{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Stormshield Network Security (SNS) versions ant\u00e9rieures \u00e0 4.1.1. Cette version est la seule qui corrige toutes les vuln\u00e9rabilit\u00e9s mentionn\u00e9es dans les avis Stormshield dont les liens sont pr\u00e9sent\u00e9s ici. Nous invitons nos lecteurs \u00e0 faire leur propre analyse de risque quant au choix de la version qui correspond le mieux \u00e0 leurs besoins.","product":{"name":"Stormshield Network Security","vendor":{"name":"Stormshield","scada":false}}},{"description":"Netasq versions 9.x","product":{"name":"N/A","vendor":{"name":"Stormshield","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2019-11139","url":"https://www.cve.org/CVERecord?id=CVE-2019-11139"},{"name":"CVE-2019-0117","url":"https://www.cve.org/CVERecord?id=CVE-2019-0117"},{"name":"CVE-2019-11157","url":"https://www.cve.org/CVERecord?id=CVE-2019-11157"},{"name":"CVE-2020-0549","url":"https://www.cve.org/CVERecord?id=CVE-2020-0549"},{"name":"CVE-2016-8858","url":"https://www.cve.org/CVERecord?id=CVE-2016-8858"},{"name":"CVE-2020-11711","url":"https://www.cve.org/CVERecord?id=CVE-2020-11711"},{"name":"CVE-2019-14607","url":"https://www.cve.org/CVERecord?id=CVE-2019-14607"},{"name":"CVE-2018-12207","url":"https://www.cve.org/CVERecord?id=CVE-2018-12207"},{"name":"CVE-2019-0184","url":"https://www.cve.org/CVERecord?id=CVE-2019-0184"},{"name":"CVE-2019-0123","url":"https://www.cve.org/CVERecord?id=CVE-2019-0123"},{"name":"CVE-2020-0548","url":"https://www.cve.org/CVERecord?id=CVE-2020-0548"}],"links":[],"reference":"CERTFR-2020-AVI-618","revisions":[{"description":"Version initiale","revision_date":"2020-10-05T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nStormshield. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Stormshield 2020-013 du 17 septembre 2020","url":"https://advisories.stormshield.eu/2020-013/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Stormshield 2020-012 du 17 septembre 2020","url":"https://advisories.stormshield.eu/2020-012/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Stormshield 2019-013 du 17 septembre 2020","url":"https://advisories.stormshield.eu/2019-013/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Stormshield 2019-026 du 17 septembre 2020","url":"https://advisories.stormshield.eu/2019-026/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Stormshield 2020-011 du 17 septembre 2020","url":"https://advisories.stormshield.eu/2020-011/"}]}