{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Oracle E-business Suite Release 11i et 12 ;","product":{"name":"N/A","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Application Server 10g ;","product":{"name":"N/A","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle PeopleSoft Enterprise PeopleTools 8.x.","product":{"name":"PeopleSoft","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Database 9i, 10g et 11g ;","product":{"name":"N/A","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle Collaboration Suite 10g ;","product":{"name":"N/A","vendor":{"name":"Oracle","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nHuit vuln\u00e9rabilit\u00e9s affectent Oracle Database, dont sept sont\nexploitables \u00e0 distance, mais n\u00e9cessitent une authentification. Leur\nexploitation permet de porter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l'int\u00e9grit\u00e9\net \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nSix vuln\u00e9rabilit\u00e9s affectent Oracle Application Server, dont cinq sont\nexploitables \u00e0 distance sans authentification pr\u00e9alable. Leur\nexploitation permet de porter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l'int\u00e9grit\u00e9\net \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nUne vuln\u00e9rabilit\u00e9, exploitable sans authentification pr\u00e9alable, concerne\nOracle Collaboration Suite et permet de porter atteinte \u00e0 la\nconfidentialit\u00e9 et \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.\n\nSept vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Oracle E-business Suite, dont\ntrois sont exploitables \u00e0 distance sans authentification pr\u00e9alable. Leur\nexploitation permet de porter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l'int\u00e9grit\u00e9\net \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nQuatre vuln\u00e9rabilit\u00e9s affectent PeopleTools, dont une est exploitable \u00e0\ndistance sans authentification pr\u00e9alable. Leur exploitation permet de\nporter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l'int\u00e9grit\u00e9 et \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2007-4467","url":"https://www.cve.org/CVERecord?id=CVE-2007-4467"},{"name":"CVE-2008-0346","url":"https://www.cve.org/CVERecord?id=CVE-2008-0346"},{"name":"CVE-2008-0343","url":"https://www.cve.org/CVERecord?id=CVE-2008-0343"},{"name":"CVE-2008-0342","url":"https://www.cve.org/CVERecord?id=CVE-2008-0342"},{"name":"CVE-2008-0345","url":"https://www.cve.org/CVERecord?id=CVE-2008-0345"},{"name":"CVE-2008-0347","url":"https://www.cve.org/CVERecord?id=CVE-2008-0347"},{"name":"CVE-2008-0341","url":"https://www.cve.org/CVERecord?id=CVE-2008-0341"},{"name":"CVE-2008-0349","url":"https://www.cve.org/CVERecord?id=CVE-2008-0349"},{"name":"CVE-2008-0348","url":"https://www.cve.org/CVERecord?id=CVE-2008-0348"},{"name":"CVE-2008-0344","url":"https://www.cve.org/CVERecord?id=CVE-2008-0344"},{"name":"CVE-2008-0339","url":"https://www.cve.org/CVERecord?id=CVE-2008-0339"},{"name":"CVE-2008-0340","url":"https://www.cve.org/CVERecord?id=CVE-2008-0340"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Oracle du 15 janvier 2008 :","url":"http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html"}],"reference":"CERTA-2008-AVI-029","revisions":[{"description":"version initiale.","revision_date":"2008-01-18T00:00:00.000000"},{"description":"lien Oracle, syst\u00e8mes affect\u00e9s.","revision_date":"2008-01-29T00:00:00.000000"}],"risks":[{"description":"De provoquer un d\u00e9ni de service \u00e0 distance"},{"description":"De porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"De porter atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"}],"summary":null,"title":"Mutiples vuln\u00e9rabilit\u00e9s des produits Oracle","vendor_advisories":[{"published_at":null,"title":"Bulletin Oracle du 15 janvier 2008","url":null}]}