{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"HP Performance Manager v8.10.","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"HP Performance Manager v8.20 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"HP Performance Manager v8.21 ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans HP Performance\nManager. Elles peuvent \u00eatre exploit\u00e9es par une personne malveillante\nafin de :\n\n-   de provoquer un d\u00e9ni de service (CVE-2009-0033) ;\n-   de contourner la politique de s\u00e9curit\u00e9 (CVE-2008-5515,\n    CVE-2009-2901) ;\n-   de porter atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es (CVE-2009-0783,\n    CVE-2009-2693, CVE-2009-2902) ;\n-   de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es (CVE-2009-0580,\n    CVE-2009-0783) ;\n-   d'\u00e9lever ses privil\u00e8ges (CVE-2009-3548) ;\n-   de r\u00e9aliser une attaque par injection de code indirecte\n    (CVE-2009-0781) ;\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2009-2901","url":"https://www.cve.org/CVERecord?id=CVE-2009-2901"},{"name":"CVE-2009-2693","url":"https://www.cve.org/CVERecord?id=CVE-2009-2693"},{"name":"CVE-2009-2902","url":"https://www.cve.org/CVERecord?id=CVE-2009-2902"},{"name":"CVE-2009-0580","url":"https://www.cve.org/CVERecord?id=CVE-2009-0580"},{"name":"CVE-2009-3548","url":"https://www.cve.org/CVERecord?id=CVE-2009-3548"},{"name":"CVE-2009-0033","url":"https://www.cve.org/CVERecord?id=CVE-2009-0033"},{"name":"CVE-2009-0781","url":"https://www.cve.org/CVERecord?id=CVE-2009-0781"},{"name":"CVE-2009-0783","url":"https://www.cve.org/CVERecord?id=CVE-2009-0783"},{"name":"CVE-2008-5515","url":"https://www.cve.org/CVERecord?id=CVE-2008-5515"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 HP #c02181353 du 17 mai 2010 :","url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02181353"},{"title":"Bulletin de s\u00e9curit\u00e9 HP #c02181353 du 17 mai 2010 :","url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02181353"}],"reference":"CERTA-2010-AVI-220","revisions":[{"description":"version initiale.","revision_date":"2010-05-20T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Injection de code indirecte \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans HP Performance Manager\npermettent \u00e0 un utilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni\nde service, de contourner la politique de s\u00e9curit\u00e9, de porter atteinte \u00e0\nla confidentialit\u00e9 et \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es, d'\u00e9lever ses privil\u00e8ges\nou encore de r\u00e9aliser une attaque par injection de code indirecte.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans HP Performance Manager","vendor_advisories":[{"published_at":null,"title":"Bulletin de scurit HP #c02181353 du 17 mai 2010","url":null}]}