{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<UL>    <LI>Computer Associates iGateway 3.0 (versions ant\u00e9rieures au    23 juin 2005) ;</LI>    <LI>Computer Associates iGateway 4.0 (versions ant\u00e9rieures au    23 juin 2005).</LI>  </UL>  <P><TT>Computer Associates iGateway</TT> est inclus dans les  produits suivants :</P>  <UL>    <LI>Advantage Data Transformer (ADT) R2.2 ;</LI>    <LI>Harvest Change Manager R7.1 ;</LI>    <LI>BrightStor ARCserve Backup r11.5 ;</LI>    <LI>BrightStor ARCServe Backup r11.1 ;</LI>    <LI>BrightStor ARCServe Backup pour Windows r11 ;</LI>    <LI>BrightStor Enterprise Backup 10.5 ;</LI>    <LI>BrightStor ARCserve Backup v9.01 ;</LI>    <LI>BrightStor ARCserve Backup Laptop &amp; Desktop r11.1    ;</LI>    <LI>BrightStor ARCserve Backup Laptop &amp; Desktop r11 ;</LI>    <LI>BrightStor Process Automation Manager r11.1 ;</LI>    <LI>BrightStor SAN Manager r11.1 ;</LI>    <LI>BrightStor SAN Manager r11.5 ;</LI>    <LI>BrightStor Storage Resource Manager r11.5 ;</LI>    <LI>BrightStor Storage Resource Manager r11.1 ;</LI>    <LI>BrightStor Storage Resource Manager r6.4 ;</LI>    <LI>BrightStor Storage Resource Manager r6.3 ;</LI>    <LI>BrightStor Portal 11.1 ;</LI>    <LI>eTrust Audit 1.5 SP2 (iRecorders et ARIES) ;</LI>    <LI>eTrust Audit 1.5 SP3 (iRecorders et ARIES) ;</LI>    <LI>eTrust Audit 8.0 (iRecorders et ARIES) ;</LI>    <LI>eTrust Admin 8.0 ;</LI>    <LI>eTrust Admin 8.1 ;</LI>    <LI>eTrust Identity Minder 8.0 ;</LI>    <LI>eTrust Secure Content Manager (SCM) R8 ;</LI>    <LI>eTrust Web Service Security R8 ;</LI>    <LI>eTrust Integrated Threat Management (ITM) R11 ;</LI>    <LI>Unicenter CA Web Services Distributed Management R11 ;</LI>    <LI>Unicenter AutoSys JM R11 ;</LI>    <LI>Unicenter Management pour Weblogic / Management pour    WebSphere R11 ;</LI>    <LI>Unicenter Service Delivery R11 ;</LI>    <LI>Unicenter Service Level Management (USLM) R11 ;</LI>    <LI>Unicenter Application Performance Monitor R11 ;</LI>    <LI>Unicenter Service Desk R11 ;</LI>    <LI>Unicenter Service Desk Knowledge Tools R11 ;</LI>    <LI>Unicenter Service Fulfillment 2.2 ;</LI>    <LI>Unicenter Service Fulfillment R11 ;</LI>    <LI>Unicenter Asset Portfolio Management R11 ;</LI>    <LI>Unicenter Service Matrix Analysis R11 ;</LI>    <LI>Unicenter Service Catalog/Fulfillment/Accounting R11 ;</LI>    <LI>Unicenter MQ Management R11 ;</LI>    <LI>Unicenter Application Server Management R11 ;</LI>    <LI>Unicenter Web Server Management R11 ;</LI>    <LI>Unicenter Exchange Management R11.</LI>  </UL>","content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le traitement des requ\u00eates HTTP\nGET par iGateway quand le mode debug est activ\u00e9. Un utilisateur mal\nintentionn\u00e9 peut, par le biais de requ\u00eates HTTP GET malicieusement\nconstitu\u00e9es, ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nMettre \u00e0 jour iGateway en version 4.0.050623 ou sup\u00e9rieure.\n","cves":[],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 33485 de Computer Associates du 19    octobre 2005 :","url":"http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485"}],"reference":"CERTA-2005-AVI-443","revisions":[{"description":"version initiale.","revision_date":"2005-11-08T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":null,"title":"Vuln\u00e9rabilit\u00e9 dans Computer Associates iGateway","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 de Computer Associates 33485 du 19 octobre 2005","url":null}]}