{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Business Connector version 4.8 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"S/4 HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver version 7.50 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS ABAP and ABAP Platform versions KRNL64NUC 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54 et KERNEL 7.93 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"S/4 HANA (Cash Management) versions S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107 et S4CORE 108 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Employee Self Service (Fiori My Leave Request) version 605 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS Java User Management Engine versions SERVERCORE 7.50, J2EE-APPS 7.50 et UMEADMIN 7.50 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Group Reporting Data Collection (Enter Package Data) versions S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108 et SAP_GRDC_CLOUD 1.0.0 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"BusinessObjects Web Intelligence versions 4.2 et 4.3 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Edge Integration Cell versions ant\u00e9rieures \u00e0 8.13.5","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Asset Accounting versions SAP_APPL 600, SAP_APPL 600, SAP_APPL 600, SAP_APPL 600, SAP_APPL 600, SAP_APPL 600, SAP_FIN617, SAP_FIN 618 et SAP_FIN700 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2024-30216","url":"https://www.cve.org/CVERecord?id=CVE-2024-30216"},{"name":"CVE-2024-30214","url":"https://www.cve.org/CVERecord?id=CVE-2024-30214"},{"name":"CVE-2024-28167","url":"https://www.cve.org/CVERecord?id=CVE-2024-28167"},{"name":"CVE-2024-30218","url":"https://www.cve.org/CVERecord?id=CVE-2024-30218"},{"name":"CVE-2024-30217","url":"https://www.cve.org/CVERecord?id=CVE-2024-30217"},{"name":"CVE-2024-27898","url":"https://www.cve.org/CVERecord?id=CVE-2024-27898"},{"name":"CVE-2024-27899","url":"https://www.cve.org/CVERecord?id=CVE-2024-27899"},{"name":"CVE-2024-30215","url":"https://www.cve.org/CVERecord?id=CVE-2024-30215"},{"name":"CVE-2022-29613","url":"https://www.cve.org/CVERecord?id=CVE-2022-29613"},{"name":"CVE-2024-25646","url":"https://www.cve.org/CVERecord?id=CVE-2024-25646"},{"name":"CVE-2024-27901","url":"https://www.cve.org/CVERecord?id=CVE-2024-27901"}],"links":[],"reference":"CERTFR-2024-AVI-0283","revisions":[{"description":"Version initiale","revision_date":"2024-04-09T00:00:00.000000"},{"description":"Ajout de la vuln\u00e9rabilit\u00e9 CVE-2022-29613","revision_date":"2024-04-12T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les produits SAP</span>. Certaines d'entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code\nindirecte \u00e0 distance (XSS).\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP du 09 avril 2024","url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news/april-2024.html"}]}