{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP SuccessFactors attachmentAPI pour Mobile Application (Android et iOS) versions ant\u00e9rieures \u00e0 8.1.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Biller Direct versions-635, 750","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Commerce versions 1905, 2005, 2105, 2011, 2205","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP GUI pour Windows version 7.70","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP SQL Anywhere version 17.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Financial Consolidation version 1010","product":{"name":"SAP Financial Consolidation","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Application Server ABAP et ABAP Platform versions 700, 731, 804, 740, 750, 789","product":{"name":"NetWeaver Application Server ABAP et ABAP Platform","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver ABAP Server et ABAP Platform versions 700, 731, 740, 750, 789","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP 3D Visual Enterprise Author,Version 9.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP 3D Visual Enterprise Viewer,Version 9.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAPUI5 versions 754, 755, 756, 757","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAPUI5 CLIENT RUNTIME versions 600, 700, 800, 900, 1000","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP BusinessObjects Business Intelligence Platform (Central Management Console et BI Launchpad) versions 4.2, 4.3","product":{"name":"SAP BusinessObjects Business Intelligence","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-35291","url":"https://www.cve.org/CVERecord?id=CVE-2022-35291"},{"name":"CVE-2022-41203","url":"https://www.cve.org/CVERecord?id=CVE-2022-41203"},{"name":"CVE-2022-41259","url":"https://www.cve.org/CVERecord?id=CVE-2022-41259"},{"name":"CVE-2022-41258","url":"https://www.cve.org/CVERecord?id=CVE-2022-41258"},{"name":"CVE-2022-41214","url":"https://www.cve.org/CVERecord?id=CVE-2022-41214"},{"name":"CVE-2022-41212","url":"https://www.cve.org/CVERecord?id=CVE-2022-41212"},{"name":"CVE-2022-41211","url":"https://www.cve.org/CVERecord?id=CVE-2022-41211"},{"name":"CVE-2022-41208","url":"https://www.cve.org/CVERecord?id=CVE-2022-41208"},{"name":"CVE-2022-41204","url":"https://www.cve.org/CVERecord?id=CVE-2022-41204"},{"name":"CVE-2022-41260","url":"https://www.cve.org/CVERecord?id=CVE-2022-41260"},{"name":"CVE-2022-41205","url":"https://www.cve.org/CVERecord?id=CVE-2022-41205"},{"name":"CVE-2022-35737","url":"https://www.cve.org/CVERecord?id=CVE-2022-35737"},{"name":"CVE-2022-41215","url":"https://www.cve.org/CVERecord?id=CVE-2022-41215"},{"name":"CVE-2022-41207","url":"https://www.cve.org/CVERecord?id=CVE-2022-41207"},{"name":"CVE-2021-20223","url":"https://www.cve.org/CVERecord?id=CVE-2021-20223"}],"links":[],"reference":"CERTFR-2022-AVI-1020","revisions":[{"description":"Version initiale","revision_date":"2022-11-10T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP du 09 novembre 2022","url":"https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=1&todaysdate=2022-11-09"}]}