    },
    {
      "name": "CVE-2024-12798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
    },
    {
      "name": "CVE-2024-12801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
    },
    {
      "name": "CVE-2024-29018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
    },
    {
      "name": "CVE-2025-21613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
    },
    {
      "name": "CVE-2025-21614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2025-22235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
    },
    {
      "name": "CVE-2025-2312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
    },
    {
      "name": "CVE-2025-31650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
    },
    {
      "name": "CVE-2025-31651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2023-53034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
    },
    {
      "name": "CVE-2025-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
    },
    {
      "name": "CVE-2025-22035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
    },
    {
      "name": "CVE-2025-22044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
    },
    {
      "name": "CVE-2025-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
    },
    {
      "name": "CVE-2025-22050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
    },
    {
      "name": "CVE-2025-22054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
    },
    {
      "name": "CVE-2025-22055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
    },
    {
      "name": "CVE-2025-22056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
    },
    {
      "name": "CVE-2025-22060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
    },
    {
      "name": "CVE-2025-22063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
    },
    {
      "name": "CVE-2025-22066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
    },
    {
      "name": "CVE-2025-22071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
    },
    {
      "name": "CVE-2025-22073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
    },
    {
      "name": "CVE-2025-22075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
    },
    {
      "name": "CVE-2025-22079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
    },
    {
      "name": "CVE-2025-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22081"
    },
    {
      "name": "CVE-2025-22086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
    },
    {
      "name": "CVE-2025-22089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
    },
    {
      "name": "CVE-2025-22097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
    },
    {
      "name": "CVE-2025-23136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
    },
    {
      "name": "CVE-2025-23138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
    },
    {
      "name": "CVE-2025-37785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
    },
    {
      "name": "CVE-2025-38152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
    },
    {
      "name": "CVE-2025-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38575"
    },
    {
      "name": "CVE-2025-38637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
    },
    {
      "name": "CVE-2025-39728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
    },
    {
      "name": "CVE-2025-39735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2025-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
    },
    {
      "name": "CVE-2024-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
    },
    {
      "name": "CVE-2025-4575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4575"
    },
    {
      "name": "CVE-2022-49728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
    },
    {
      "name": "CVE-2024-58093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
    },
    {
      "name": "CVE-2025-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
    },
    {
      "name": "CVE-2025-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
    },
    {
      "name": "CVE-2025-37798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2025-46701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
    },
    {
      "name": "CVE-2025-22021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
    },
    {
      "name": "CVE-2025-37889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
    },
    {
      "name": "CVE-2025-37937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
    },
    {
      "name": "CVE-2025-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
    },
    {
      "name": "CVE-2025-37932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2025-41234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
    },
    {
      "name": "CVE-2025-49146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
    },
    {
      "name": "CVE-2025-27219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
    },
    {
      "name": "CVE-2025-27220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-48988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
    },
    {
      "name": "CVE-2025-49124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
    },
    {
      "name": "CVE-2025-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
    },
    {
      "name": "CVE-2024-53427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-6020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
    },
    {
      "name": "CVE-2022-49636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
    },
    {
      "name": "CVE-2025-37997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
    },
    {
      "name": "CVE-2025-38000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
    },
    {
      "name": "CVE-2025-38001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
    },
    {
      "name": "CVE-2022-21698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
    },
    {
      "name": "CVE-2025-32462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
    },
    {
      "name": "CVE-2025-52434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
    },
    {
      "name": "CVE-2025-53506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-30761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    },
    {
      "name": "CVE-2021-3995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
    },
    {
      "name": "CVE-2021-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
    },
    {
      "name": "CVE-2022-28948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
    },
    {
      "name": "CVE-2022-29173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29173"
    },
    {
      "name": "CVE-2022-35929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35929"
    },
    {
      "name": "CVE-2022-36056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36056"
    },
    {
      "name": "CVE-2022-36109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36109"
    },
    {
      "name": "CVE-2023-28755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28755"
    },
    {
      "name": "CVE-2023-30551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30551"
    },
    {
      "name": "CVE-2023-33199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33199"
    },
    {
      "name": "CVE-2023-33202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
    },
    {
      "name": "CVE-2023-46737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46737"
    },
    {
      "name": "CVE-2024-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
    },
    {
      "name": "CVE-2024-24579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24579"
    },
    {
      "name": "CVE-2024-29902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29902"
    },
    {
      "name": "CVE-2024-29903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29903"
    },
    {
      "name": "CVE-2024-40635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
    },
    {
      "name": "CVE-2024-41909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
    },
    {
      "name": "CVE-2024-45339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
    },
    {
      "name": "CVE-2024-47611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
    },
    {
      "name": "CVE-2024-52587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52587"
    },
    {
      "name": "CVE-2024-6104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2025-25186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
    },
    {
      "name": "CVE-2025-27221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
    },
    {
      "name": "CVE-2025-29786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
    },
    {
      "name": "CVE-2025-32441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
    },
    {
      "name": "CVE-2025-32955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
    },
    {
      "name": "CVE-2025-32988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
    },
    {
      "name": "CVE-2025-32989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
    },
    {
      "name": "CVE-2025-32990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
    },
    {
      "name": "CVE-2025-3445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
    },
    {
      "name": "CVE-2025-38177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
    },
    {
      "name": "CVE-2025-46727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2025-47290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47290"
    },
    {
      "name": "CVE-2025-48060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
    },
    {
      "name": "CVE-2025-4877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
    },
    {
      "name": "CVE-2025-4878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2025-49014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
    },
    {
      "name": "CVE-2025-4949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2025-5318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
    },
    {
      "name": "CVE-2025-5372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
    },
    {
      "name": "CVE-2025-5914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
    },
    {
      "name": "CVE-2025-5915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
    },
    {
      "name": "CVE-2025-5916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
    },
    {
      "name": "CVE-2025-5917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2025-6395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
    }
  ],
  "initial_release_date": "2025-07-25T00:00:00",
  "last_revision_date": "2025-07-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0622",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35981",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35981"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35967",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35967"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35980",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35980"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35974",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35974"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35979",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35979"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35984",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35984"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35970",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35970"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35983",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35983"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35978",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35978"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35968",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35968"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35973",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35973"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35976",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35976"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35969",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35969"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35966",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35966"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35972",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35972"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35977",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35977"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35982",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35982"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35971",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35971"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35975",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35975"
    }
  ]
}

