{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"QRadar Pre-Validation App versions ant\u00e9rieures \u00e0 2.0.1","product":{"name":"QRadar","vendor":{"name":"IBM","scada":false}}},{"description":"QRadar Pulse App versions ant\u00e9rieures \u00e0 2.2.15","product":{"name":"QRadar","vendor":{"name":"IBM","scada":false}}},{"description":"WebSphere Hybrid Edition sans le correctif APAR PH63533","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.25","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"AIX version 7.3 sans le correctif bind_fix27/73bind918.tar","product":{"name":"AIX","vendor":{"name":"IBM","scada":false}}},{"description":"VIOS version 3.1 sans le correctif bind_fix27/72bind918.tar","product":{"name":"VIOS","vendor":{"name":"IBM","scada":false}}},{"description":"WebSphere Application Server Liberty sans le correctif APAR PH63533","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.5.0 pour Power avec le correctif PH60195/PH61002","product":{"name":"Cloud Pak System","vendor":{"name":"IBM","scada":false}}},{"description":"AIX version 7.2 sans le correctif bind_fix27/72bind918.tar","product":{"name":"AIX","vendor":{"name":"IBM","scada":false}}},{"description":"VIOS version 4.1 sans le correctif bind_fix27/73bind918.tar","product":{"name":"VIOS","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Connect:Direct Web Services versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.26","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"Cloud Pak System versions ant\u00e9rieures \u00e0 2.3.4.1 pour Intel avec le correctif PH60195/PH61002","product":{"name":"Cloud Pak System","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.17","product":{"name":"QRadar","vendor":{"name":"IBM","scada":false}}}],"affected_systems_content":"Les vuln\u00e9rabilit\u00e9s CVE-2024-47875 et CVE-2024-45801 n'ont pas de correctif pour Sterling Connect:Direct Web Services versions 6.1.x et 6.2.x","content":"## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des correctifs (cf. section Documentation).","cves":[{"name":"CVE-2024-37891","url":"https://www.cve.org/CVERecord?id=CVE-2024-37891"},{"name":"CVE-2024-28849","url":"https://www.cve.org/CVERecord?id=CVE-2024-28849"},{"name":"CVE-2024-43788","url":"https://www.cve.org/CVERecord?id=CVE-2024-43788"},{"name":"CVE-2024-4068","url":"https://www.cve.org/CVERecord?id=CVE-2024-4068"},{"name":"CVE-2024-47831","url":"https://www.cve.org/CVERecord?id=CVE-2024-47831"},{"name":"CVE-2024-4076","url":"https://www.cve.org/CVERecord?id=CVE-2024-4076"},{"name":"CVE-2018-14040","url":"https://www.cve.org/CVERecord?id=CVE-2018-14040"},{"name":"CVE-2024-43799","url":"https://www.cve.org/CVERecord?id=CVE-2024-43799"},{"name":"CVE-2024-34351","url":"https://www.cve.org/CVERecord?id=CVE-2024-34351"},{"name":"CVE-2024-34069","url":"https://www.cve.org/CVERecord?id=CVE-2024-34069"},{"name":"CVE-2024-1975","url":"https://www.cve.org/CVERecord?id=CVE-2024-1975"},{"name":"CVE-2024-0760","url":"https://www.cve.org/CVERecord?id=CVE-2024-0760"},{"name":"CVE-2024-1737","url":"https://www.cve.org/CVERecord?id=CVE-2024-1737"},{"name":"CVE-2024-45590","url":"https://www.cve.org/CVERecord?id=CVE-2024-45590"},{"name":"CVE-2024-43796","url":"https://www.cve.org/CVERecord?id=CVE-2024-43796"},{"name":"CVE-2018-20676","url":"https://www.cve.org/CVERecord?id=CVE-2018-20676