{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753 et 754","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP SuccessFactors Recruiting version 2005","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Solution Manager (Problem Context Manager) version 7.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Liquidity Management for Banking version 6.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":".30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP ERP (Statutory Reporting for Insurance Companies) versions EA-FINSERV 600, 603, 604, 605, 606, 616, 617, 618 et 800; S4CORE 101, 102, 103 et 104","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Commerce (Data Hub) versions 6.7, 1808, 1811 et 1905","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Fiori pour SAP S/4HANA versions 200, 300, 400 et 500","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business Objects Business Intelligence Platform version 4.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Gateway versions 7.40 et 2.00","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business One (Backup service) versions 9.3,et 10.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS ABAP (Banking Services) versions 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D et 75E","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Gateway versions 7.5, 7.51, 7.52 et 7.53","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Solution Manager (Trace Analysis) version 7.20","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Commerce versions 6.7, 1808, 1811 et 1905","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS JAVA (P4 Protocol) versions SAP-JEECOR 7.00 et 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20,","product":{"name":"SAP NetWeaver AS Java","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2020-6266","url":"https://www.cve.org/CVERecord?id=CVE-2020-6266"},{"name":"CVE-2020-6246","url":"https://www.cve.org/CVERecord?id=CVE-2020-6246"},{"name":"CVE-2020-6263","url":"https://www.cve.org/CVERecord?id=CVE-2020-6263"},{"name":"CVE-2020-6271","url":"https://www.cve.org/CVERecord?id=CVE-2020-6271"},{"name":"CVE-2019-17571","url":"https://www.cve.org/CVERecord?id=CVE-2019-17571"},{"name":"CVE-2020-6268","url":"https://www.cve.org/CVERecord?id=CVE-2020-6268"},{"name":"CVE-2019-0319","url":"https://www.cve.org/CVERecord?id=CVE-2019-0319"},{"name":"CVE-2020-6264","url":"https://www.cve.org/CVERecord?id=CVE-2020-6264"},{"name":"CVE-2020-6279","url":"https://www.cve.org/CVERecord?id=CVE-2020-6279"},{"name":"CVE-2020-6269","url":"https://www.cve.org/CVERecord?id=CVE-2020-6269"},{"name":"CVE-2020-6270","url":"https://www.cve.org/CVERecord?id=CVE-2020-6270"},{"name":"CVE-2020-1938","url":"https://www.cve.org/CVERecord?id=CVE-2020-1938"},{"name":"CVE-2020-6239","url":"https://www.cve.org/CVERecord?id=CVE-2020-6239"},{"name":"CVE-2020-6275","url":"https://www.cve.org/CVERecord?id=CVE-2020-6275"},{"name":"CVE-2020-6260","url":"https://www.cve.org/CVERecord?id=CVE-2020-6260"},{"name":"CVE-2020-6265","url":"https://www.cve.org/CVERecord?id=CVE-2020-6265"},{"name":"CVE-2018-1000632","url":"https://www.cve.org/CVERecord?id=CVE-2018-1000632"}],"links":[],"reference":"CERTFR-2020-AVI-350","revisions":[{"description":"Version initiale","revision_date":"2020-06-09T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l'\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP 547426775 du 09 juin 2020","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"}]}