{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<H2><A name=\"SECTION00031000000000000000\" id=  \"SECTION00031000000000000000\"><SPAN class=\n  \"arabic\">2</SPAN>.<SPAN class=\"arabic\">1</SPAN> Les gestionnaires  de base de donn\u00e9es</A></H2>  <UL>    <LI>Oracle Database 10g Release 2 versions 10.2.0.1 et 10.2.0.2    ;</LI>    <LI>Oracle Database 10g Release 1 versions 10.1.0.4 et 10.1.0.5    ;</LI>    <LI>Oracle9i Database Release 2 versions 9.2.0.6 et 9.2.0.7    ;</LI>    <LI>Oracle8i Database Release 3 version 8.1.7.4.</LI>  </UL>  <H2><A name=\"SECTION00032000000000000000\" id=  \"SECTION00032000000000000000\"><SPAN class=\n  \"arabic\">2</SPAN>.<SPAN class=\"arabic\">2</SPAN> Le gestionnaire  d'entreprise</A></H2>  <UL>    <LI>Oracle Enterprise Manager 10g Grid Control version    10.2.0.1.</LI>  </UL>  <H2><A name=\"SECTION00033000000000000000\" id=  \"SECTION00033000000000000000\"><SPAN class=\n  \"arabic\">2</SPAN>.<SPAN class=\"arabic\">3</SPAN> Les applications  serveurs</A></H2>  <UL>    <LI>Oracle Application Server 10g Release 3 version 10.1.3.0.0    ;</LI>    <LI>Oracle Application Server 10g Release 2 versions    10.1.2.0.0, 10.1.2.0.2 et 10.1.2.1.0 ;</LI>    <LI>Oracle Application Server 10g Release 1 versions 9.0.4.2 et    9.0.4.3.</LI>  </UL>  <H2><A name=\"SECTION00034000000000000000\" id=  \"SECTION00034000000000000000\"><SPAN class=\n  \"arabic\">2</SPAN>.<SPAN class=\"arabic\">4</SPAN> Les suites  collaboratives</A></H2>  <UL>    <LI>Oracle Collaboration Suite 10g Release 1 version 10.1.2.0    ;</LI>    <LI>Oracle Collaboration Suite Release 2 version 9.0.4.2.</LI>  </UL>  <H2><A name=\"SECTION00035000000000000000\" id=  \"SECTION00035000000000000000\"><SPAN class=\n  \"arabic\">2</SPAN>.<SPAN class=\"arabic\">5</SPAN> Les suites de  E-commerce</A></H2>  <UL>    <LI>Oracle E-Business Suite 11i versions 11.5.7 et 11.5.10    ;</LI>    <LI>Oracle E-Business Release 11.0.</LI>  </UL>  <H2><A name=\"SECTION00036000000000000000\" id=  \"SECTION00036000000000000000\"><SPAN class=\n  \"arabic\">2</SPAN>.<SPAN class=\"arabic\">6</SPAN> Application  Pharmaceutique</A></H2>  <UL>    <LI>Oracle Pharmaceutical Applications versions 4.5.0 et 4.5.2    ;</LI>  </UL>  <H2><A name=\"SECTION00037000000000000000\" id=  \"SECTION00037000000000000000\"><SPAN class=\n  \"arabic\">2</SPAN>.<SPAN class=\"arabic\">7</SPAN> Les produits  PeopleSoft/JDE</A></H2>  <UL>    <LI>Oracle PeopleSoft Enterprise Tools 8.x ;</LI>    <LI>JD Edwards EnterpriseOne versions 8.95 et 8.96 ;</LI>    <LI>JD Edwards OneWorld versions 8.95 et 8.96 ;</LI>  </UL>","content":"## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans les produits Oracle.\nCertaines de ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9e par un\nutilisateur mal intentionn\u00e9 pour r\u00e9aliser des attaques par injection de\nrequ\u00eates SQL ou pour ex\u00e9cuter du code arbitraire sur le syst\u00e8me.  \nL'absence de traitement effectu\u00e9 sur les param\u00e8tres pass\u00e9s dans les\nproc\u00e9dures pr\u00e9sentes dans les paquetages sys.dbms_dcd_impdp,\nsys.kupw\\$worker, sys.dbms_stats, sys.dbms_upgrade peut \u00eatre exploit\u00e9e\npar un utilisateur mal intentionn\u00e9 pour r\u00e9aliser des attaques par\ninjection SQL ou ex\u00e9cuter du code sur le syst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2006-3724","url":"https://www.cve.org/CVERecord?id=CVE-2006-3724"},{"name":"CVE-2006-3710","url":"https://www.cve.org/CVERecord?id=CVE-2006-3710"},{"name":"CVE-2006-3721","url":"https://www.cve.org/CVERecord?id=CVE-2006-3721"},{"name":"CVE-2006-3705","url":"https://www.cve.org/CVERecord?id=CVE-2006-3705"},{"name":"CVE-2006-3709","url":"https://www.cve.org/CVERecord?id=CVE-2006-3709"},{"name":"CVE-2006-3702","url":"https://www.cve.org/CVERecord?id=CVE-2006-3702"},{"name":"CVE-2006-3723","url":"https://www.cve.org/CVERecord?id=CVE-2006-3723"},{"name":"CVE-2006-3722","url":"https://www.cve.org/CVERecord?id=CVE-2006-3722"},{"name":"CVE-2006-3718","url":"https://www.cve.org/CVERecord?id=CVE-2006-3718"},{"name":"CVE-2006-3714","url":"https://www.cve.org/CVERecord?id=CVE-2006-3714"},{"name":"CVE-2006-3698","url":"https://www.cve.org/CVERecord?id=CVE-2006-3698"},{"name":"CVE-2006-3700","url":"https://www.cve.org/CVERecord?id=CVE-2006-3700"},{"name":"CVE-2006-3708","url":"https://www.cve.org/CVERecord?id=CVE-2006-3708"},{"name":"CVE-2006-3720","url":"https://www.cve.org/CVERecord?id=CVE-2006-3720"},{"name":"CVE-2006-3707","url":"https://www.cve.org/CVERecord?id=CVE-2006-3707"},{"name":"CVE-2006-3713","url":"https://www.cve.org/CVERecord?id=CVE-2006-3713"},{"name":"CVE-2006-3715","url":"https://www.cve.org/CVERecord?id=CVE-2006-3715"},{"name":"CVE-2006-3703","url":"https://www.cve.org/CVERecord?id=CVE-2006-3703"},{"name":"CVE-2006-3712","url":"https://www.cve.org/CVERecord?id=CVE-2006-3712"},{"name":"CVE-2006-3704","url":"https://www.cve.org/CVERecord?id=CVE-2006-3704"},{"name":"CVE-2006-3717","url":"https://www.cve.org/CVERecord?id=CVE-2006-3717"},{"name":"CVE-2006-3719","url":"https://www.cve.org/CVERecord?id=CVE-2006-3719"},{"name":"CVE-2006-3706","url":"https://www.cve.org/CVERecord?id=CVE-2006-3706"},{"name":"CVE-2006-3701","url":"https://www.cve.org/CVERecord?id=CVE-2006-3701"},{"name":"CVE-2006-3711","url":"https://www.cve.org/CVERecord?id=CVE-2006-3711"},{"name":"CVE-2006-3699","url":"https://www.cve.org/CVERecord?id=CVE-2006-3699"},{"name":"CVE-2006-3716","url":"https://www.cve.org/CVERecord?id=CVE-2006-3716"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Oracle du 18 juillet 2006 :","url":"http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2006.html"}],"reference":"CERTA-2006-AVI-303","revisions":[{"description":"version initiale.","revision_date":"2006-07-19T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes sur les produits Oracle. Ces\nvuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par un utilisateur mal\nintentionn\u00e9 pour compromettre un syst\u00e8me \u00e9quip\u00e9 des produits\nvuln\u00e9rables.\n","title":"Multiples vuln\u00e9rabilit\u00e9s sur Oracle","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Oracle de Juillet 2006","url":null}]}