"},{"name":"CVE-2024-1135","url":"https://www.cve.org/CVERecord?id=CVE-2024-1135"},{"name":"CVE-2024-46982","url":"https://www.cve.org/CVERecord?id=CVE-2024-46982"},{"name":"CVE-2018-20677","url":"https://www.cve.org/CVERecord?id=CVE-2018-20677"},{"name":"CVE-2024-45296","url":"https://www.cve.org/CVERecord?id=CVE-2024-45296"},{"name":"CVE-2024-45801","url":"https://www.cve.org/CVERecord?id=CVE-2024-45801"},{"name":"CVE-2024-7254","url":"https://www.cve.org/CVERecord?id=CVE-2024-7254"},{"name":"CVE-2023-51775","url":"https://www.cve.org/CVERecord?id=CVE-2023-51775"},{"name":"CVE-2024-5569","url":"https://www.cve.org/CVERecord?id=CVE-2024-5569"},{"name":"CVE-2024-47875","url":"https://www.cve.org/CVERecord?id=CVE-2024-47875"},{"name":"CVE-2018-14041","url":"https://www.cve.org/CVERecord?id=CVE-2018-14041"},{"name":"CVE-2024-43800","url":"https://www.cve.org/CVERecord?id=CVE-2024-43800"},{"name":"CVE-2016-10735","url":"https://www.cve.org/CVERecord?id=CVE-2016-10735"},{"name":"CVE-2024-39338","url":"https://www.cve.org/CVERecord?id=CVE-2024-39338"},{"name":"CVE-2024-34064","url":"https://www.cve.org/CVERecord?id=CVE-2024-34064"},{"name":"CVE-2024-38816","url":"https://www.cve.org/CVERecord?id=CVE-2024-38816"},{"name":"CVE-2024-22354","url":"https://www.cve.org/CVERecord?id=CVE-2024-22354"},{"name":"CVE-2024-39689","url":"https://www.cve.org/CVERecord?id=CVE-2024-39689"},{"name":"CVE-2023-26159","url":"https://www.cve.org/CVERecord?id=CVE-2023-26159"},{"name":"CVE-2024-6345","url":"https://www.cve.org/CVERecord?id=CVE-2024-6345"},{"name":"CVE-2019-8331","url":"https://www.cve.org/CVERecord?id=CVE-2019-8331"}],"links":[],"reference":"CERTFR-2024-AVI-1015","revisions":[{"description":"Version initiale","revision_date":"2024-11-22T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM","vendor_advisories":[{"published_at":"2024-11-20","title":"Bulletin de s\u00e9curit\u00e9 IBM 7176657","url":"https://www.ibm.com/support/pages/node/7176657"},{"published_at":"2024-11-20","title":"Bulletin de s\u00e9curit\u00e9 IBM 7176642","url":"https://www.ibm.com/support/pages/node/7176642"},{"published_at":"2024-11-20","title":"Bulletin de s\u00e9curit\u00e9 IBM 7176660","url":"https://www.ibm.com/support/pages/node/7176660"},{"published_at":"2024-11-18","title":"Bulletin de s\u00e9curit\u00e9 IBM 7176201","url":"https://www.ibm.com/support/pages/node/7176201"},{"published_at":"2024-11-18","title":"Bulletin de s\u00e9curit\u00e9 IBM 7176391","url":"https://www.ibm.com/support/pages/node/7176391"},{"published_at":"2024-11-18","title":"Bulletin de s\u00e9curit\u00e9 IBM 7176392","url":"https://www.ibm.com/support/pages/node/7176392"},{"published_at":"2024-11-18","title":"Bulletin de s\u00e9curit\u00e9 IBM 7176386","url":"https://www.ibm.com/support/pages/node/7176386"},{"published_at":"2024-11-18","title":"Bulletin de s\u00e9curit\u00e9 IBM 7176389","url":"https://www.ibm.com/support/pages/node/7176389"},{"published_at":"2024-11-18","title":"Bulletin de s\u00e9curit\u00e9 IBM 7176451","url":"https://www.ibm.com/support/pages/node/7176451"},{"published_at":"2024-11-18","title":"Bulletin de s\u00e9curit\u00e9 IBM 7176388","url":"https://www.ibm.com/support/pages/node/7176388"},{"published_at":"2024-11-18","title":"Bulletin de s\u00e9curit\u00e9 IBM 7176205","url":"https://www.ibm.com/support/pages/node/7176205"}]}