{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Sterling Connect:Direct Web Services versions 6.0.x, migrer sur une version corrig\u00e9e","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.24","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.4","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.23","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"WebSphere Service Registry and Repository version 8.5 sans les derniers correctifs de s\u00e9curit\u00e9","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"WebSphere Remote Server versions 9.1, 9.0 et 8.5 sans les derniers correctifs de s\u00e9curit\u00e9","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.7","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.4","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2024-22201","url":"https://www.cve.org/CVERecord?id=CVE-2024-22201"},{"name":"CVE-2023-28841","url":"https://www.cve.org/CVERecord?id=CVE-2023-28841"},{"name":"CVE-2023-28840","url":"https://www.cve.org/CVERecord?id=CVE-2023-28840"},{"name":"CVE-2022-29162","url":"https://www.cve.org/CVERecord?id=CVE-2022-29162"},{"name":"CVE-2023-45283","url":"https://www.cve.org/CVERecord?id=CVE-2023-45283"},{"name":"CVE-2021-43816","url":"https://www.cve.org/CVERecord?id=CVE-2021-43816"},{"name":"CVE-2023-27561","url":"https://www.cve.org/CVERecord?id=CVE-2023-27561"},{"name":"CVE-2017-11468","url":"https://www.cve.org/CVERecord?id=CVE-2017-11468"},{"name":"CVE-2023-45285","url":"https://www.cve.org/CVERecord?id=CVE-2023-45285"},{"name":"CVE-2023-45284","url":"https://www.cve.org/CVERecord?id=CVE-2023-45284"},{"name":"CVE-2022-31030","url":"https://www.cve.org/CVERecord?id=CVE-2022-31030"},{"name":"CVE-2023-2253","url":"https://www.cve.org/CVERecord?id=CVE-2023-2253"},{"name":"CVE-2021-43784","url":"https://www.cve.org/CVERecord?id=CVE-2021-43784"},{"name":"CVE-2023-28842","url":"https://www.cve.org/CVERecord?id=CVE-2023-28842"},{"name":"CVE-2021-32760","url":"https://www.cve.org/CVERecord?id=CVE-2021-32760"},{"name":"CVE-2024-22329","url":"https://www.cve.org/CVERecord?id=CVE-2024-22329"},{"name":"CVE-2023-25173","url":"https://www.cve.org/CVERecord?id=CVE-2023-25173"},{"name":"CVE-2023-25809","url":"https://www.cve.org/CVERecord?id=CVE-2023-25809"},{"name":"CVE-2023-51775","url":"https://www.cve.org/CVERecord?id=CVE-2023-51775"},{"name":"CVE-2023-25153","url":"https://www.cve.org/CVERecord?id=CVE-2023-25153"},{"name":"CVE-2023-28642","url":"https://www.cve.org/CVERecord?id=CVE-2023-28642"},{"name":"CVE-2022-23471","url":"https://www.cve.org/CVERecord?id=CVE-2022-23471"},{"name":"CVE-2023-29827","url":"https://www.cve.org/CVERecord?id=CVE-2023-29827"},{"name":"CVE-2022-42969","url":"https://www.cve.org/CVERecord?id=CVE-2022-42969"},{"name":"CVE-2023-28155","url":"https://www.cve.org/CVERecord?id=CVE-2023-28155"},{"name":"CVE-2023-26136","url":"https://www.cve.org/CVERecord?id=CVE-2023-26136"},{"name":"CVE-2023-39326","url":"https://www.cve.org/CVERecord?id=CVE-2023-39326"},{"name":"CVE-2022-23648","url":"https://www.cve.org/CVERecord?id=CVE-2022-23648"},{"name":"CVE-2024-22354","url":"https://www.cve.org/CVERecord?id=CVE-2024-22354"},{"name":"CVE-2021-41103","url":"https://www.cve.org/CVERecord?id=CVE-2021-41103"},{"name":"CVE-2023-26159","url":"https://www.cve.org/CVERecord?id=CVE-2023-26159"}],"links":[],"reference":"CERTFR-2024-AVI-0350","revisions":[{"description":"Version initiale","revision_date":"2024-04-26T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les produits IBM</span>. Certaines d'entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7148847 du 19 avril 2024","url":"https://www.ibm.com/support/pages/node/7148847"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7149294 du 23 avril 2024","url":"https://www.ibm.com/support/pages/node/7149294"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7149055 du 22 avril 2024","url":"https://www.ibm.com/support/pages/node/7149055"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7149195 du 23 avril 2024","url":"https://www.ibm.com/support/pages/node/7149195"}]}