{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Unicenter Argis Portfolio Asset Management 11 ;","product":{"name":"Portal","vendor":{"name":"Liferay","scada":false}}},{"description":"Unicenter Management Portal (UMP) 2, 3.1, 11.","product":{"name":"Portal","vendor":{"name":"Liferay","scada":false}}},{"description":"Unicenter Database Management Portal 11, 11.1 ;","product":{"name":"Portal","vendor":{"name":"Liferay","scada":false}}},{"description":"CleverPath Aion 10, 10.1, 10.2 ;","product":{"name":"Portal","vendor":{"name":"Liferay","scada":false}}},{"description":"CleverPath Portal 4.51, 4.7, 4.71 ;","product":{"name":"Portal","vendor":{"name":"Liferay","scada":false}}},{"description":"BrightStor Portal 11.1 ;","product":{"name":"Portal","vendor":{"name":"Liferay","scada":false}}},{"description":"Unicenter Enterprise Job Manager (UEJM) 3, 11 ;","product":{"name":"Portal","vendor":{"name":"Liferay","scada":false}}},{"description":"eTrust Security Command Center (eTrust SCC) 1, 8 ;","product":{"name":"Portal","vendor":{"name":"Liferay","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Computer Associates CleverPath\nPortal. Elle permet \u00e0 un utilisateur malintentionn\u00e9 et authentifi\u00e9\nd'envoyer des requ\u00eates au syst\u00e8me de gestion de base de donn\u00e9es\nrelationnelle. Les donn\u00e9es ainsi r\u00e9cup\u00e9r\u00e9es ne peuvent pas \u00eatre\nmodifi\u00e9es. La vuln\u00e9rabilit\u00e9 n'est pr\u00e9sente que dans la fonctionnalit\u00e9\nCleverPath Portal Lite Search.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2007-2230","url":"https://www.cve.org/CVERecord?id=CVE-2007-2230"}],"links":[],"reference":"CERTA-2007-AVI-192","revisions":[{"description":"version initiale.","revision_date":"2007-04-26T00:00:00.000000"}],"risks":[{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"Une vuln\u00e9rabilit\u00e9 dans <span class=\"textit\">Computer Associates\nCleverPath Portal</span> permet une atteinte \u00e0 la confidentialit\u00e9 de\ncertaines donn\u00e9es.\n","title":"Vuln\u00e9rabilit\u00e9 dans Computer Associates CleverPath Portal","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Computer Associates du 24 avril 2007","url":"http://supportconnectw.ca.com/public/cp/portal/infodocs/portal-secnot.asp"}]}