CERTFR-2026-AVI-0002

Vulnerability from certfr_avis - Published: 2026-01-02 - Updated: 2026-01-02

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	WebSphere	WebSphere eXtreme Scale versions 8.6.1.x antérieures à 8.6.1.6 sans le correctif PH69398 iFix
IBM	Sterling Partner Engagement Manager Standard Edition	Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x antérieures à 6.2.3.5
IBM	Sterling Partner Engagement Manager Standard Edition	Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x antérieures à 6.2.4.2
IBM	Sterling Partner Engagement Manager Essentials Edition	Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x antérieures à 6.2.4.2
IBM	Sterling Partner Engagement Manager Essentials Edition	Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x antérieures à 6.2.3.5

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7255899	2025-12-29	vendor-advisory
Bulletin de sécurité IBM 7256003	2025-12-30	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "WebSphere eXtreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 sans le correctif PH69398 iFix",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
      "product": {
        "name": "Sterling Partner Engagement Manager Standard Edition",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
      "product": {
        "name": "Sterling Partner Engagement Manager Standard Edition",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.4.x ant\u00e9rieures \u00e0 6.2.4.2",
      "product": {
        "name": "Sterling Partner Engagement Manager Essentials Edition",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.3.x ant\u00e9rieures \u00e0 6.2.3.5",
      "product": {
        "name": "Sterling Partner Engagement Manager Essentials Edition",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48795"
    },
    {
      "name": "CVE-2020-36732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36732"
    },
    {
      "name": "CVE-2025-36047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36047"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2023-6378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
    },
    {
      "name": "CVE-2024-56339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
    },
    {
      "name": "CVE-2025-36000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36000"
    },
    {
      "name": "CVE-2025-36124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36124"
    },
    {
      "name": "CVE-2024-38808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38808"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    }
  ],
  "initial_release_date": "2026-01-02T00:00:00",
  "last_revision_date": "2026-01-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0002",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-01-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-12-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255899",
      "url": "https://www.ibm.com/support/pages/node/7255899"
    },
    {
      "published_at": "2025-12-30",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7256003",
      "url": "https://www.ibm.com/support/pages/node/7256003"
    }
  ]
}

CERTFR-2025-AVI-0724

Vulnerability from certfr_avis - Published: 2025-08-22 - Updated: 2025-08-22

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar	QRadar Incident Forensics versions 7.5.x antérieures à QIF 7.5.0 UP13 IF01
IBM	WebSphere Service Registry and Repository	WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de sécurité
IBM	Sterling B2B Integrator	Sterling B2B Integrator versions 6.x antérieures à 6.2.1.1
IBM	QRadar	QRadar Data Synchronization App versions antérieures à 3.2.2
IBM	QRadar Log Source Management App	QRadar Log Source Management App versions antérieures à 7.0.12
IBM	Sterling File Gateway	Sterling File Gateway versions 6.x antérieures à 6.2.1.1
IBM	QRadar SIEM	QRadar SIEM QRadar versions 7.5.x antérieures à 7.5.0 UP13 IF01
IBM	QRadar	SOAR QRadar Plugin App versions antérieures à 5.6.2

