{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Spring Boot versions 2.6.x ant\u00e9rieures \u00e0 2.6.15","product":{"name":"N/A","vendor":{"name":"Spring","scada":false}}},{"description":"Spring Security versions 6.0.x ant\u00e9rieures \u00e0 6.0.3","product":{"name":"N/A","vendor":{"name":"Spring","scada":false}}},{"description":"Spring Security versions 5.7.x ant\u00e9rieures \u00e0 5.7.8","product":{"name":"N/A","vendor":{"name":"Spring","scada":false}}},{"description":"Cadriciel Spring versions 5.3.x ant\u00e9rieures \u00e0 5.3.26","product":{"name":"N/A","vendor":{"name":"Spring","scada":false}}},{"description":"Spring Boot versions 2.7.x ant\u00e9rieures \u00e0 2.7.11","product":{"name":"N/A","vendor":{"name":"Spring","scada":false}}},{"description":"Spring Session versions 3.0.x ant\u00e9rieures \u00e0 3.0.1","product":{"name":"N/A","vendor":{"name":"Spring","scada":false}}},{"description":"Spring Boot toutes versions ant\u00e9rieures \u00e0 2.5.15","product":{"name":"N/A","vendor":{"name":"Spring","scada":false}}},{"description":"Cadriciel Spring versions 6.x ant\u00e9rieures \u00e0 6.0.7","product":{"name":"N/A","vendor":{"name":"Spring","scada":false}}},{"description":"Spring Security versions 5.8.x ant\u00e9rieures \u00e0 5.8.3","product":{"name":"N/A","vendor":{"name":"Spring","scada":false}}},{"description":"Spring Boot versions 3.0.x ant\u00e9rieures \u00e0 3.0.6","product":{"name":"N/A","vendor":{"name":"Spring","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-20862","url":"https://www.cve.org/CVERecord?id=CVE-2023-20862"},{"name":"CVE-2023-20873","url":"https://www.cve.org/CVERecord?id=CVE-2023-20873"},{"name":"CVE-2023-20860","url":"https://www.cve.org/CVERecord?id=CVE-2023-20860"},{"name":"CVE-2023-20866","url":"https://www.cve.org/CVERecord?id=CVE-2023-20866"},{"name":"CVE-2023-20883","url":"https://www.cve.org/CVERecord?id=CVE-2023-20883"}],"links":[],"reference":"CERTFR-2023-AVI-0398","revisions":[{"description":"Version initiale","revision_date":"2023-05-19T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware\nSpring. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans le cadriciel VMware Spring","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20862 du 17 avril 2023","url":"https://spring.io/security/cve-2023-20862/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20873 du 18 mai 2023","url":"https://spring.io/security/cve-2023-20873/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20883 du 18 mai 2023","url":"https://spring.io/security/cve-2023-20883/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20866 du 12 avril 2023","url":"https://spring.io/security/cve-2023-20866/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Spring cve-2023-20860 du 20 mars 2023","url":"https://spring.io/security/cve-2023-20860/"}]}