{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP Web Application Server 6.x ;","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeater 7.x (2004s) ;","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeater 4.x (2004) ;","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Web Application Server 7.x.","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Enterprise Portal 6.x ;","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUn d\u00e9faut de validation de param\u00e8tres pass\u00e9s \u00e0 l'interface J2EE Web\nServices Navigator peut \u00eatre utilis\u00e9 par une personne malintentionn\u00e9e\npour ex\u00e9cuter \u00e0 distance du code dans le contexte du navigateur de la\nvictime visualisant le site vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[],"links":[],"reference":"CERTA-2010-AVI-331","revisions":[{"description":"version initiale.","revision_date":"2010-07-22T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance"}],"summary":"Une vuln\u00e9rabilit\u00e9 dans SAP J2EE permettant une attaque en injection de\ncode indirecte \u00e0 distance a \u00e9t\u00e9 corrig\u00e9e.\n","title":"Vuln\u00e9rabilit\u00e9 dans SAP J2EE","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP 1169248","url":"https://service.sap.com/sap/support/notes/1169248"}]}