{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Identity Manager versions 3.3.3 \u00e0 3.3.6 sans le dernier correctif de s\u00e9curit\u00e9 (KB88099)","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Workspace ONE Access Appliance version 21.08.0.x sans le dernier correctif de s\u00e9curit\u00e9 (KB88099)","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"vRealize Suite Lifecycle Manager versions 8.x sans le dernier correctif de s\u00e9curit\u00e9 (KB88099)","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Client Horizon pour Linux versions ant\u00e9rieures \u00e0 2203","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"vRealize Automation version 7.6 sans le dernier correctif de s\u00e9curit\u00e9 (KB88099)","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Workspace ONE Access Appliance version 20.10.0.x sans le dernier correctif de s\u00e9curit\u00e9 (KB88099)","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Cloud Foundation versions 3.x sans le dernier correctif de s\u00e9curit\u00e9 (KB88099)","product":{"name":"Cloud Foundation","vendor":{"name":"VMware","scada":false}}},{"description":"Cloud Foundation versions 4.x sans le dernier correctif de s\u00e9curit\u00e9 (KB88099)","product":{"name":"Cloud Foundation","vendor":{"name":"VMware","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-22954","url":"https://www.cve.org/CVERecord?id=CVE-2022-22954"},{"name":"CVE-2022-22964","url":"https://www.cve.org/CVERecord?id=CVE-2022-22964"},{"name":"CVE-2022-22962","url":"https://www.cve.org/CVERecord?id=CVE-2022-22962"},{"name":"CVE-2022-22955","url":"https://www.cve.org/CVERecord?id=CVE-2022-22955"},{"name":"CVE-2022-22961","url":"https://www.cve.org/CVERecord?id=CVE-2022-22961"},{"name":"CVE-2022-22959","url":"https://www.cve.org/CVERecord?id=CVE-2022-22959"},{"name":"CVE-2022-22957","url":"https://www.cve.org/CVERecord?id=CVE-2022-22957"},{"name":"CVE-2022-22956","url":"https://www.cve.org/CVERecord?id=CVE-2022-22956"},{"name":"CVE-2022-22958","url":"https://www.cve.org/CVERecord?id=CVE-2022-22958"},{"name":"CVE-2022-22960","url":"https://www.cve.org/CVERecord?id=CVE-2022-22960"}],"links":[],"reference":"CERTFR-2022-AVI-318","revisions":[{"description":"Version initiale","revision_date":"2022-04-07T00:00:00.000000"}],"risks":[{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware MSA-2022-0012 du 06 avril 2022","url":"https://www.vmware.com/security/advisories/VMSA-2022-0012.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware MSA-2022-0011 du 06 avril 2022","url":"https://www.vmware.com/security/advisories/VMSA-2022-0011.html"}]}