{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"VMware Cloud Foundation (vRLI) versions 4.x sans le correctif KB86000","product":{"name":"Cloud Foundation","vendor":{"name":"VMware","scada":false}}},{"description":"VMware vRealize Log Insight version 8.3 sans le correctif KB85990","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware vRealize Orchestrator versions 8.x ant\u00e9rieures \u00e0 8.6","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware vRealize Operations versions 8.x et 7.x ant\u00e9rieures \u00e0 8.6.0","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Cloud Foundation (vROps) versions 4.x et 3.x","product":{"name":"Cloud Foundation","vendor":{"name":"VMware","scada":false}}},{"description":"VMware vRealize Log Insight versions 8.4.1, 8.4.0 sans le correctif KB85992","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware vRealize Log Insight version 8.2 sans le correctif KB85989","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware vRealize Log Insight versions 8.1.1, 8.1.0, 8.0.0 et 4.x sans le correctif KB85985","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"vRealize Suite Lifecycle Manager (vROps) versions 8.x","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"vRealize Suite Lifecycle Manager (vRLI) versions 8.x sans le correctif KB86000","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2021-22035","url":"https://www.cve.org/CVERecord?id=CVE-2021-22035"},{"name":"CVE-2021-22033","url":"https://www.cve.org/CVERecord?id=CVE-2021-22033"},{"name":"CVE-2021-22036","url":"https://www.cve.org/CVERecord?id=CVE-2021-22036"}],"links":[],"reference":"CERTFR-2021-AVI-776","revisions":[{"description":"Version initiale","revision_date":"2021-10-13T00:00:00.000000"}],"risks":[{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Elles permettent \u00e0 un attaquant de provoquer un contournement de\nla politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware VMSA-2021-0022 du 12 octobre 2021","url":"https://www.vmware.com/security/advisories/VMSA-2021-0022.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware VMSA-2021-0021 du 12 octobre 2021","url":"https://www.vmware.com/security/advisories/VMSA-2021-0021.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware VMSA-2021-0023 du 12 octobre 2021","url":"https://www.vmware.com/security/advisories/VMSA-2021-0023.html"}]}