{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Versions ant\u00e9rieures \u00e0 RSA enVision 4.1 Patch 4.","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nLes correctifs concernent cinq vuln\u00e9rabilit\u00e9s :\n\n-   la pr\u00e9sence d'identifiants inscrits en dur dans le code ;\n-   plusieurs \u00ab injections SQL \u00bb ;\n-   un parcours arbitraire des r\u00e9pertoires ;\n-   une restriction inappropri\u00e9e lors de nombreuses tentatives de\n    connexion ;\n-   plusieurs injections de code dites XSS.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2012-0400","url":"https://www.cve.org/CVERecord?id=CVE-2012-0400"},{"name":"CVE-2012-0403","url":"https://www.cve.org/CVERecord?id=CVE-2012-0403"},{"name":"CVE-2012-0402","url":"https://www.cve.org/CVERecord?id=CVE-2012-0402"},{"name":"CVE-2012-0399","url":"https://www.cve.org/CVERecord?id=CVE-2012-0399"},{"name":"CVE-2012-0401","url":"https://www.cve.org/CVERecord?id=CVE-2012-0401"}],"links":[{"title":"R\u00e9f\u00e9rence EMC ESA-2012-014 :","url":"http://archives.neohapsis.com/archives/bugtraq/2012-03/att-0081/ESA-2012-014.txt"}],"reference":"CERTA-2012-AVI-162","revisions":[{"description":"version initiale.","revision_date":"2012-03-21T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans <span\nclass=\"textit\">RSA enVision</span>. L'exploitation de ces vuln\u00e9rabilit\u00e9s\npouvait conduire \u00e0 une prise de contr\u00f4le du serveur \u00e0 distance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans RSA enVision","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 ESA-2012-014","url":null}]}