{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP 3D Visual Enterprise License Manager version 15","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Commerce versions 2211, 2105 et 2205","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Application Interface Framework (ODATA service) versions 755 et 756","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Commerce (Backoffice) versions 2105 et 2205","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP BusinessObjects Business Intelligence Platform versions 420 et 430","product":{"name":"SAP BusinessObjects Business Intelligence","vendor":{"name":"SAP","scada":false}}},{"description":"SAP CRM WebClient UI versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800 et WEBCUIF 80","product":{"name":"SAP CRM WebClient UI","vendor":{"name":"SAP","scada":false}}},{"description":"SAPUI5 versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 20","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP GUI pour Windows versions 7.70 et 8.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP IBP EXCEL ADD-IN versions 2211, 2302 et 2305","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP BusinessObjects Intelligence Platform versions 420 et 430","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP AS NetWeaver JAVA versions SERVERCORE 7.50, J2EE-FRMW 7.50 et CORE-TOOLS 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Vendor Master Hierarchy versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618 et S4CORE 100","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP BusinessObjects Business Intelligence Platform (Central Management Service) versions 420 et 430","product":{"name":"SAP BusinessObjects Business Intelligence","vendor":{"name":"SAP","scada":false}}},{"description":"SAP PowerDesigner (Proxy) version 16.7","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2021-44155","url":"https://www.cve.org/CVERecord?id=CVE-2021-44155"},{"name":"CVE-2023-31407","url":"https://www.cve.org/CVERecord?id=CVE-2023-31407"},{"name":"CVE-2023-30741","url":"https://www.cve.org/CVERecord?id=CVE-2023-30741"},{"name":"CVE-2021-44152","url":"https://www.cve.org/CVERecord?id=CVE-2021-44152"},{"name":"CVE-2022-41966","url":"https://www.cve.org/CVERecord?id=CVE-2022-41966"},{"name":"CVE-2023-29188","url":"https://www.cve.org/CVERecord?id=CVE-2023-29188"},{"name":"CVE-2023-29080","url":"https://www.cve.org/CVERecord?id=CVE-2023-29080"},{"name":"CVE-2022-27667","url":"https://www.cve.org/CVERecord?id=CVE-2022-27667"},{"name":"CVE-2021-44151","url":"https://www.cve.org/CVERecord?id=CVE-2021-44151"},{"name":"CVE-2023-30744","url":"https://www.cve.org/CVERecord?id=CVE-2023-30744"},{"name":"CVE-2022-32244","url":"https://www.cve.org/CVERecord?id=CVE-2022-32244"},{"name":"CVE-2023-30740","url":"https://www.cve.org/CVERecord?id=CVE-2023-30740"},{"name":"CVE-2023-30743","url":"https://www.cve.org/CVERecord?id=CVE-2023-30743"},{"name":"CVE-2021-44153","url":"https://www.cve.org/CVERecord?id=CVE-2021-44153"},{"name":"CVE-2022-39014","url":"https://www.cve.org/CVERecord?id=CVE-2022-39014"},{"name":"CVE-2023-31404","url":"https://www.cve.org/CVERecord?id=CVE-2023-31404"},{"name":"CVE-2023-30742","url":"https://www.cve.org/CVERecord?id=CVE-2023-30742"},{"name":"CVE-2023-32113","url":"https://www.cve.org/CVERecord?id=CVE-2023-32113"},{"name":"CVE-2023-28764","url":"https://www.cve.org/CVERecord?id=CVE-2023-28764"},{"name":"CVE-2023-29111","url":"https://www.cve.org/CVERecord?id=CVE-2023-29111"},{"name":"CVE-2022-31596","url":"https://www.cve.org/CVERecord?id=CVE-2022-31596"},{"name":"CVE-2023-31406","url":"https://www.cve.org/CVERecord?id=CVE-2023-31406"},{"name":"CVE-2023-32112","url":"https://www.cve.org/CVERecord?id=CVE-2023-32112"},{"name":"CVE-2023-32111","url":"https://www.cve.org/CVERecord?id=CVE-2023-32111"},{"name":"CVE-2023-28762","url":"https://www.cve.org/CVERecord?id=CVE-2023-28762"},{"name":"CVE-2021-44154","url":"https://www.cve.org/CVERecord?id=CVE-2021-44154"}],"links":[],"reference":"CERTFR-2023-AVI-0369","revisions":[{"description":"Version initiale","revision_date":"2023-05-10T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l'\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP 2023-05-10 du 10 mai 2023","url":"https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=1"}]}