{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"IBM Sterling Transformation Extender version 10.1.1 sans le correctif de s\u00e9curit\u00e9 APAR PH58716","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Sterling Control Center versions 6.3.x.x ant\u00e9rieures \u00e0 6.3.0.0 iFix05","product":{"name":"Sterling Control Center","vendor":{"name":"IBM","scada":false}}},{"description":"QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.14","product":{"name":"QRadar User Behavior Analytics","vendor":{"name":"IBM","scada":false}}},{"description":"IBM QRadar Assistant versions ant\u00e9rieures \u00e0 3.6.1","product":{"name":"QRadar Assistant","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Sterling Transformation Extender version 11.0 sans le correctif de s\u00e9curit\u00e9 APAR PH58716","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Sterling Transformation Extender version 10.1.2 sans le correctif de s\u00e9curit\u00e9 APAR PH58716","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Sterling Transformation Extender version 10.1.0 sans le correctif de s\u00e9curit\u00e9 APAR PH58716","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-1370","url":"https://www.cve.org/CVERecord?id=CVE-2023-1370"},{"name":"CVE-2023-45857","url":"https://www.cve.org/CVERecord?id=CVE-2023-45857"},{"name":"CVE-2023-0105","url":"https://www.cve.org/CVERecord?id=CVE-2023-0105"},{"name":"CVE-2022-25883","url":"https://www.cve.org/CVERecord?id=CVE-2022-25883"},{"name":"CVE-2023-32342","url":"https://www.cve.org/CVERecord?id=CVE-2023-32342"},{"name":"CVE-2022-25927","url":"https://www.cve.org/CVERecord?id=CVE-2022-25927"},{"name":"CVE-2018-25031","url":"https://www.cve.org/CVERecord?id=CVE-2018-25031"},{"name":"CVE-2021-23445","url":"https://www.cve.org/CVERecord?id=CVE-2021-23445"},{"name":"CVE-2021-4048","url":"https://www.cve.org/CVERecord?id=CVE-2021-4048"},{"name":"CVE-2021-31684","url":"https://www.cve.org/CVERecord?id=CVE-2021-31684"},{"name":"CVE-2023-46604","url":"https://www.cve.org/CVERecord?id=CVE-2023-46604"},{"name":"CVE-2023-31484","url":"https://www.cve.org/CVERecord?id=CVE-2023-31484"},{"name":"CVE-2022-38900","url":"https://www.cve.org/CVERecord?id=CVE-2022-38900"},{"name":"CVE-2023-40743","url":"https://www.cve.org/CVERecord?id=CVE-2023-40743"}],"links":[],"reference":"CERTFR-2024-AVI-0090","revisions":[{"description":"Version initiale","revision_date":"2024-02-02T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les produits IBM</span>. Certaines d'entre elles\npermettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS), une ex\u00e9cution de code arbitraire \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7114134 du 01 f\u00e9vrier 2024","url":"https://www.ibm.com/support/pages/node/7114134"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7113520 du 31 janvier 2024","url":"https://www.ibm.com/support/pages/node/7113520"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7112498 du 30 janvier 2024","url":"https://www.ibm.com/support/pages/node/7112498"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7113593 du 31 janvier 2024","url":"https://www.ibm.com/support/pages/node/7113593"}]}