{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP NetWeaver AS Java version 7.5","product":{"name":"SAP NetWeaver AS Java","vendor":{"name":"SAP","scada":false}}},{"description":"SAPSSOEXT version 17","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAPExtended Application Services et Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAPHost Agent version 722","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Product-SAP IQ version 16.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Product-SAP ASE versions 15.7, 16.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business One version 10.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Application Server ABAP et ABAP Platform versions KERNEL 722, KERNEL 7.53, KERNEL 7.77,KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT","product":{"name":"NetWeaver Application Server ABAP et ABAP Platform","vendor":{"name":"SAP","scada":false}}},{"description":"Product-SAP SQL Anywhere versions 16.0, 17.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP CommonCryptoLib version 8","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Product-SAP ASE Cluster Edition version 15.7","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Product-SAP Event Stream Processor version 5.1","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS ABAP, SAP NetWeaver AS Java et ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT","product":{"name":"SAP NetWeaver AS Java","vendor":{"name":"SAP","scada":false}}},{"description":"SAPHANA Database version 2.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAPContent Server versions 6.50, 7.53, 7.54","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Product-SAP Replication Server version 15.7","product":{"name":"Replication Server","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS Java version 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-40309","url":"https://www.cve.org/CVERecord?id=CVE-2023-40309"},{"name":"CVE-2023-42477","url":"https://www.cve.org/CVERecord?id=CVE-2023-42477"},{"name":"CVE-2023-31403","url":"https://www.cve.org/CVERecord?id=CVE-2023-31403"},{"name":"CVE-2023-42480","url":"https://www.cve.org/CVERecord?id=CVE-2023-42480"},{"name":"CVE-2023-41366","url":"https://www.cve.org/CVERecord?id=CVE-2023-41366"}],"links":[],"reference":"CERTFR-2023-AVI-0942","revisions":[{"description":"Version initiale","revision_date":"2023-11-15T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP ucQrx6G du 14 novembre 2023","url":"https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=1"}]}