{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Oracle Application Server 10g ;","product":{"name":"Weblogic","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Hyperion Performance Suite 8.x ;","product":{"name":"Weblogic","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle E-business Suite 12 et 11i ;","product":{"name":"Weblogic","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle PeopleSoft Entreprise CRM 8.x et 9.x ;","product":{"name":"Weblogic","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Hyperion Bi Plus 9.x ;","product":{"name":"Weblogic","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Weblogic Server 6, 7,8,9 et 10.x.","product":{"name":"Weblogic","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Database 11g, 10g et 9i ;","product":{"name":"Weblogic","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Enterprise Manager Grid Control 10g ;","product":{"name":"Weblogic","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle PeopleSoft Entreprise PeopleTools 8.x ;","product":{"name":"Weblogic","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Enterprise Manager Database Control 11 et 10g ;","product":{"name":"Weblogic","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle TimesTen in-Memory Database ;","product":{"name":"Weblogic","vendor":{"name":"Oracle","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nOnze vuln\u00e9rabilit\u00e9s affectent les bases de donn\u00e9es Oracle Database. Deux\nsont exploitables localement. L'exploitation \u00e0 distance des neuf autres\ndemande une authentification pr\u00e9alable. Un utilisateur malveillant\nexploitant ces vuln\u00e9rabilit\u00e9s peut ex\u00e9cuter du code arbitraire \u00e0\ndistance ou acc\u00e9der ind\u00fbment aux donn\u00e9es.\n\nTrois vuln\u00e9rabilit\u00e9s concernent Oracle TimesTen in-Memory Database. Leur\nexploitation permet \u00e0 un utilisateur malveillant de provoquer un d\u00e9ni de\nservice \u00e0 distance, sans requ\u00e9rir d'authentification.\n\nNeuf vuln\u00e9rabilit\u00e9s affectent Oracle Application Server. Elle permettent\n\u00e0 un utilisateur malveillant non authentifi\u00e9 de provoquer un d\u00e9ni de\nservice \u00e0 distance, de modifier ou de lire des donn\u00e9es de mani\u00e8re\nill\u00e9gitime.\n\nSix vuln\u00e9rabilit\u00e9s de E-businees Suite permettent de porter atteinte \u00e0\nla confidentialit\u00e9 ou \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.\n\nDeux vuln\u00e9rabilit\u00e9s affectent Oracle Enterprise Manager. Leur\nexploitation permet \u00e0 un utilisateur malveillant de porter atteinte \u00e0\nl'int\u00e9grit\u00e9 des donn\u00e9es, \u00e0 distance.\n\nSept vuln\u00e9rabilit\u00e9s dans les produits Oracle PeopleSoft permettent \u00e0 un\nutilisateur malveillant disposant d'une session valide de provoquer un\nd\u00e9ni de service \u00e0 distance, de modifier ou de lire ind\u00fbment des donn\u00e9es.\n\nSept vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans les serveurs Oracle WebLogic,\ndont quatre sont exploitables \u00e0 distance sans authentification, une avec\nauthentification et deux localement. Elles permettent \u00e0 un utilisateur\nmalveillant de provoquer un d\u00e9ni de service \u00e0 distance, de modifier ou\nde lire des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2008-2621","url":"https://www.cve.org/CVERecord?id=CVE-2008-2621"},{"name":"CVE-2008-2592","url":"https://www.cve.org/CVERecord?id=CVE-2008-2592"},{"name":"CVE-2008-2577","url":"https://www.cve.org/CVERecord?id=CVE-2008-2577"},{"name":"CVE-2008-2608","url":"https://www.cve.org/CVERecord?id=CVE-2008-2608"},{"name":"CVE-2008-2607","url":"https://www.cve.org/CVERecord?id=CVE-2008-2607"},{"name":"CVE-2008-2597","url":"https://www.cve.org/CVERecord?id=CVE-2008-2597"},{"name":"CVE-2008-2612","url":"https://www.cve.org/CVERecord?id=CVE-2008-2612"},{