{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<P>Toutes les versions de <SPAN class=\"textit\">Symantec  Brightmail Gateway</SPAN> ant\u00e9rieures \u00e0 la version 8.0.1.</P>","content":"## Description\n\nDes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Brightmail Control Center,\nl'interface Web d'administration de Symantec Brightmail Gateway.\nL'exploitation de ces vuln\u00e9rabilit\u00e9s permet \u00e0 un utilisateur authentifi\u00e9\nd'\u00e9lever ses privil\u00e8ges ou de r\u00e9aliser des injections de code indirectes\n(cross-site scripting).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2009-0064","url":"https://www.cve.org/CVERecord?id=CVE-2009-0064"},{"name":"CVE-2009-0063","url":"https://www.cve.org/CVERecord?id=CVE-2009-0063"}],"links":[],"reference":"CERTA-2009-AVI-161","revisions":[{"description":"version initiale.","revision_date":"2009-04-27T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Des vuln\u00e9rabilit\u00e9s dans <span class=\"textit\">Symantec Brightmail\nGateway</span> permettent une \u00e9l\u00e9vation de privil\u00e8ges ou la r\u00e9alisation\nd'injections de code indirectes (<span class=\"textit\">cross-site\nscripting</span>).\n","title":"Vuln\u00e9rabilit\u00e9s dans Symantec Brightmail Gateway","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Symantec SYM09-005 du 23 avril 2009","url":"http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01"}]}