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7242291	2025-08-15	vendor-advisory
Bulletin de sécurité IBM 7242269	2025-08-15	vendor-advisory
Bulletin de sécurité IBM 7242292	2025-08-15	vendor-advisory
Bulletin de sécurité IBM 7242246	2025-08-14	vendor-advisory
Bulletin de sécurité IBM 7242869	2025-08-21	vendor-advisory
Bulletin de sécurité IBM 7242665	2025-08-20	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar Incident Forensics versions 7.5.x ant\u00e9rieures \u00e0 QIF 7.5.0 UP13 IF01",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere Service Registry and Repository",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions 6.x ant\u00e9rieures \u00e0 6.2.1.1",
      "product": {
        "name": "Sterling B2B Integrator",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.2.2",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Log Source Management App versions ant\u00e9rieures \u00e0 7.0.12",
      "product": {
        "name": "QRadar Log Source Management App",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling File Gateway versions 6.x ant\u00e9rieures \u00e0 6.2.1.1",
      "product": {
        "name": "Sterling File Gateway",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM QRadar versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP13 IF01",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.2",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-32996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32996"
    },
    {
      "name": "CVE-2025-36042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36042"
    },
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2025-48050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
    },
    {
      "name": "CVE-2025-22150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
    },
    {
      "name": "CVE-2024-11831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
    },
    {
      "name": "CVE-2025-6545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6545"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2018-14732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14732"
    },
    {
      "name": "CVE-2025-23085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
    },
    {
      "name": "CVE-2025-32997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32997"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-30360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30360"
    },
    {
      "name": "CVE-2025-33120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33120"
    },
    {
      "name": "CVE-2025-26791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
    },
    {
      "name": "CVE-2025-23184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2025-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
    },
    {
      "name": "CVE-2025-7339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2025-30359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30359"
    },
    {
      "name": "CVE-2025-6547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6547"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    }
  ],
  "initial_release_date": "2025-08-22T00:00:00",
  "last_revision_date": "2025-08-22T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0724",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-08-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7242291",
      "url": "https://www.ibm.com/support/pages/node/7242291"
    },
    {
      "published_at": "2025-08-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7242269",
      "url": "https://www.ibm.com/support/pages/node/7242269"
    },
    {
      "published_at": "2025-08-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7242292",
      "url": "https://www.ibm.com/support/pages/node/7242292"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7242246",
      "url": "https://www.ibm.com/support/pages/node/7242246"
    },
    {
      "published_at": "2025-08-21",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7242869",
      "url": "https://www.ibm.com/support/pages/node/7242869"
    },
    {
      "published_at": "2025-08-20",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7242665",
      "url": "https://www.ibm.com/support/pages/node/7242665"
    }
  ]
}

CERTFR-2026-AVI-0182

Vulnerability from certfr_avis - Published: 2026-02-18 - Updated: 2026-02-18

De multiples vulnérabilités ont été découvertes dans Atlassian Confluence. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Atlassian	Confluence	Confluence Server versions 9.4.x antérieures à 9.4.0
Atlassian	Confluence	Confluence Data Center versions 9.4.x antérieures à 9.4.0
Atlassian	Confluence	Confluence Data Center versions 9.5.x antérieures à 9.5.3
Atlassian	Confluence	Confluence Server versions 10.1.x antérieures à 10.1.0
Atlassian	Confluence	Confluence Server versions 10.0.x antérieures à 10.0.2
Atlassian	Confluence	Confluence Data Center versions 10.0.x antérieures à 10.0.2
Atlassian	Confluence	Confluence Server versions 9.2.x antérieures à 9.2.7
Atlassian	Confluence	Confluence Data Center versions antérieures à 8.5.10
Atlassian	Confluence	Confluence Server versions 9.5.x antérieures à 9.5.3
Atlassian	Confluence	Confluence Data Center versions 10.1.x antérieures à 10.1.0
Atlassian	Confluence	Confluence Data Center versions 10.2.x antérieures à 10.2.6
Atlassian	Confluence	Confluence Server versions antérieures à 8.5.10
Atlassian	Confluence	Confluence Server versions 10.2.x antérieures à 10.2.6
Atlassian	Confluence	Confluence Data Center versions 9.2.x antérieures à 9.2.15
Atlassian	Confluence	Confluence Data Center versions 9.3.x antérieures à 9.3.1
Atlassian	Confluence	Confluence Server versions 9.3.x antérieures à 9.3.1

References

Title

Publication Time

Tags

Bulletin de sécurité Atlassian CONFSERVER-102185	2026-02-17	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-101930	2026-02-17	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-102184	2026-02-17	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-102186	2026-02-17	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-102193	2026-02-17	vendor-advisory
Bulletin de sécurité Atlassian CONFSERVER-102132	2026-02-17	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Confluence Server versions 9.4.x ant\u00e9rieures \u00e0 9.4.0",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions 9.4.x ant\u00e9rieures \u00e0 9.4.0",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions 9.5.x ant\u00e9rieures \u00e0 9.5.3",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.0",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions 10.0.x ant\u00e9rieures \u00e0 10.0.2",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions 9.2.x ant\u00e9rieures \u00e0 9.2.7",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.10",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions 9.5.x ant\u00e9rieures \u00e0 9.5.3",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions 10.1.x ant\u00e9rieures \u00e0 10.1.0",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions 10.2.x ant\u00e9rieures \u00e0 10.2.6",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.10",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions 10.2.x ant\u00e9rieures \u00e0 10.2.6",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions 9.2.x ant\u00e9rieures \u00e0 9.2.15",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Data Center versions 9.3.x ant\u00e9rieures \u00e0 9.3.1",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    },
    {
      "description": "Confluence Server versions 9.3.x ant\u00e9rieures \u00e0 9.3.1",
      "product": {
        "name": "Confluence",
        "vendor": {
          "name": "Atlassian",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2022-25927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25927"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-41249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2025-59343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
    }
  ],
  "initial_release_date": "2026-02-18T00:00:00",
  "last_revision_date": "2026-02-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0182",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-02-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Atlassian Confluence. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Atlassian Confluence",
  "vendor_advisories": [
    {
      "published_at": "2026-02-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102185",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-102185"
    },
    {
      "published_at": "2026-02-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101930",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-101930"
    },
    {
      "published_at": "2026-02-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102184",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-102184"
    },
    {
      "published_at": "2026-02-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102186",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-102186"
    },
    {
      "published_at": "2026-02-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102193",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-102193"
    },
    {
      "published_at": "2026-02-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-102132",
      "url": "https://jira.atlassian.com/browse/CONFSERVER-102132"
    }
  ]
}

