{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP NetWeaver Application Server Java (User Management Engine) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP BusinessObjects Mobile (MobileBIService) version 4.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP ERP (EAPPGLO) version 607","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Solution Manager (Diagnostics Agent) version 7.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business Objects Business Intelligence Platform (Crystal Reports) versions 4.1 et 4.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Fiori Launchpad versions 753 et 754","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business Client version 6.5","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Disclosure Management version 10.1","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Commerce Cloud (SmartEdit Extension) versions - 6.6, 6.7, 1808 et 1811","product":{"name":"Commerce Cloud","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Treasury and Risk Management (Transaction Management) versions EA-FINSERV 600, 603, 604, 605, 606, 616, 617, 618, 800, S4CORE 101, 102, 103 et 104","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS ABAP Business Server Pages (Smart Forms) - SAP_BASIS versions 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52,","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Commerce Cloud (Testweb Extension) versions 6.6, 6.7, 1808, 1811 et 1905","product":{"name":"Commerce Cloud","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Cloud Platform Integration for Data Services version 1.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver UDDI Server (Services Registry) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":".53 et 7.54","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Solution Manager (User Experience Monitoring) version 7.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Enable Now versions ant\u00e9rieures \u00e0 1908","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP MaxDB (liveCache) versions 7.8 et 7.9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Enable Now versions ant\u00e9rieures \u00e0 1911","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2020-6202","url":"https://www.cve.org/CVERecord?id=CVE-2020-6202"},{"name":"CVE-2018-2450","url":"https://www.cve.org/CVERecord?id=CVE-2018-2450"},{"name":"CVE-2020-6210","url":"https://www.cve.org/CVERecord?id=CVE-2020-6210"},{"name":"CVE-2020-6208","url":"https://www.cve.org/CVERecord?id=CVE-2020-6208"},{"name":"CVE-2020-6178","url":"https://www.cve.org/CVERecord?id=CVE-2020-6178"},{"name":"CVE-2020-6207","url":"https://www.cve.org/CVERecord?id=CVE-2020-6207"},{"name":"CVE-2020-6198","url":"https://www.cve.org/CVERecord?id=CVE-2020-6198"},{"name":"CVE-2020-6197","url":"https://www.cve.org/CVERecord?id=CVE-2020-6197"},{"name":"CVE-2020-6199","url":"https://www.cve.org/CVERecord?id=CVE-2020-6199"},{"name":"CVE-2020-6203","url":"https://www.cve.org/CVERecord?id=CVE-2020-6203"},{"name":"CVE-2020-6206","url":"https://www.cve.org/CVERecord?id=CVE-2020-6206"},{"name":"CVE-2020-6200","url":"https://www.cve.org/CVERecord?id=CVE-2020-6200"},{"name":"CVE-2020-6205","url":"https://www.cve.org/CVERecord?id=CVE-2020-6205"},{"name":"CVE-2020-6204","url":"https://www.cve.org/CVERecord?id=CVE-2020-6204"},{"name":"CVE-2020-6196","url":"https://www.cve.org/CVERecord?id=CVE-2020-6196"},{"name":"CVE-2020-6209","url":"https://www.cve.org/CVERecord?id=CVE-2020-6209"},{"name":"CVE-2020-6201","url":"https://www.cve.org/CVERecord?id=CVE-2020-6201"}],"links":[],"reference":"CERTFR-2020-AVI-140","revisions":[{"description":"Version initiale","revision_date":"2020-03-11T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP du 10 mars 2020","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"}]}