{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Contrail Networking versions ant\u00e9rieures \u00e0 2011.L4 et 21.3","product":{"name":"N/A","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"JIMS versions ant\u00e9rieures \u00e0 1.4.0","product":{"name":"N/A","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Paragon Active Assurance versions 3.3.x","product":{"name":"N/A","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Secure Analytics versions 7.4.x antt\u00e9rieures \u00e0 7.4.2 FixPack 2","product":{"name":"Secure Analytics","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Secure Analytics versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 FixPack 7","product":{"name":"Secure Analytics","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Paragon Active Assurance versions 3.1.x","product":{"name":"N/A","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Contrail Service Orchestration versions 6.0.x ant\u00e9rieures \u00e0 6.0.0 Patch v3","product":{"name":"N/A","vendor":{"name":"Juniper Networks","scada":false}}},{"description":"Paragon Active Assurance versions 3.2.x","product":{"name":"N/A","vendor":{"name":"Juniper Networks","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2019-1352","url":"https://www.cve.org/CVERecord?id=CVE-2019-1352"},{"name":"CVE-2021-3517","url":"https://www.cve.org/CVERecord?id=CVE-2021-3517"},{"name":"CVE-2021-26691","url":"https://www.cve.org/CVERecord?id=CVE-2021-26691"},{"name":"CVE-2021-34552","url":"https://www.cve.org/CVERecord?id=CVE-2021-34552"},{"name":"CVE-2020-7774","url":"https://www.cve.org/CVERecord?id=CVE-2020-7774"},{"name":"CVE-2019-1349","url":"https://www.cve.org/CVERecord?id=CVE-2019-1349"},{"name":"CVE-2021-25289","url":"https://www.cve.org/CVERecord?id=CVE-2021-25289"},{"name":"CVE-2019-1354","url":"https://www.cve.org/CVERecord?id=CVE-2019-1354"},{"name":"CVE-2021-3560","url":"https://www.cve.org/CVERecord?id=CVE-2021-3560"},{"name":"CVE-2015-8315","url":"https://www.cve.org/CVERecord?id=CVE-2015-8315"},{"name":"CVE-2021-23017","url":"https://www.cve.org/CVERecord?id=CVE-2021-23017"},{"name":"CVE-2018-1000654","url":"https://www.cve.org/CVERecord?id=CVE-2018-1000654"},{"name":"CVE-2022-22190","url":"https://www.cve.org/CVERecord?id=CVE-2022-22190"},{"name":"CVE-2019-1350","url":"https://www.cve.org/CVERecord?id=CVE-2019-1350"},{"name":"CVE-2021-31597","url":"https://www.cve.org/CVERecord?id=CVE-2021-31597"},{"name":"CVE-2014-9471","url":"https://www.cve.org/CVERecord?id=CVE-2014-9471"},{"name":"CVE-2022-22189","url":"https://www.cve.org/CVERecord?id=CVE-2022-22189"},{"name":"CVE-2015-8391","url":"https://www.cve.org/CVERecord?id=CVE-2015-8391"},{"name":"CVE-2021-3156","url":"https://www.cve.org/CVERecord?id=CVE-2021-3156"},{"name":"CVE-2019-1387","url":"https://www.cve.org/CVERecord?id=CVE-2019-1387"},{"name":"CVE-2020-35654","url":"https://www.cve.org/CVERecord?id=CVE-2020-35654"},{"name":"CVE-2021-4034","url":"https://www.cve.org/CVERecord?id=CVE-2021-4034"},{"name":"CVE-2022-22187","url":"https://www.cve.org/CVERecord?id=CVE-2022-22187"}],"links":[],"reference":"CERTFR-2022-AVI-351","revisions":[{"description":"Version initiale","revision_date":"2022-04-15T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les logiciels\nJuniper . Certaines d'entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les logiciels Juniper","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA69504 du 13 avril 2022","url":"https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Juniper-Secure-Analytics-JSA-Series-Heap-Based-Buffer-Overflow-in-Sudo-CVE-2021-3156?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA69495 du 13 avril 2022","url":"https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-JIMS-Local-Privilege-Escalation-vulnerability-via-repair-functionality-CVE-2022-22187?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA69506 du 13 avril 2022","url":"https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Paragon-Active-Assurance-Local-Privilege-Escalation-in-polkits-pkexec-CVE-2021-4034?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA69498 du 13 avril 2022","url":"https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Service-Orchestration-An-authenticated-local-user-may-have-their-permissions-elevated-via-the-device-via-management-interface-without-authentication-CVE-2022-22189?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA69507 du 13 avril 2022","url":"https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-3-CVE-yyyy-nnnn?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA69500 du 13 avril 2022","url":"https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Paragon-Active-Assurance-Control-Center-Information-disclosure-vulnerability-in-crafted-URL-CVE-2022-22190?language=en_US"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Juniper JSA69510 du 13 avril 2022","url":"https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L4?language=en_US"}]}