{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Novell GroupWise version 8.0 disposant d'un correctif ant\u00e9rieur au Hot Patch 2.","product":{"name":"N/A","vendor":{"name":"Novell","scada":false}}},{"description":"Novell GroupWise versions 7.0 \u00e0 7.03 disposant d'un correctif ant\u00e9rieur au Hot Patch 3 ;","product":{"name":"N/A","vendor":{"name":"Novell","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent Novell GroupWise :\n\n-   les premi\u00e8res vuln\u00e9rabilit\u00e9s concernent GroupWise WebAccess, elles\n    permettent d'injecter du code indirecte ou de contourner la\n    politique de s\u00e9curit\u00e9 ;\n-   les derni\u00e8res vuln\u00e9rabilit\u00e9s concernent GroupWise Internet Agent,\n    elles permettent l'ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2009-1634","url":"https://www.cve.org/CVERecord?id=CVE-2009-1634"},{"name":"CVE-2009-1635","url":"https://www.cve.org/CVERecord?id=CVE-2009-1635"},{"name":"CVE-2009-1636","url":"https://www.cve.org/CVERecord?id=CVE-2009-1636"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Novell 7003267 du 21 mai 2009 :","url":"http://www.novell.com/support/viewContent.do?externalId=7003267"},{"title":"Bulletin de s\u00e9curit\u00e9 Novell 7003273 du 21 mai 2009 :","url":"http://www.novell.com/support/viewContent.do?externalId=7003273"},{"title":"Bulletin de s\u00e9curit\u00e9 Novell 7003272 du 21 mai 2009 :","url":"http://www.novell.com/support/viewContent.do?externalId=7003272"},{"title":"Bulletin de s\u00e9curit\u00e9 Novell 7003271 du 21 mai 2009 :","url":"http://www.novell.com/support/viewContent.do?externalId=7003271"},{"title":"Bulletin de s\u00e9curit\u00e9 Novell 7003268 du 21 mai 2009 :","url":"http://www.novell.com/support/viewContent.do?externalId=7003268"},{"title":"Bulletin de s\u00e9curit\u00e9 Novell 7003266 du 21 mai 2009 :","url":"http://www.novell.com/support/viewContent.do?externalId=7003266"}],"reference":"CERTA-2009-AVI-200","revisions":[{"description":"version initiale.","revision_date":"2009-05-27T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s de <span class=\"textit\">Novell\nGroupWise</span> permettent \u00e0 un individu distant d'ex\u00e9cuter du code\narbitraire, de contourner la politique de s\u00e9curit\u00e9 et d'injecter du code\nde mani\u00e8re indirecte.\n","title":"Multiples vuln\u00e9rabilit\u00e9s de Novell GroupWise","vendor_advisories":[{"published_at":null,"title":"Bulletins de s\u00e9curit\u00e9 Novell 7003266 \u00e0 7003273 du 21 mai 2009","url":null}]}