CERTFR-2025-AVI-0808

Vulnerability from certfr_avis - Published: 2025-09-19 - Updated: 2025-09-19

De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	IBM	N/A	Enterprise Application Service pour Java sans les derniers correctifs de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7245253

2025-09-17

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Enterprise Application Service pour Java sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-36097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
    },
    {
      "name": "CVE-2025-36047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36047"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2024-56339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
    },
    {
      "name": "CVE-2025-36124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36124"
    }
  ],
  "initial_release_date": "2025-09-19T00:00:00",
  "last_revision_date": "2025-09-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0808",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-09-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7245253",
      "url": "https://www.ibm.com/support/pages/node/7245253"
    }
  ]
}

CERTFR-2025-AVI-0896

Vulnerability from certfr_avis - Published: 2025-10-17 - Updated: 2025-10-17

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.4.x antérieures à 6.4.0.4
IBM	Cloud Pak	Cloud Pak for Security versions antérieures à 1.11.5.0
IBM	QRadar	QRadar Investigation Assistant versions antérieures à 1.2.0
IBM	WebSphere	WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446
IBM	QRadar Suite Software	QRadar Suite Software versions antérieures à 1.11.5.0
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.19
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.15
IBM	Sterling Connect:Direct	Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.29

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7247985	2025-10-15	vendor-advisory
Bulletin de sécurité IBM 7247975	2025-10-15	vendor-advisory
Bulletin de sécurité IBM 7247893	2025-10-14	vendor-advisory
Bulletin de sécurité IBM 7248127	2025-10-16	vendor-advisory
Bulletin de sécurité IBM 7248118	2025-10-16	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sterling Connect:Direct Web Services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.4",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.11.5.0",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Investigation Assistant versions ant\u00e9rieures \u00e0 1.2.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.11.5.0",
      "product": {
        "name": "QRadar Suite Software",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.19",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.15",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.29",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-31651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
    },
    {
      "name": "CVE-2025-27818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
    },
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2024-55565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
    },
    {
      "name": "CVE-2025-46548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46548"
    },
    {
      "name": "CVE-2025-27817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
    },
    {
      "name": "CVE-2023-32082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32082"
    },
    {
      "name": "CVE-2025-22228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
    },
    {
      "name": "CVE-2019-9674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
    },
    {
      "name": "CVE-2024-6866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6866"
    },
    {
      "name": "CVE-2025-1647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
    },
    {
      "name": "CVE-2020-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
    },
    {
      "name": "CVE-2024-12798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
    },
    {
      "name": "CVE-2025-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2018-8740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8740"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
    },
    {
      "name": "CVE-2024-38820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2025-49826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49826"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2025-30474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30474"
    },
    {
      "name": "CVE-2025-4565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2024-21538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
    },
    {
      "name": "CVE-2023-44389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44389"
    },
    {
      "name": "CVE-2022-38749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-6844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6844"
    },
    {
      "name": "CVE-2024-12801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-48989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
    },
    {
      "name": "CVE-2022-22968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-27553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
    },
    {
      "name": "CVE-2025-30761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
    },
    {
      "name": "CVE-2024-47535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
    },
    {
      "name": "CVE-2024-6484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
    },
    {
      "name": "CVE-2025-48988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
    },
    {
      "name": "CVE-2025-47278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47278"
    },
    {
      "name": "CVE-2024-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
    },
    {
      "name": "CVE-2025-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
    },
    {
      "name": "CVE-2025-49005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49005"
    },
    {
      "name": "CVE-2025-30218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30218"
    },
    {
      "name": "CVE-2023-36479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
    },
    {
      "name": "CVE-2022-31628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31628"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2024-7598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7598"
    },
    {
      "name": "CVE-2025-29927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
    },
    {
      "name": "CVE-2025-55668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
    },
    {
      "name": "CVE-2022-38751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2025-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2025-46653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2024-6827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2022-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
    },
    {
      "name": "CVE-2025-53864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
    },
    {
      "name": "CVE-2024-6839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6839"
    },
    {
      "name": "CVE-2025-48997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
    },
    {
      "name": "CVE-2025-48387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
    },
    {
      "name": "CVE-2025-58754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
    },
    {
      "name": "CVE-2025-46392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
    },
    {
      "name": "CVE-2025-7338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
    },
    {
      "name": "CVE-2024-44906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44906"
    },
    {
      "name": "CVE-2025-59343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    }
  ],
  "initial_release_date": "2025-10-17T00:00:00",
  "last_revision_date": "2025-10-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0896",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7247985",
      "url": "https://www.ibm.com/support/pages/node/7247985"
    },
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7247975",
      "url": "https://www.ibm.com/support/pages/node/7247975"
    },
    {
      "published_at": "2025-10-14",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7247893",
      "url": "https://www.ibm.com/support/pages/node/7247893"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7248127",
      "url": "https://www.ibm.com/support/pages/node/7248127"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7248118",
      "url": "https://www.ibm.com/support/pages/node/7248118"
    }
  ]
}

