{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"QRadar SIEM versions 7.5.0 sans les derniers correctifs de s\u00e9curit\u00e9 pour les protocoles GoogleCloudPubSub, GoogleCommon et GoogleGSuiteActivityReportsRESTAPI","product":{"name":"QRadar SIEM","vendor":{"name":"IBM","scada":false}}},{"description":"QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP12 IF03","product":{"name":"QRadar SIEM","vendor":{"name":"IBM","scada":false}}},{"description":"WebSphere Remote Server sans les derniers correctifs de s\u00e9curit\u00e9","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Connect:Direct versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.2 pour Unix","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Connect:Direct FTP+ versions 1.3.0 ant\u00e9rieures \u00e0 1.3.0.1","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"Db2 Query Management Facility versions 13.1 et 12.2.0.5 sans le JRE 8.0.8.45","product":{"name":"Db2 Query Management Facility","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Connect:Direct versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.5 pour Unix","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.3","product":{"name":"Cognos Analytics","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.7 pour Windows","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"QRadar Incident Forensics versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP12 IF03","product":{"name":"QRadar Incident Forensics","vendor":{"name":"IBM","scada":false}}},{"description":"WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 25.0.0.8","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Connect:Direct versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.7.iFix052 pour Unix","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 5","product":{"name":"Cognos Analytics","vendor":{"name":"IBM","scada":false}}},{"description":"WebSphere Application Server versions 9.0.0.x ant\u00e9rieures \u00e0 9.0.5.25","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"WebSphere eXtreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 sans le correctif PH67142 iFix","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}}],"affected_systems_content":"","content":"## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des correctifs (cf. section Documentation).","cves":[{"name":"CVE-2025-4447","url":"https://www.cve.org/CVERecord?id=CVE-2025-4447"},{"name":"CVE-2020-4301","url":"https://www.cve.org/CVERecord?id=CVE-2020-4301"},{"name":"CVE-2024-52005","url":"https://www.cve.org/CVERecord?id=CVE-2024-52005"},{"name":"CVE-2021-20468","url":"https://www.cve.org/CVERecord?id=CVE-2021-20468"},{"name":"CVE-2023-44487","url":"https://www.cve.org/CVERecord?id=CVE-2023-44487"},{"name":"CVE-2025-49125","url":"https://www.cve.org/CVERecord?id=CVE-2025-49125"},{"name":"CVE-2021-29823","url":"https://www.cve.org/CVERecord?id=CVE-2021-29823"},{"name":"CVE-2021-44532","url":"https://www.cve.org/CVERecord?id=CVE-2021-44532"},{"name":"CVE-2025-36097","url":"https://www.cve.org/CVERecord?id=CVE-2025-36097"},{"name":"CVE-2022-36773","url":"https://www.cve.org/CVERecord?id=CVE-2022-36773"},{"name":"CVE-2021-3807","url":"https://www.cve.org/CVERecord?id=CVE-2021-3807"},{"name":"CVE-2025-48976","url":"https://www.cve.org/CVERecord?id=CVE-2025-48976"},{"name":"CVE-2025-21587","url":"https://www.cve.org/CVERecord?id=CVE-2025-21587"},{"name":"CVE-2022-29078","url":"https://www.cve.org/CVERecord?id=CVE-2022-29078"},{"name":"CVE-2023-33953","url":"https://www.cve.org/CVERecord?id=CVE-2023-33953"},{"name":"CVE-2021-23438","url":"https://www.cve.org/CVERecord?id=CVE-2021-23438"},{"name":"CVE-