"name":"CVE-2008-2606","url":"https://www.cve.org/CVERecord?id=CVE-2008-2606"},{"name":"CVE-2008-2617","url":"https://www.cve.org/CVERecord?id=CVE-2008-2617"},{"name":"CVE-2008-2605","url":"https://www.cve.org/CVERecord?id=CVE-2008-2605"},{"name":"CVE-2008-2616","url":"https://www.cve.org/CVERecord?id=CVE-2008-2616"},{"name":"CVE-2008-2578","url":"https://www.cve.org/CVERecord?id=CVE-2008-2578"},{"name":"CVE-2008-2586","url":"https://www.cve.org/CVERecord?id=CVE-2008-2586"},{"name":"CVE-2008-2602","url":"https://www.cve.org/CVERecord?id=CVE-2008-2602"},{"name":"CVE-2008-2598","url":"https://www.cve.org/CVERecord?id=CVE-2008-2598"},{"name":"CVE-2008-2596","url":"https://www.cve.org/CVERecord?id=CVE-2008-2596"},{"name":"CVE-2008-2590","url":"https://www.cve.org/CVERecord?id=CVE-2008-2590"},{"name":"CVE-2008-2582","url":"https://www.cve.org/CVERecord?id=CVE-2008-2582"},{"name":"CVE-2008-2610","url":"https://www.cve.org/CVERecord?id=CVE-2008-2610"},{"name":"CVE-2008-2587","url":"https://www.cve.org/CVERecord?id=CVE-2008-2587"},{"name":"CVE-2008-2583","url":"https://www.cve.org/CVERecord?id=CVE-2008-2583"},{"name":"CVE-2008-2594","url":"https://www.cve.org/CVERecord?id=CVE-2008-2594"},{"name":"CVE-2008-2611","url":"https://www.cve.org/CVERecord?id=CVE-2008-2611"},{"name":"CVE-2008-2609","url":"https://www.cve.org/CVERecord?id=CVE-2008-2609"},{"name":"CVE-2008-2595","url":"https://www.cve.org/CVERecord?id=CVE-2008-2595"},{"name":"CVE-2008-2615","url":"https://www.cve.org/CVERecord?id=CVE-2008-2615"},{"name":"CVE-2008-2580","url":"https://www.cve.org/CVERecord?id=CVE-2008-2580"},{"name":"CVE-2008-2614","url":"https://www.cve.org/CVERecord?id=CVE-2008-2614"},{"name":"CVE-2008-2593","url":"https://www.cve.org/CVERecord?id=CVE-2008-2593"},{"name":"CVE-2008-2581","url":"https://www.cve.org/CVERecord?id=CVE-2008-2581"},{"name":"CVE-2008-2613","url":"https://www.cve.org/CVERecord?id=CVE-2008-2613"},{"name":"CVE-2008-2585","url":"https://www.cve.org/CVERecord?id=CVE-2008-2585"},{"name":"CVE-2008-2600","url":"https://www.cve.org/CVERecord?id=CVE-2008-2600"},{"name":"CVE-2008-2604","url":"https://www.cve.org/CVERecord?id=CVE-2008-2604"},{"name":"CVE-2008-2576","url":"https://www.cve.org/CVERecord?id=CVE-2008-2576"},{"name":"CVE-2008-2620","url":"https://www.cve.org/CVERecord?id=CVE-2008-2620"},{"name":"CVE-2008-2588","url":"https://www.cve.org/CVERecord?id=CVE-2008-2588"},{"name":"CVE-2007-1359","url":"https://www.cve.org/CVERecord?id=CVE-2007-1359"},{"name":"CVE-2008-2584","url":"https://www.cve.org/CVERecord?id=CVE-2008-2584"},{"name":"CVE-2008-2603","url":"https://www.cve.org/CVERecord?id=CVE-2008-2603"},{"name":"CVE-2008-2618","url":"https://www.cve.org/CVERecord?id=CVE-2008-2618"},{"name":"CVE-2008-2589","url":"https://www.cve.org/CVERecord?id=CVE-2008-2589"},{"name":"CVE-2008-2599","url":"https://www.cve.org/CVERecord?id=CVE-2008-2599"},{"name":"CVE-2008-2591","url":"https://www.cve.org/CVERecord?id=CVE-2008-2591"},{"name":"CVE-2008-2601","url":"https://www.cve.org/CVERecord?id=CVE-2008-2601"},{"name":"CVE-2008-2622","url":"https://www.cve.org/CVERecord?id=CVE-2008-2622"},{"name":"CVE-2008-2579","url":"https://www.cve.org/CVERecord?id=CVE-2008-2579"}],"links":[{"title":"Bulletin de mise \u00e0 jour Oracle du 14 juillet 2008 :","url":"http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html"}],"reference":"CERTA-2008-AVI-367","revisions":[{"description":"version initiale.","revision_date":"2008-07-16T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De nombreuses vuln\u00e9rabilit\u00e9s affectent les produits <span\nclass=\"textit\">Oracle</span>. L'exploitation de certaines d'entre elles\npermet \u00e0 un utilisateur malveillant d'ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle et Weblogic","vendor_advisories":[{"published_at":null,"title":"Bulletin Oracle du 14 juillet 2008","url":null}]}