{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer) versions 4.1 et 4.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS ABAP (Web Dynpro ABAP) version SAP_UI 750, 752, 753, 754; SAP_BASIS 700, 710, 730, 731 et 804","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Adaptive Server Enterprise versions 15.7 et 16.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business Objects Business Intelligence Platform (CMC et BI launchpad) version 4.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Adaptive Server Enterprise (XP Server on Windows Platform) versions 15.7 et 16.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business Objects Business Intelligence Platform versions ant\u00e9rieures \u00e0 4.1, 4.2 et 4.3","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Plant Connectivity versions 15.1, 15.2, 15.3 et 15.4","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business Client version 6.5","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Master Data Governance versions 748, 749, 750, 751, 752, 800, 801, 802, 803 et 804","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"AP Business Client version 7.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Adaptive Server Enterprise version 16.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Adaptive Server Enterprise (Cockpit) version 16.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Enterprise Threat Detection versions 1.0 et 2.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Adaptive Server Enterprise (Web Services) versions 15.7 et 16.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Adaptive Server Enterprise (Backup Server) version 16.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business Objects Business Intelligence Platform version 4.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Application Server ABAP versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710 et 740","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business Objects Business Intelligence Platform (Live Data Connect) versions 1.0, 2.0 et 2.x","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Identity Management version 8.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Master Data Governance versions S4CORE 101; S4FND 102, 103, 104 et SAP_BS_FND 748","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2020-6241","url":"https://www.cve.org/CVERecord?id=CVE-2020-6241"},{"name":"CVE-2020-6244","url":"https://www.cve.org/CVERecord?id=CVE-2020-6244"},{"name":"CVE-2020-6257","url":"https://www.cve.org/CVERecord?id=CVE-2020-6257"},{"name":"CVE-2020-6250","url":"https://www.cve.org/CVERecord?id=CVE-2020-6250"},{"name":"CVE-2020-6252","url":"https://www.cve.org/CVERecord?id=CVE-2020-6252"},{"name":"CVE-2020-6258","url":"https://www.cve.org/CVERecord?id=CVE-2020-6258"},{"name":"CVE-2020-6249","url":"https://www.cve.org/CVERecord?id=CVE-2020-6249"},{"name":"CVE-2020-6243","url":"https://www.cve.org/CVERecord?id=CVE-2020-6243"},{"name":"CVE-2020-6262","url":"https://www.cve.org/CVERecord?id=CVE-2020-6262"},{"name":"CVE-2020-6256","url":"https://www.cve.org/CVERecord?id=CVE-2020-6256"},{"name":"CVE-2020-6253","url":"https://www.cve.org/CVERecord?id=CVE-2020-6253"},{"name":"CVE-2020-6240","url":"https://www.cve.org/CVERecord?id=CVE-2020-6240"},{"name":"CVE-2020-6248","url":"https://www.cve.org/CVERecord?id=CVE-2020-6248"},{"name":"CVE-2020-6245","url":"https://www.cve.org/CVERecord?id=CVE-2020-6245"},{"name":"CVE-2020-6254","url":"https://www.cve.org/CVERecord?id=CVE-2020-6254"},{"name":"CVE-2020-6219","url":"https://www.cve.org/CVERecord?id=CVE-2020-6219"},{"name":"CVE-2020-6247","url":"https://www.cve.org/CVERecord?id=CVE-2020-6247"},{"name":"CVE-2020-6242","url":"https://www.cve.org/CVERecord?id=CVE-2020-6242"},{"name":"CVE-2020-6259","url":"https://www.cve.org/CVERecord?id=CVE-2020-6259"},{"name":"CVE-2020-6251","url":"https://www.cve.org/CVERecord?id=CVE-2020-6251"},{"name":"CVE-2019-0352","url":"https://www.cve.org/CVERecord?id=CVE-2019-0352"}],"links":[],"reference":"CERTFR-2020-AVI-283","revisions":[{"description":"Version initiale","revision_date":"2020-05-13T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l'\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP mai 2020 du 12 mai 2020","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"}]}