2021-43797","url":"https://www.cve.org/CVERecord?id=CVE-2021-43797"},{"name":"CVE-2023-32732","url":"https://www.cve.org/CVERecord?id=CVE-2023-32732"},{"name":"CVE-2025-48988","url":"https://www.cve.org/CVERecord?id=CVE-2025-48988"},{"name":"CVE-2022-30614","url":"https://www.cve.org/CVERecord?id=CVE-2022-30614"},{"name":"CVE-2025-30698","url":"https://www.cve.org/CVERecord?id=CVE-2025-30698"},{"name":"CVE-2022-49395","url":"https://www.cve.org/CVERecord?id=CVE-2022-49395"},{"name":"CVE-2021-44533","url":"https://www.cve.org/CVERecord?id=CVE-2021-44533"},{"name":"CVE-2025-22869","url":"https://www.cve.org/CVERecord?id=CVE-2025-22869"},{"name":"CVE-2021-29418","url":"https://www.cve.org/CVERecord?id=CVE-2021-29418"},{"name":"CVE-2020-36518","url":"https://www.cve.org/CVERecord?id=CVE-2020-36518"},{"name":"CVE-2021-39045","url":"https://www.cve.org/CVERecord?id=CVE-2021-39045"},{"name":"CVE-2022-21824","url":"https://www.cve.org/CVERecord?id=CVE-2022-21824"},{"name":"CVE-2022-21803","url":"https://www.cve.org/CVERecord?id=CVE-2022-21803"},{"name":"CVE-2021-39009","url":"https://www.cve.org/CVERecord?id=CVE-2021-39009"},{"name":"CVE-2025-32414","url":"https://www.cve.org/CVERecord?id=CVE-2025-32414"},{"name":"CVE-2020-16156","url":"https://www.cve.org/CVERecord?id=CVE-2020-16156"},{"name":"CVE-2025-2900","url":"https://www.cve.org/CVERecord?id=CVE-2025-2900"},{"name":"CVE-2025-5283","url":"https://www.cve.org/CVERecord?id=CVE-2025-5283"},{"name":"CVE-2021-44531","url":"https://www.cve.org/CVERecord?id=CVE-2021-44531"},{"name":"CVE-2021-28918","url":"https://www.cve.org/CVERecord?id=CVE-2021-28918"},{"name":"CVE-2025-36038","url":"https://www.cve.org/CVERecord?id=CVE-2025-36038"},{"name":"CVE-2020-28469","url":"https://www.cve.org/CVERecord?id=CVE-2020-28469"},{"name":"CVE-2021-3749","url":"https://www.cve.org/CVERecord?id=CVE-2021-3749"},{"name":"CVE-2025-48734","url":"https://www.cve.org/CVERecord?id=CVE-2025-48734"}],"links":[],"reference":"CERTFR-2025-AVI-0608","revisions":[{"description":"Version initiale","revision_date":"2025-07-18T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM","vendor_advisories":[{"published_at":"2025-07-14","title":"Bulletin de s\u00e9curit\u00e9 IBM 7239645","url":"https://www.ibm.com/support/pages/node/7239645"},{"published_at":"2025-07-14","title":"Bulletin de s\u00e9curit\u00e9 IBM 7239617","url":"https://www.ibm.com/support/pages/node/7239617"},{"published_at":"2025-07-15","title":"Bulletin de s\u00e9curit\u00e9 IBM 7239753","url":"https://www.ibm.com/support/pages/node/7239753"},{"published_at":"2025-07-15","title":"Bulletin de s\u00e9curit\u00e9 IBM 7239757","url":"https://www.ibm.com/support/pages/node/7239757"},{"published_at":"2025-07-16","title":"Bulletin de s\u00e9curit\u00e9 IBM 7239856","url":"https://www.ibm.com/support/pages/node/7239856"},{"published_at":"2025-07-11","title":"Bulletin de s\u00e9curit\u00e9 IBM 7239492","url":"https://www.ibm.com/support/pages/node/7239492"},{"published_at":"2025-07-15","title":"Bulletin de s\u00e9curit\u00e9 IBM 6615285","url":"https://www.ibm.com/support/pages/node/6615285"},{"published_at":"2025-07-15","title":"Bulletin de s\u00e9curit\u00e9 IBM 7239816","url":"https://www.ibm.com/support/pages/node/7239816"},{"published_at":"2025-07-11","title":"Bulletin de s\u00e9curit\u00e9 IBM 7239564","url":"https://www.ibm.com/support/pages/node/7239564"},{"published_at":"2025-07-14","title":"Bulletin de s\u00e9curit\u00e9 IBM 7239627","url":"https://www.ibm.com/support/pages/node/7239627"},{"published_at":"2025-07-14","title":"Bulletin de s\u00e9curit\u00e9 IBM 7239598","url":"https://www.ibm.com/support/pages/node/7239598"}]}