{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP Process Integration (Enterprise Service Repository JAVA Mappings) versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP CRM versions 700, 701, 702, 712, 713, 714","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS ABAP and ABAP Platform versions 700, 702, 730, 731, 804, 740, 750, 784, DEV","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP 3D Visual Enterprise Viewer version 9.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS JAVA (Enterprise Portal) versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50","product":{"name":"SAP NetWeaver AS Java","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for Java (Http Service) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business Client version 6.5","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS ABAP (Reconciliation Framework) versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Web Dispatcher and Internet Communication Manager versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Lumira Server version 2.4","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Guided Procedures (Administration Workset) versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business Objects Web Intelligence (BI Launchpad) versions 420, 430","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS ABAP and ABAP Platform versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 8.04, 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.77, 7.81, 7.84","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS JAVA (Administrator applications) version 7.50","product":{"name":"SAP NetWeaver AS Java","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2021-33671","url":"https://www.cve.org/CVERecord?id=CVE-2021-33671"},{"name":"CVE-2021-27610","url":"https://www.cve.org/CVERecord?id=CVE-2021-27610"},{"name":"CVE-2021-33681","url":"https://www.cve.org/CVERecord?id=CVE-2021-33681"},{"name":"CVE-2021-33678","url":"https://www.cve.org/CVERecord?id=CVE-2021-33678"},{"name":"CVE-2021-33684","url":"https://www.cve.org/CVERecord?id=CVE-2021-33684"},{"name":"CVE-2021-33677","url":"https://www.cve.org/CVERecord?id=CVE-2021-33677"},{"name":"CVE-2021-33687","url":"https://www.cve.org/CVERecord?id=CVE-2021-33687"},{"name":"CVE-2021-33676","url":"https://www.cve.org/CVERecord?id=CVE-2021-33676"},{"name":"CVE-2021-27604","url":"https://www.cve.org/CVERecord?id=CVE-2021-27604"},{"name":"CVE-2021-33683","url":"https://www.cve.org/CVERecord?id=CVE-2021-33683"},{"name":"CVE-2021-33680","url":"https://www.cve.org/CVERecord?id=CVE-2021-33680"},{"name":"CVE-2021-33689","url":"https://www.cve.org/CVERecord?id=CVE-2021-33689"},{"name":"CVE-2021-33667","url":"https://www.cve.org/CVERecord?id=CVE-2021-33667"},{"name":"CVE-2021-33682","url":"https://www.cve.org/CVERecord?id=CVE-2021-33682"},{"name":"CVE-2021-33670","url":"https://www.cve.org/CVERecord?id=CVE-2021-33670"}],"links":[],"reference":"CERTFR-2021-AVI-523","revisions":[{"description":"Version initiale","revision_date":"2021-07-15T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l'\u00e9diteur, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP 580617506 du 13 juillet 2021","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506"}]}