{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Oracle Core RDBMS 11.2.0.3","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Core RDBMS 11.2.0.2","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Core RDBMS 10.2.0.4","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Core RDBMS 10.2.0.5","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Core RDBMS 11.1.0.7","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Core RDBMS 10.2.0.3","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2012-3132","url":"https://www.cve.org/CVERecord?id=CVE-2012-3132"},{"name":"CVE-2012-3137","url":"https://www.cve.org/CVERecord?id=CVE-2012-3137"},{"name":"CVE-2012-1751","url":"https://www.cve.org/CVERecord?id=CVE-2012-1751"},{"name":"CVE-2012-3146","url":"https://www.cve.org/CVERecord?id=CVE-2012-3146"},{"name":"CVE-2012-3151","url":"https://www.cve.org/CVERecord?id=CVE-2012-3151"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2012-1515893 du 16    octobre 2012 :","url":"http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"}],"reference":"CERTA-2012-AVI-577","revisions":[{"description":"version initiale.","revision_date":"2012-10-17T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans <span\nclass=\"textit\">Oracle Database Server</span>. L'une d'entre elle permet\n\u00e0 un attaquant de r\u00e9cup\u00e9rer la clef de session et le sel d'un\nutilisateur. Cela donne des informations sur le hash et rend donc plus\nfacile l'attaque par force brute pour d\u00e9terminer le mot de passe.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2012-1515893 du 16 Octobre 2012","url":null}]}