CERTFR-2025-AVI-0667

Vulnerability from certfr_avis - Published: 2025-08-08 - Updated: 2025-08-08

De multiples vulnérabilités ont été découvertes dans Juniper Secure Analytics. Elle permet à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Juniper Networks	Secure Analytics	Secure Analytics versions antérieures à 7.5.0 UP12 IF03

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA

2025-08-07

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP12 IF03",
      "product": {
        "name": "Secure Analytics",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
    },
    {
      "name": "CVE-2024-52005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52005"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2025-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2023-33953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33953"
    },
    {
      "name": "CVE-2025-33097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33097"
    },
    {
      "name": "CVE-2023-32732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
    },
    {
      "name": "CVE-2025-48988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2022-49395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49395"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2025-32414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
    },
    {
      "name": "CVE-2020-16156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-16156"
    },
    {
      "name": "CVE-2025-5283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5283"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    }
  ],
  "initial_release_date": "2025-08-08T00:00:00",
  "last_revision_date": "2025-08-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0667",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Secure Analytics. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics",
  "vendor_advisories": [
    {
      "published_at": "2025-08-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA",
      "url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-U12-IF03"
    }
  ]
}

CERTFR-2025-AVI-0939

Vulnerability from certfr_avis - Published: 2025-10-30 - Updated: 2025-10-30

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Splunk	Splunk AppDynamics Analytics Agent	Splunk AppDynamics Analytics Agent versions 25.7.x antérieures à 25.7.0
Splunk	Splunk AppDynamics Private Synthetic Agent	Splunk AppDynamics Private Synthetic Agent versions 25.7.x antérieures à 25.7.0
Splunk	Splunk Operator for Kubernetes	Greffon Splunk Operator for Kubernetes versions 3.0.x antérieures à 3.0.0
Splunk	Splunk AppDynamics Machine Agent	Splunk AppDynamics Machine Agent versions 25.7.x antérieures à 25.7.0

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2025-1009	2025-10-29	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1011	2025-10-29	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1010	2025-10-29	vendor-advisory
Bulletin de sécurité Splunk SVD-2025-1008	2025-10-29	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk AppDynamics Analytics Agent versions 25.7.x ant\u00e9rieures \u00e0 25.7.0",
      "product": {
        "name": "Splunk AppDynamics Analytics Agent",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics Private Synthetic Agent versions 25.7.x ant\u00e9rieures \u00e0 25.7.0",
      "product": {
        "name": "Splunk AppDynamics Private Synthetic Agent",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Greffon Splunk Operator for Kubernetes  versions 3.0.x ant\u00e9rieures \u00e0 3.0.0",
      "product": {
        "name": "Splunk Operator for Kubernetes",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics Machine Agent versions 25.7.x ant\u00e9rieures \u00e0 25.7.0",
      "product": {
        "name": "Splunk AppDynamics Machine Agent",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2024-45159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45159"
    },
    {
      "name": "CVE-2024-45341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
    },
    {
      "name": "CVE-2025-4373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
    },
    {
      "name": "CVE-2023-32636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32636"
    },
    {
      "name": "CVE-2025-22866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2023-29499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29499"
    },
    {
      "name": "CVE-2024-45336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2025-3360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
    },
    {
      "name": "CVE-2024-6763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2024-52533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
    },
    {
      "name": "CVE-2025-4802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2022-3358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
    },
    {
      "name": "CVE-2022-48622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48622"
    },
    {
      "name": "CVE-2023-32611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32611"
    },
    {
      "name": "CVE-2024-34397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2023-32665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32665"
    }
  ],
  "initial_release_date": "2025-10-30T00:00:00",
  "last_revision_date": "2025-10-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0939",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1009",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1009"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1011",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1011"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1010",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1010"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-1008",
      "url": "https://advisory.splunk.com/advisories/SVD-2025-1008"
    }
  ]
}

