{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"NetWeaver BW (BEx Analyzer) versions DW4CORE 200, DW4CORE 300, DW4CORE 400, SAP_BW 700, SAP_BW 701, SAP_BW 702, SAP_BW 731, SAP_BW 740, SAP_BW 750, SAP_BW 751, SAP_BW 752, SAP_BW 753, SAP_BW 754, SAP_BW 755, SAP_BW 756, SAP_BW 757 et SAP_BW 758 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"NetWeaver BW","vendor":{"name":"SAP","scada":false}}},{"description":"Commerce Backoffice versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"S/4 HANA (Manage Bank Statements) versions S4CORE, 102, 103, 104, 105, 106 et 107 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Student Life Cycle Management (SLcM) versions IS-PS-CA 617, 618, 802, 803, 804, 805, 806, 807 et 808 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver Enterprise Portal (KMC) version KMC-BC 7.5 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"NetWeaver Enterprise Portal","vendor":{"name":"SAP","scada":false}}},{"description":"PDCE versions S4CORE 102, 103, S4COREOP 104, 105, 106, 107 et 108 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"BusinessObjects Business Intelligence Platform (Web Intelligence) versions ENTERPRISE 420, 430, 2025, ENTERPRISECLIENTTOOLS 420, 430 et 2025 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"HANA Client version HDB_CLIENT 2.0 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS for Java version 7.50 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Application Server pour plateformes ABAP et ABAP versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Enterprise Project Connection version 3.0 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"BusinessObjects Business Intelligence Platform versions ENTERPRISE 420, 430 et 440 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":"","content":"## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des correctifs (cf. section Documentation).","cves":[{"name":"CVE-2024-45282","url":"https://www.cve.org/CVERecord?id=CVE-2024-45282"},{"name":"CVE-2024-42373","url":"https://www.cve.org/CVERecord?id=CVE-2024-42373"},{"name":"CVE-2024-38809","url":"https://www.cve.org/CVERecord?id=CVE-2024-38809"},{"name":"CVE-2024-41729","url":"https://www.cve.org/CVERecord?id=CVE-2024-41729"},{"name":"CVE-2024-37180","url":"https://www.cve.org/CVERecord?id=CVE-2024-37180"},{"name":"CVE-2024-45278","url":"https://www.cve.org/CVERecord?id=CVE-2024-45278"},{"name":"CVE-2024-45283","url":"https://www.cve.org/CVERecord?id=CVE-2024-45283"},{"name":"CVE-2024-45277","url":"https://www.cve.org/CVERecord?id=CVE-2024-45277"},{"name":"CVE-2024-38808","url":"https://www.cve.org/CVERecord?id=CVE-2024-38808"},{"name":"CVE-2024-47594","url":"https://www.cve.org/CVERecord?id=CVE-2024-47594"},{"name":"CVE-2022-23302","url":"https://www.cve.org/CVERecord?id=CVE-2022-23302"},{"name":"CVE-2024-22259","url":"https://www.cve.org/CVERecord?id=CVE-2024-22259"},{"name":"CVE-2024-39592","url":"https://www.cve.org/CVERecord?id=CVE-2024-39592"},{"name":"CVE-2024-41730","url":"https://www.cve.org/CVERecord?id=CVE-2024-41730"},{"name":"CVE-2024-37179","url":"https://www.cve.org/CVERecord?id=CVE-2024-37179"}],"links":[],"reference":"CERTFR-2024-AVI-0844","revisions":[{"description":"Version initiale","revision_date":"2024-10-08T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":"2024-10-08","title":"Bulletin de s\u00e9curit\u00e9 SAP october-2024","url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2024.html"}]}