{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Isolation Segment versions 2.12.x ant\u00e9rieures \u00e0 2.12.19","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Tanzu Application Service for VMs versions 2.12.x ant\u00e9rieures \u00e0 2.12.24","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Canonical Ubuntu 18.04","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Tanzu Application Service for VMs versions 2.13.x ant\u00e9rieures \u00e0 2.13.17","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Platform Automation Toolkit versions 4.0.x ant\u00e9rieures \u00e0 to 4.0.13","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Tanzu Application Service for VMs versions 2.11.x ant\u00e9rieures \u00e0 2.11.35","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Platform Automation Toolkit versions 4.3.x versions ant\u00e9rieures \u00e0 4.3.5","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Platform Automation Toolkit versions 5.1.x versions ant\u00e9rieures \u00e0 5.1.0","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Operations Manager versions 3.0.x ant\u00e9rieures \u00e0 3.0.4","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Operations Manager versions 2.10.x ant\u00e9rieures \u00e0 2.10.51","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Isolation Segment versions 3.0.x ant\u00e9rieures \u00e0 3.0.7 (avec Jammy Stemcells versions ant\u00e9rieures \u00e0 1.80)","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Isolation Segment versions 2.11.x ant\u00e9rieures \u00e0 2.11.29","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Platform Automation Toolkit versions 4.2.x ant\u00e9rieures \u00e0 4.2.8","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Canonical Ubuntu 16.04","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Platform Automation Toolkit versions 4.4.x versions ant\u00e9rieures \u00e0 4.4.30","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Canonical Ubuntu 22.04","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"VMware Tanzu Application Service for VMs versions 3.0.x ant\u00e9rieures \u00e0 3.0.7 (avec Jammy Stemcells versions 1.80)","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Platform Automation Toolkit versions 5.0.x versions ant\u00e9rieures \u00e0 5.0.23","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Isolation Segment versions 2.13.x ant\u00e9rieures \u00e0 2.13.14","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}},{"description":"Tanzu Greenplum for Kubernetes versions ant\u00e9rieures \u00e0 1.4.0","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Platform Automation Toolkit versions 4.1.x ant\u00e9rieures \u00e0 4.1.13","product":{"name":"N/A","vendor":{"name":"VMware","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-24809","url":"https://www.cve.org/CVERecord?id=CVE-2022-24809"},{"name":"CVE-2022-47629","url":"https://www.cve.org/CVERecord?id=CVE-2022-47629"},{"name":"CVE-2022-24805","url":"https://www.cve.org/CVERecord?id=CVE-2022-24805"},{"name":"CVE-2022-44792","url":"https://www.cve.org/CVERecord?id=CVE-2022-44792"},{"name":"CVE-2022-45061","url":"https://www.cve.org/CVERecord?id=CVE-2022-45061"},{"name":"CVE-2022-4883","url":"https://www.cve.org/CVERecord?id=CVE-2022-4883"},{"name":"CVE-2022-44793","url":"https://www.cve.org/CVERecord?id=CVE-2022-44793"},{"name":"CVE-2022-3165","url":"https://www.cve.org/CVERecord?id=CVE-2022-3165"},{"name":"CVE-2022-0417","url":"https://www.cve.org/CVERecord?id=CVE-2022-0417"},{"name":"CVE-2022-24807","url":"https://www.cve.org/CVERecord?id=CVE-2022-24807"},{"name":"CVE-2022-24810","url":"https://www.cve.org/CVERecord?id=CVE-2022-24810"},{"name":"CVE-2022-37454","url":"https://www.cve.org/CVERecord?id=CVE-2022-37454"},{"name":"CVE-2022-44617","url":"https://www.cve.org/CVERecord?id=CVE-2022-44617"},{"name":"CVE-2021-3682","url":"https://www.cve.org/CVERecord?id=CVE-2021-3682"},{"name":"CVE-2021-23222","url":"https://www.cve.org/CVERecord?id=CVE-2021-23222"},{"name":"CVE-2022-2962","url":"https://www.cve.org/CVERecord?id=CVE-2022-2962"},{"name":"CVE-2023-22809","url":"https://www.cve.org/CVERecord?id=CVE-2023-22809"},{"name":"CVE-2022-0392","url":"https://www.cve.org/CVERecord?id=CVE-2022-0392"},{"name":"CVE-2022-33070","url":"https://www.cve.org/CVERecord?id=CVE-2022-33070"},{"name":"CVE-2022-0216","url":"https://www.cve.org/CVERecord?id=CVE-2022-0216"},{"name":"CVE-2022-40898","url":"https://www.cve.org/CVERecord?id=CVE-2022-40898"},{"name":"CVE-2022-24806","url":"https://www.cve.org/CVERecord?id=CVE-2022-24806"},{"name":"CVE-2022-46285","url":"https://www.cve.org/CVERecord?id=CVE-2022-46285"},{"name":"CVE-2021-3930","url":"https://www.cve.org/CVERecord?id=CVE-2021-3930"},{"name":"CVE-2021-33621","url":"https://www.cve.org/CVERecord?id=CVE-2021-33621"},{"name":"CVE-2022-24808","url":"https://www.cve.org/CVERecord?id=CVE-2022-24808"},{"name":"CVE-2021-3750","url":"https://www.cve.org/CVERecord?id=CVE-2021-3750"}],"links":[],"reference":"CERTFR-2023-AVI-0318","revisions":[{"description":"Version initiale","revision_date":"2023-04-17T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">VMware</span>. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de\nprivil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5795-1 du 13 avril 2023","url":"https://tanzu.vmware.com/security/usn-5787-1"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5795-2 du 13 avril 2023","url":"https://tanzu.vmware.com/security/usn-5787-2"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5787-2 du 13 avril 2023","url":"https://tanzu.vmware.com/security/usn-5772-1"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5765-1 du 13 avril 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5821-1 du 13 avril 2023","url":"https://tanzu.vmware.com/security/usn-5821-1"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5801-1 du 13 avril 2023","url":"https://tanzu.vmware.com/security/usn-5795-2"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5811-1 du 13 avril 2023","url":"https://tanzu.vmware.com/security/usn-5811-1"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5787-1 du 13 avril 2023","url":"https://tanzu.vmware.com/security/usn-5767-1"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5806-1 du 13 avril 2023","url":"https://tanzu.vmware.com/security/usn-5801-1"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5807-1 du 13 avril 2023","url":"https://tanzu.vmware.com/security/usn-5807-1"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5787-1 du 12 avril 2023","url":"https://tanzu.vmware.com/security/usn-5765-1"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5806-2 du 13 avril 2023","url":"https://tanzu.vmware.com/security/usn-5806-2"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5772-1 du 13 avril 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware USN-5767-1 du 13 avril 2023","url":null}]}