{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"VMware ESX version 3.5 sans les mises \u00e0 jour ESX350-200910401-SG et ESX350-200901401-SG;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware ESXi version 4.0 sans la mise \u00e0 jour ESXi400-200909401-BG ;","product":{"name":"ESXi","vendor":{"name":"VMware","scada":false}}},{"description":"VMware ESX version 2.5.5 sans la mise \u00e0 jour num\u00e9ro 15;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware ESXi version 3.5 sans les mises \u00e0 jour ESXe350-200910401-l-SG et ESXe350-200901401-l-SG;","product":{"name":"ESXi","vendor":{"name":"VMware","scada":false}}},{"description":"VMware ESX version 4.0 sans la mise \u00e0 jour ESX400-200909401-BG;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Player version 2.5.2 et versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware ACE version 2.5.2 et versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware ESX version 3.0.3 sans les mises \u00e0 jour ESX303-200910401-SG et ESX350-200901401-SG;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Fusion version 2.0.5 et versions ant\u00e9rieures ;","product":{"name":"Fusion","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Server version 1.0.9 et versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Workstation version 6.5.2 et versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Server version 2.0.1 et versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware :\n\n-   la premi\u00e8re est due \u00e0 une mauvaise gestion des exceptions et permet\n    \u00e0 un utilisateur malintentionn\u00e9 d'\u00e9lever ses privil\u00e8ges ;\n-   la seconde consiste en une vuln\u00e9rabilit\u00e9 de type directory traversal\n    et permet \u00e0 un utilisateur malintentionn\u00e9 d'acc\u00e9der \u00e0 des fichiers\n    stock\u00e9s sur la machine h\u00f4te.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2009-3733","url":"https://www.cve.org/CVERecord?id=CVE-2009-3733"},{"name":"CVE-2009-2267","url":"https://www.cve.org/CVERecord?id=CVE-2009-2267"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 VMware num\u00e9ro VMSA-2009-0015 du 27    octobre 2009 :","url":"http://www.vmware.com/security/advisories/VMSA-2009-0015.html"}],"reference":"CERTA-2009-AVI-464","revisions":[{"description":"version initiale.","revision_date":"2009-10-30T00:00:00.000000"}],"risks":[{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Deux vuln\u00e9rabilit\u00e9s permettant d'acc\u00e9der \u00e0 des informations sensibles et\nd'augmenter ses privil\u00e8ges ont \u00e9t\u00e9 d\u00e9couvertes dans VMware.\n","title":"Multiples vuln\u00e9rabilit\u00e9s des produits VMware","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware VMSA-2009-0015 du 27 octobre 2009","url":null}]}