cve-2025-48976

Vulnerability from osv_almalinux

Published

2025-08-20 00:00

Modified

2025-08-21 10:09

Summary

Important: tomcat security update

Details

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)
tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)
tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
tomcat: Apache Tomcat denial of service (CVE-2025-52520)
tomcat: Apache Tomcat denial of service (CVE-2025-52434)
tomcat: Apache Tomcat denial of service (CVE-2025-53506)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-1.el8_10.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "tomcat-admin-webapps"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-1.el8_10.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "tomcat-docs-webapp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-1.el8_10.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "tomcat-el-3.0-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-1.el8_10.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "tomcat-jsp-2.3-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-1.el8_10.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "tomcat-lib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-1.el8_10.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "tomcat-servlet-4.0-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-1.el8_10.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "tomcat-webapps"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-1.el8_10.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.  \n\nSecurity Fix(es):  \n\n  * tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)\n  * tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)\n  * apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)\n  * tomcat: http/2 \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-48989)\n  * tomcat: Apache Tomcat denial of service (CVE-2025-52520)\n  * tomcat: Apache Tomcat denial of service (CVE-2025-52434)\n  * tomcat: Apache Tomcat denial of service (CVE-2025-53506)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:14177",
  "modified": "2025-08-21T10:09:15Z",
  "published": "2025-08-20T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:14177"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-48976"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-48988"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-48989"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-49125"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-52434"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-52520"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-53506"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2373015"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2373018"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2373020"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2373309"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2379374"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2379382"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2379386"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-14177.html"
    }
  ],
  "related": [
    "CVE-2025-48988",
    "CVE-2025-49125",
    "CVE-2025-48976",
    "CVE-2025-48989",
    "CVE-2025-52520",
    "CVE-2025-52434",
    "CVE-2025-53506"
  ],
  "summary": "Important: tomcat security update"
}

cve-2025-48976

Vulnerability from osv_almalinux

Published

2025-08-20 00:00

Modified

2025-08-22 10:20

Summary

Important: tomcat9 security update

Details

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.

Security Fix(es):

tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)
tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)
tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
tomcat: Apache Tomcat denial of service (CVE-2025-52520)
tomcat: Apache Tomcat denial of service (CVE-2025-52434)
tomcat: Apache Tomcat denial of service (CVE-2025-53506)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "tomcat9"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-5.el10_0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "tomcat9-admin-webapps"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-5.el10_0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "tomcat9-docs-webapp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-5.el10_0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "tomcat9-el-3.0-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-5.el10_0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "tomcat9-jsp-2.3-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-5.el10_0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "tomcat9-lib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-5.el10_0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "tomcat9-servlet-4.0-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-5.el10_0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "tomcat9-webapps"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-5.el10_0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.  \n\nSecurity Fix(es):  \n\n  * tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)\n  * tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)\n  * apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)\n  * tomcat: http/2 \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-48989)\n  * tomcat: Apache Tomcat denial of service (CVE-2025-52520)\n  * tomcat: Apache Tomcat denial of service (CVE-2025-52434)\n  * tomcat: Apache Tomcat denial of service (CVE-2025-53506)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:14178",
  "modified": "2025-08-22T10:20:42Z",
  "published": "2025-08-20T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:14178"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-48976"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-48988"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-48989"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-49125"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-52434"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-52520"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-53506"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2373015"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2373018"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2373020"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2373309"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2379374"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2379382"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2379386"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2025-14178.html"
    }
  ],
  "related": [
    "CVE-2025-48988",
    "CVE-2025-49125",
    "CVE-2025-48976",
    "CVE-2025-48989",
    "CVE-2025-52520",
    "CVE-2025-52434",
    "CVE-2025-53506"
  ],
  "summary": "Important: tomcat9 security update"
}

cve-2025-48976

Vulnerability from osv_almalinux

Published

2025-08-20 00:00

Modified

2025-08-22 11:25

Summary

Important: tomcat security update

Details

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.

Security Fix(es):

tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)
tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)
tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
tomcat: Apache Tomcat denial of service (CVE-2025-52520)
tomcat: Apache Tomcat denial of service (CVE-2025-52434)
tomcat: Apache Tomcat denial of service (CVE-2025-53506)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-3.el9_6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "tomcat-admin-webapps"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-3.el9_6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "tomcat-docs-webapp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-3.el9_6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "tomcat-el-3.0-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-3.el9_6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "tomcat-jsp-2.3-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-3.el9_6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "tomcat-lib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-3.el9_6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "tomcat-servlet-4.0-api"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-3.el9_6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "tomcat-webapps"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:9.0.87-3.el9_6.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.  \n\nSecurity Fix(es):  \n\n  * tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)\n  * tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)\n  * apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)\n  * tomcat: http/2 \"MadeYouReset\" DoS attack through HTTP/2 control frames (CVE-2025-48989)\n  * tomcat: Apache Tomcat denial of service (CVE-2025-52520)\n  * tomcat: Apache Tomcat denial of service (CVE-2025-52434)\n  * tomcat: Apache Tomcat denial of service (CVE-2025-53506)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:14181",
  "modified": "2025-08-22T11:25:23Z",
  "published": "2025-08-20T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:14181"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-48976"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-48988"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-48989"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-49125"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-52434"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-52520"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-53506"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2373015"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2373018"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2373020"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2373309"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2379374"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2379382"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2379386"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-14181.html"
    }
  ],
  "related": [
    "CVE-2025-48988",
    "CVE-2025-49125",
    "CVE-2025-48976",
    "CVE-2025-48989",
    "CVE-2025-52520",
    "CVE-2025-52434",
    "CVE-2025-53506"
  ],
  "summary": "Important: tomcat security update"
}

JVNDB-2026-002030

Vulnerability from jvndb - Published: 2026-01-29 10:32 - Updated:2026-01-29 10:32

Summary

Multiple Vulnerabilities in Cosminexus

Details

Multiple vulnerabilities exist in Cosminexus Component Container. CVE-2025-48988, CVE-2025-48976 Affected products and versions are listed below. Please upgrade your version to the appropriate version. These vulnerabilities exist in Cosminexus Component Container which is a component product of other Hitachi products. For details about the fixed version about Cosminexus products, contact your Hitachi support service representative.

