{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP NetWeaver (XML Toolkit for JAVA) ENGINEAPI versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business Objects Business Intelligence Platform (BI Launchpad, bipodata, CMC, Web Intelligence HTML Interface) versions 4.1, 4.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business Client version 6.5","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Disclosure Management, version 1.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver (ABAP Server) et plate-formes ABAP versions 731, 740, 750","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30, 7.31, 7.40, 7.50","product":{"name":"SAP NetWeaver AS Java","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50","product":{"name":"SAP NetWeaver AS Java","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2020-6282","url":"https://www.cve.org/CVERecord?id=CVE-2020-6282"},{"name":"CVE-2020-6280","url":"https://www.cve.org/CVERecord?id=CVE-2020-6280"},{"name":"CVE-2020-6222","url":"https://www.cve.org/CVERecord?id=CVE-2020-6222"},{"name":"CVE-2020-6286","url":"https://www.cve.org/CVERecord?id=CVE-2020-6286"},{"name":"CVE-2020-6276","url":"https://www.cve.org/CVERecord?id=CVE-2020-6276"},{"name":"CVE-2020-6289","url":"https://www.cve.org/CVERecord?id=CVE-2020-6289"},{"name":"CVE-2020-6292","url":"https://www.cve.org/CVERecord?id=CVE-2020-6292"},{"name":"CVE-2020-6281","url":"https://www.cve.org/CVERecord?id=CVE-2020-6281"},{"name":"CVE-2020-6290","url":"https://www.cve.org/CVERecord?id=CVE-2020-6290"},{"name":"CVE-2020-6287","url":"https://www.cve.org/CVERecord?id=CVE-2020-6287"},{"name":"CVE-2020-6285","url":"https://www.cve.org/CVERecord?id=CVE-2020-6285"},{"name":"CVE-2020-6291","url":"https://www.cve.org/CVERecord?id=CVE-2020-6291"},{"name":"CVE-2020-6278","url":"https://www.cve.org/CVERecord?id=CVE-2020-6278"},{"name":"CVE-2020-6267","url":"https://www.cve.org/CVERecord?id=CVE-2020-6267"}],"links":[],"reference":"CERTFR-2020-AVI-432","revisions":[{"description":"Version initiale","revision_date":"2020-07-15T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SAP . Certaines\nd'entre elles permettent \u00e0 un attaquant de provoquer un contournement de\nla politique de s\u00e9curit\u00e9, une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP du 14 juillet 2020","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675"}]}