{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Authenticator pour Android version 1.3.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Business Objects Business Intelligence Platform (CMC) versions 420et 430","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS pour ABAP et ABAP Platform (SAPRSBRO Program) versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"ABAP Platform versions 751, 753, 753, 754, 756, 757 et 791","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Solution Manager et ABAP managed systems(ST-PI) versions 2008_1_700, 2008_1_710 et 740","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver versions 700, 701, 702, 731, 740 et 750","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS pour ABAP et ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757 et 791","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS pour ABAP et ABAP Platform versions SAP_BASIS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757 et 791","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"BusinessObjects Business Intelligence Platform (Web Services) versions 420 et 430","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver(SAP Enterprise Portal) versions 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS Java (Object Analyzing Service) version 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver Application Server pour ABAP et ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757 et 791","product":{"name":"NetWeaver Application Server pour ABAP","vendor":{"name":"SAP","scada":false}}},{"description":"Content Server version 7.53","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Business Objects (Adaptive Job Server) versions 420 et 430","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS pour Java version 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Host Agent version 7.22","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-26459","url":"https://www.cve.org/CVERecord?id=CVE-2023-26459"},{"name":"CVE-2023-27498","url":"https://www.cve.org/CVERecord?id=CVE-2023-27498"},{"name":"CVE-2023-25616","url":"https://www.cve.org/CVERecord?id=CVE-2023-25616"},{"name":"CVE-2023-27271","url":"https://www.cve.org/CVERecord?id=CVE-2023-27271"},{"name":"CVE-2023-27896","url":"https://www.cve.org/CVERecord?id=CVE-2023-27896"},{"name":"CVE-2023-25618","url":"https://www.cve.org/CVERecord?id=CVE-2023-25618"},{"name":"CVE-2023-27501","url":"https://www.cve.org/CVERecord?id=CVE-2023-27501"},{"name":"CVE-2023-26461","url":"https://www.cve.org/CVERecord?id=CVE-2023-26461"},{"name":"CVE-2023-26460","url":"https://www.cve.org/CVERecord?id=CVE-2023-26460"},{"name":"CVE-2023-23857","url":"https://www.cve.org/CVERecord?id=CVE-2023-23857"},{"name":"CVE-2023-27895","url":"https://www.cve.org/CVERecord?id=CVE-2023-27895"},{"name":"CVE-2023-0021","url":"https://www.cve.org/CVERecord?id=CVE-2023-0021"},{"name":"CVE-2023-27270","url":"https://www.cve.org/CVERecord?id=CVE-2023-27270"},{"name":"CVE-2023-25615","url":"https://www.cve.org/CVERecord?id=CVE-2023-25615"},{"name":"CVE-2023-27269","url":"https://www.cve.org/CVERecord?id=CVE-2023-27269"},{"name":"CVE-2023-27500","url":"https://www.cve.org/CVERecord?id=CVE-2023-27500"},{"name":"CVE-2023-27893","url":"https://www.cve.org/CVERecord?id=CVE-2023-27893"},{"name":"CVE-2023-26457","url":"https://www.cve.org/CVERecord?id=CVE-2023-26457"},{"name":"CVE-2023-25617","url":"https://www.cve.org/CVERecord?id=CVE-2023-25617"},{"name":"CVE-2023-27268","url":"https://www.cve.org/CVERecord?id=CVE-2023-27268"},{"name":"CVE-2023-27894","url":"https://www.cve.org/CVERecord?id=CVE-2023-27894"},{"name":"CVE-2023-24526","url":"https://www.cve.org/CVERecord?id=CVE-2023-24526"}],"links":[],"reference":"CERTFR-2023-AVI-0228","revisions":[{"description":"Version initiale","revision_date":"2023-03-15T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP du 14 mars 2023","url":"https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=1"}]}