References

Type

URL

	CVE	https://www.cve.org/CVERecord?id=CVE-2025-48976
	CVE	https://www.cve.org/CVERecord?id=CVE-2025-48988

Impacted products

Vendor

Product

	Hitachi, Ltd	uCosminexus Application Server(64)
	Hitachi, Ltd	uCosminexus Application Server-R
	Hitachi, Ltd	Programming Environment for Java
	Hitachi, Ltd	uCosminexus Application Server
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Primary Server Base
	Hitachi, Ltd	uCosminexus Primary Server Base(64)
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform
	Hitachi, Ltd	uCosminexus Service Platform(64)

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-002030.html",
  "dc:date": "2026-01-29T10:32+09:00",
  "dcterms:issued": "2026-01-29T10:32+09:00",
  "dcterms:modified": "2026-01-29T10:32+09:00",
  "description": "Multiple vulnerabilities exist in Cosminexus Component Container.\r\n\r\nCVE-2025-48988, CVE-2025-48976\r\n\r\nAffected products and versions are listed below. Please upgrade your version to the appropriate version.\r\nThese vulnerabilities exist in Cosminexus Component Container which is a component product of other Hitachi products.\r\nFor details about the fixed version about Cosminexus products, contact your Hitachi support service representative.",
  "link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-002030.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:hitachi_application_server64",
      "@product": "uCosminexus Application Server(64)",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_application_server_r",
      "@product": "uCosminexus Application Server-R",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:programming_environment_for_java",
      "@product": "Programming Environment for Java",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server",
      "@product": "uCosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_primary_server_base",
      "@product": "uCosminexus Primary Server Base",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_primary_server_base64",
      "@product": "uCosminexus Primary Server Base(64)",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform_64",
      "@product": "uCosminexus Service Platform(64)",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:identifier": "JVNDB-2026-002030",
  "sec:references": [
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-48976",
      "@id": "CVE-2025-48976",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-48988",
      "@id": "CVE-2025-48988",
      "@source": "CVE"
    }
  ],
  "title": "Multiple Vulnerabilities in Cosminexus"
}

JVNDB-2025-000044

Vulnerability from jvndb - Published: 2025-06-26 14:41 - Updated:2025-10-01 14:18

Severity ?

5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Denial-of-service (DoS) vulnerabilities in multiple Apache products

Details

Multiple Apache products provided by The Apache Software Foundation contain vulnerabilities listed below.

Allocation of resources without limits or throttling (CWE-770) - CVE-2025-48976, CVE-2025-48988

TERASOLUNA Framework Security Team of NTT DATA Group Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN09924566/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2025-48976
	CVE	https://www.cve.org/CVERecord?id=CVE-2025-48988
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Apache Software Foundation	Commons FileUpload
	Apache Software Foundation	Apache Tomcat

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000044.html",
  "dc:date": "2025-10-01T14:18+09:00",
  "dcterms:issued": "2025-06-26T14:41+09:00",
  "dcterms:modified": "2025-10-01T14:18+09:00",
  "description": "Multiple Apache products provided by The Apache Software Foundation contain vulnerabilities listed below.\r\n\u003cul\u003e\u003cli\u003eAllocation of resources without limits or throttling (CWE-770) - CVE-2025-48976, CVE-2025-48988\u003c/li\u003e\u003c/ul\u003e\r\nTERASOLUNA Framework Security Team of NTT DATA Group Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000044.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:commons_fileupload",
      "@product": "Commons FileUpload",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:apache:tomcat",
      "@product": "Apache Tomcat",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2025-000044",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN09924566/index.html",
      "@id": "JVN#09924566",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-48976",
      "@id": "CVE-2025-48976",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2025-48988",
      "@id": "CVE-2025-48988",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Denial-of-service (DoS) vulnerabilities in multiple Apache products"
}

GHSA-VV7R-C36W-3PRJ

Vulnerability from github – Published: 2025-06-16 15:32 – Updated: 2025-11-03 22:59

Summary

Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers

Details

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.

This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.

Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

Severity ?

