{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Les versions ant\u00e9rieures \u00e0 la 4.2.","product":{"name":"N/A","vendor":{"name":"Cisco","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nLe Module UCP est un CGI permettant aux utilisateurs de CISCO ACS\n(Access Control Server) de changer leur mot de passe via une page web.\nDes vuln\u00e9rabilit\u00e9s de type d\u00e9passement de m\u00e9moire et injection de code\nindirecte ont \u00e9t\u00e9 corrig\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de CISCO 100519 du 14 mars 2008 pour\nl'obtention des correctifs (cf. section Documentation).\n","cves":[{"name":"CVE-2008-0533","url":"https://www.cve.org/CVERecord?id=CVE-2008-0533"},{"name":"CVE-2008-0532","url":"https://www.cve.org/CVERecord?id=CVE-2008-0532"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Cisco 20080312-ucp du 14 mars 2008 :","url":"http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml"}],"reference":"CERTA-2008-AVI-140","revisions":[{"description":"version initiale.","revision_date":"2008-03-17T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le module UCP (<span\nclass=\"textit\">User Changeable Password</span>).\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans CISCO ACS UCP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 CISCO 100519 du 14 mars 2008","url":null}]}