{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"WebSphere Service Registry and Repository versions 8.5.x ant\u00e9rieures \u00e0 WSRR V8.5.6.3_IJ40949_IJ45702_IJ48644_IJ48939_IJ48940","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"WebSphere Service Registry and Repository Studio versions 8.5.x sans le dernier correctif de s\u00e9curit\u00e9 V8.5.6.3_IJ50069","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.19.0","product":{"name":"Cloud Pak","vendor":{"name":"IBM","scada":false}}},{"description":"QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.19.0","product":{"name":"QRadar Suite Software","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 10","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 06","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2018-1099","url":"https://www.cve.org/CVERecord?id=CVE-2018-1099"},{"name":"CVE-2023-45857","url":"https://www.cve.org/CVERecord?id=CVE-2023-45857"},{"name":"CVE-2024-24762","url":"https://www.cve.org/CVERecord?id=CVE-2024-24762"},{"name":"CVE-2021-43816","url":"https://www.cve.org/CVERecord?id=CVE-2021-43816"},{"name":"CVE-2022-25883","url":"https://www.cve.org/CVERecord?id=CVE-2022-25883"},{"name":"CVE-2024-20921","url":"https://www.cve.org/CVERecord?id=CVE-2024-20921"},{"name":"CVE-2022-31030","url":"https://www.cve.org/CVERecord?id=CVE-2022-31030"},{"name":"CVE-2023-44487","url":"https://www.cve.org/CVERecord?id=CVE-2023-44487"},{"name":"CVE-2023-22081","url":"https://www.cve.org/CVERecord?id=CVE-2023-22081"},{"name":"CVE-2018-8088","url":"https://www.cve.org/CVERecord?id=CVE-2018-8088"},{"name":"CVE-2023-22067","url":"https://www.cve.org/CVERecord?id=CVE-2023-22067"},{"name":"CVE-2020-15106","url":"https://www.cve.org/CVERecord?id=CVE-2020-15106"},{"name":"CVE-2022-38749","url":"https://www.cve.org/CVERecord?id=CVE-2022-38749"},{"name":"CVE-2021-32760","url":"https://www.cve.org/CVERecord?id=CVE-2021-32760"},{"name":"CVE-2023-34478","url":"https://www.cve.org/CVERecord?id=CVE-2023-34478"},{"name":"CVE-2023-36478","url":"https://www.cve.org/CVERecord?id=CVE-2023-36478"},{"name":"CVE-2023-25173","url":"https://www.cve.org/CVERecord?id=CVE-2023-25173"},{"name":"CVE-2023-25153","url":"https://www.cve.org/CVERecord?id=CVE-2023-25153"},{"name":"CVE-2023-33850","url":"https://www.cve.org/CVERecord?id=CVE-2023-33850"},{"name":"CVE-2023-40167","url":"https://www.cve.org/CVERecord?id=CVE-2023-40167"},{"name":"CVE-2023-41900","url":"https://www.cve.org/CVERecord?id=CVE-2023-41900"},{"name":"CVE-2023-22045","url":"https://www.cve.org/CVERecord?id=CVE-2023-22045"},{"name":"CVE-2023-22049","url":"https://www.cve.org/CVERecord?id=CVE-2023-22049"},{"name":"CVE-2023-36479","url":"https://www.cve.org/CVERecord?id=CVE-2023-36479"},{"name":"CVE-2022-41854","url":"https://www.cve.org/CVERecord?id=CVE-2022-41854"},{"name":"CVE-2021-21334","url":"https://www.cve.org/CVERecord?id=CVE-2021-21334"},{"name":"CVE-2023-5676","url":"https://www.cve.org/CVERecord?id=CVE-2023-5676"},{"name":"CVE-2022-25857","url":"https://www.cve.org/CVERecord?id=CVE-2022-25857"},{"name":"CVE-2022-38751","url":"https://www.cve.org/CVERecord?id=CVE-2022-38751"},{"name":"CVE-2022-38752","url":"https://www.cve.org/CVERecord?id=CVE-2022-38752"},{"name":"CVE-2024-20918","url":"https://www.cve.org/CVERecord?id=CVE-2024-20918"},{"name":"CVE-2022-38750","url":"https://www.cve.org/CVERecord?id=CVE-2022-38750"},{"name":"CVE-2022-23471","url":"https://www.cve.org/CVERecord?id=CVE-2022-23471"},{"name":"CVE-2024-23829","url":"https://www.cve.org/CVERecord?id=CVE-2024-23829"},{"name":"CVE-2022-1471","url":"https://www.cve.org/CVERecord?id=CVE-2022-1471"},{"name":"CVE-2023-47248","url":"https://www.cve.org/CVERecord?id=CVE-2023-47248"},{"name":"CVE-2018-16886","url":"https://www.cve.org/CVERecord?id=CVE-2018-16886"},{"name":"CVE-2022-23648","url":"https://www.cve.org/CVERecord?id=CVE-2022-23648"},{"name":"CVE-2023-42282","url":"https://www.cve.org/CVERecord?id=CVE-2023-42282"},{"name":"CVE-2023-39325","url":"https://www.cve.org/CVERecord?id=CVE-2023-39325"},{"name":"CVE-2024-20945","url":"https://www.cve.org/CVERecord?id=CVE-2024-20945"},{"name":"CVE-2023-22602","url":"https://www.cve.org/CVERecord?id=CVE-2023-22602"},{"name":"CVE-2021-41103","url":"https://www.cve.org/CVERecord?id=CVE-2021-41103"},{"name":"CVE-2023-40743","url":"https://www.cve.org/CVERecord?id=CVE-2023-40743"},{"name":"CVE-2024-20952","url":"https://www.cve.org/CVERecord?id=CVE-2024-20952"},{"name":"CVE-2017-16137","url":"https://www.cve.org/CVERecord?id=CVE-2017-16137"},{"name":"CVE-2024-23334","url":"https://www.cve.org/CVERecord?id=CVE-2024-23334"}],"links":[],"reference":"CERTFR-2024-AVI-0199","revisions":[{"description":"Version initiale","revision_date":"2024-03-08T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"},{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les produits IBM</span>. Certaines d'entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans IBM","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7130806 du 07 mars 2024","url":"https://www.ibm.com/support/pages/node/7130806"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7129989 du 06 mars 2024","url":"https://www.ibm.com/support/pages/node/7129989"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7129833 du 04 mars 2024","url":"https://www.ibm.com/support/pages/node/7129833"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7129327 du 01 mars 2024","url":"https://www.ibm.com/support/pages/node/7129327"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7129821 du 04 mars 2024","url":"https://www.ibm.com/support/pages/node/7129821"}]}