8.7 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "commons-fileupload:commons-fileupload"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0"
            },
            {
              "fixed": "1.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.commons:commons-fileupload2-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0-M1"
            },
            {
              "fixed": "2.0.0-M4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-48976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-16T16:52:30Z",
    "nvd_published_at": "2025-06-16T15:15:24Z",
    "severity": "HIGH"
  },
  "details": "Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.\n\nThis issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.\n\nUsers are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.",
  "id": "GHSA-vv7r-c36w-3prj",
  "modified": "2025-11-03T22:59:04Z",
  "published": "2025-06-16T15:32:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48976"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/commons-fileupload/commit/b247774a72a044f5d5380ae947140ee80af4e78b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/commons-fileupload/commit/bf68f63cfb312ef4710fb3dfb4d8e4e1665f4497"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/tomcat/commit/97790a35a27d236fa053e660676c3f8196284d93"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/commons-fileupload"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/06/16/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Commons FileUpload, Apache Commons FileUpload: FileUpload DoS via part headers"
}

CVE-2025-48976

Vulnerability from fstec - Published: 16.06.2025

Title

Уязвимость библиотеки Apache Commons FileUpload, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость библиотеки Apache Commons FileUpload связана с неограниченным распределением ресурсов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

ООО «Ред Софт», АО «ИВК», Apache Software Foundation, АО "НППКТ"

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), АЛЬТ СП 10, Commons FileUpload, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

7.3 (РЕД ОС), - (АЛЬТ СП 10), от 1.0 до 1.6 (Commons FileUpload), от 2.0.0-M1 до 2.0.0-M4 (Commons FileUpload), до 2.14 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12 Для ОС АЛЬТ СП 10: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/ Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Обновление программного обеспечения tomcat9 до версии 9.0.107+repack-0+deb11u1.osnova2u1

Reference

https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12 https://www.openwall.com/lists/oss-security/2025/06/16/4 https://altsp.su/obnovleniya-bezopasnosti/ http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.14/

CWE

CWE-770

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Apache Software Foundation, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), \u043e\u0442 1.0 \u0434\u043e 1.6 (Commons FileUpload), \u043e\u0442 2.0.0-M1 \u0434\u043e 2.0.0-M4 (Commons FileUpload), \u0434\u043e 2.14 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u041b\u042c\u0422 \u0421\u041f 10: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f tomcat9 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 9.0.107+repack-0+deb11u1.osnova2u1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.06.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.10.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.07.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-07776",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-48976",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041b\u042c\u0422 \u0421\u041f 10, Commons FileUpload, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.14  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Apache Commons FileUpload, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u043e\u0435 \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 \u0438\u043b\u0438 \u0434\u0440\u043e\u0441\u0441\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 (CWE-770)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Apache Commons FileUpload \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12\nhttps://www.openwall.com/lists/oss-security/2025/06/16/4\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.14/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-770",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

FKIE_CVE-2025-48976

Vulnerability from fkie_nvd - Published: 2025-06-16 15:15 - Updated: 2025-11-03 20:19

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4. Users are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue.

References

URL	Tags
security@apache.org	https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12	Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/06/16/4	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html

Impacted products

Vendor	Product	Version
apache	commons_fileupload	*
apache	commons_fileupload	2.0.0
apache	commons_fileupload	2.0.0
apache	commons_fileupload	2.0.0
apache	commons_fileupload	2.0.0
apache	commons_fileupload	2.0.0
apache	commons_fileupload	2.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20D93D43-A57F-4C1E-82AC-EB50648742EE",
              "versionEndExcluding": "1.6",
              "versionStartIncluding": "1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:m1:*:*:*:*:*:*",
              "matchCriteriaId": "3B415BCF-AACF-4882-8882-10D99610C79D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:m1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EB892667-4AF8-41C6-9F40-D800CA16A8C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:m2:*:*:*:*:*:*",
              "matchCriteriaId": "9AE1594A-1C38-461E-B949-76A0C24A3C7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:m2-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "827AA598-1A62-4529-A7C7-37EB9D56BE6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:m3:*:*:*:*:*:*",
              "matchCriteriaId": "AA5C9AC9-56E6-4864-9965-827C93755F8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:commons_fileupload:2.0.0:m3-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "C2395D9D-DEF6-4CC7-87F9-6D8FC9DCEE74",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload.\n\nThis issue affects Apache Commons FileUpload: from 1.0 before 1.6; from 2.0.0-M1 before 2.0.0-M4.\n\nUsers are recommended to upgrade to versions 1.6 or 2.0.0-M4, which fix the issue."
    },
    {
      "lang": "es",
      "value": "La asignaci\u00f3n de recursos para encabezados multiparte con l\u00edmites insuficientes gener\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en Apache Commons FileUpload. Este problema afecta a Apache Commons FileUpload: de la versi\u00f3n 1.0 a la 1.6; de la versi\u00f3n 2.0.0-M1 a la 2.0.0-M4. Se recomienda actualizar a las versiones 1.6 o 2.0.0-M4, que solucionan el problema."
    }
  ],
  "id": "CVE-2025-48976",
  "lastModified": "2025-11-03T20:19:07.730",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-16T15:15:24.460",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/fbs3wrr3p67vkjcxogqqqqz45pqtso12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2025/06/16/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2025-48976 (GCVE-0-2025-48976)

Tags

Sightings

Nomenclature

Action not permitted

CVE-2025-48976 (GCVE-0-2025-48976)

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature