{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP Knowledge Warehouse versions 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Master Data Synchronization (MDS COMPARE TOOL) versions SAP_APPL 600, 602, 603, 604, 605, 606 et 616","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP CRM (WebClient UI) versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800 et WEBCUIF 80","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP CRM ABAP (Grantor Management) version 430","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver (Change and Transport System) versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP S/4HANA (Supplier Factsheet and Enterprise Search for Business Partner, Supplier and Customer) versions 104, 105 et 106","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver (Design Time Repository) version 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP UI5 Variant Management versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP BusinessObjects Business Intelligence Platform versions 420 et 430","product":{"name":"SAP BusinessObjects Business Intelligence","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Plant Connectivity version 15.5","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Enterprise Portal version 7.50","product":{"name":"NetWeaver Enterprise Portal","vendor":{"name":"SAP","scada":false}}},{"description":"SAPUI5 versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757 et UI_700 200","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2021-42063","url":"https://www.cve.org/CVERecord?id=CVE-2021-42063"},{"name":"CVE-2023-32115","url":"https://www.cve.org/CVERecord?id=CVE-2023-32115"},{"name":"CVE-2023-33991","url":"https://www.cve.org/CVERecord?id=CVE-2023-33991"},{"name":"CVE-2023-33986","url":"https://www.cve.org/CVERecord?id=CVE-2023-33986"},{"name":"CVE-2023-2827","url":"https://www.cve.org/CVERecord?id=CVE-2023-2827"},{"name":"CVE-2023-30743","url":"https://www.cve.org/CVERecord?id=CVE-2023-30743"},{"name":"CVE-2023-33984","url":"https://www.cve.org/CVERecord?id=CVE-2023-33984"},{"name":"CVE-2023-30742","url":"https://www.cve.org/CVERecord?id=CVE-2023-30742"},{"name":"CVE-2023-32114","url":"https://www.cve.org/CVERecord?id=CVE-2023-32114"},{"name":"CVE-2023-31406","url":"https://www.cve.org/CVERecord?id=CVE-2023-31406"},{"name":"CVE-2022-22542","url":"https://www.cve.org/CVERecord?id=CVE-2022-22542"},{"name":"CVE-2023-33985","url":"https://www.cve.org/CVERecord?id=CVE-2023-33985"}],"links":[],"reference":"CERTFR-2023-AVI-0454","revisions":[{"description":"Version initiale","revision_date":"2023-06-14T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP du 13 juin 2023","url":"https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=1"}]}