{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<TT>eIQNetworks Enterprise Security  Analyzer</TT> versions 2.4 et ant\u00e9rieures.","content":"## Description\n\neIQNetworks Enterprise Security Analyzer est un logiciel permettant\nd'effectuer l'analyse et la surveillance de la s\u00e9curit\u00e9 d'un r\u00e9seau.  \nPlusieurs vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans eIQNetworks Enterprise Security\nAnalyzer permettent \u00e0 un utilisateur distant d'ex\u00e9cuter du code\narbitraire sans authentification pr\u00e9alable. Elles affectent les\ncomposants suivants du syst\u00e8me :\n\n-   Monitoring.exe ;\n-   Topology.exe ;\n-   EnterpriseSecurityAnalyzer.exe ;\n-   SyslogServer.exe.\n\n## Solution\n\nLa version 2.5 de eIQNetworks Enterprise Security Analyzer corrige le\nprobl\u00e8me :\n\n    http://www.eiqnetworks.com\n","cves":[],"links":[],"reference":"CERTA-2006-AVI-313","revisions":[{"description":"version initiale.","revision_date":"2006-07-27T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s dans eIQNetworks Enterprise Security\nAnalyzer permettent \u00e0 un utilisateur distant d'ex\u00e9cuter du code\narbitraire.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans eIQNetworks Enterprise Security Analyzer","vendor_advisories":[{"published_at":null,"title":"Liste des changements apport\u00e9s \u00e0 la version 2.5","url":"http://www.eiqnetworks.com/products/enterprisesecurity/EnterpriseSecurityAnalyzer/ESA_2.5.0_Release_Notes.pdf"}]}