{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"BANKING SERVICES FROM SAP 9.0(Bank Analyzer) version 500","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Commerce Cloud (Accelerator Payment Mock) versions 1808, 1811, 1905 et 2005","product":{"name":"Commerce Cloud","vendor":{"name":"SAP","scada":false}}},{"description":"SAP ERP versions 600, 602, 603, 604, 605, 606, 616, 617 et 618","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"S/4HANA FIN PROD SUBLDGR version 100","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP S/4 HANA versions 100, 101, 102, 103 et 104","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver (Knowledge Management) versions 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP AS ABAP(DMIS) versions 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752 et 2020","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP S4 HANA(DMIS) versions 101, 102, 103, 104 et 105","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Data Services version 4.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Process Integration (PGP Module \u2013 Business-to-Business Add On) version 1.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Solution Manager (JAVA stack) version 7.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Commerce Cloud versions 1808,1811,1905 et 2005","product":{"name":"Commerce Cloud","vendor":{"name":"SAP","scada":false}}},{"description":"SAP 3D Visual Enterprise Viewer version 9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS ABAP versions 731, 740, 750, 751, 752, 753, 754, 755 et 782","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS JAVA versions 7.20, 7.30, 7.31, 7.40 et 7.50","product":{"name":"SAP NetWeaver AS Java","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Solution Manager (User Experience Monitoring) version 7.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Fiori Launchpad (News Tile Application) versions 750, 751, 752, 753, 754 et 755","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP ERP Client for E-Bilanz 1.0 version 1.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2020-26807","url":"https://www.cve.org/CVERecord?id=CVE-2020-26807"},{"name":"CVE-2020-26811","url":"https://www.cve.org/CVERecord?id=CVE-2020-26811"},{"name":"CVE-2019-0230","url":"https://www.cve.org/CVERecord?id=CVE-2019-0230"},{"name":"CVE-2020-6207","url":"https://www.cve.org/CVERecord?id=CVE-2020-6207"},{"name":"CVE-2020-6284","url":"https://www.cve.org/CVERecord?id=CVE-2020-6284"},{"name":"CVE-2020-26823","url":"https://www.cve.org/CVERecord?id=CVE-2020-26823"},{"name":"CVE-2020-26814","url":"https://www.cve.org/CVERecord?id=CVE-2020-26814"},{"name":"CVE-2020-26820","url":"https://www.cve.org/CVERecord?id=CVE-2020-26820"},{"name":"CVE-2020-26821","url":"https://www.cve.org/CVERecord?id=CVE-2020-26821"},{"name":"CVE-2020-26818","url":"https://www.cve.org/CVERecord?id=CVE-2020-26818"},{"name":"CVE-2020-26815","url":"https://www.cve.org/CVERecord?id=CVE-2020-26815"},{"name":"CVE-2020-26817","url":"https://www.cve.org/CVERecord?id=CVE-2020-26817"},{"name":"CVE-2019-0233","url":"https://www.cve.org/CVERecord?id=CVE-2019-0233"},{"name":"CVE-2020-6311","url":"https://www.cve.org/CVERecord?id=CVE-2020-6311"},{"name":"CVE-2020-26824","url":"https://www.cve.org/CVERecord?id=CVE-2020-26824"},{"name":"CVE-2020-26810","url":"https://www.cve.org/CVERecord?id=CVE-2020-26810"},{"name":"CVE-2020-26822","url":"https://www.cve.org/CVERecord?id=CVE-2020-26822"},{"name":"CVE-2020-26819","url":"https://www.cve.org/CVERecord?id=CVE-2020-26819"},{"name":"CVE-2020-6316","url":"https://www.cve.org/CVERecord?id=CVE-2020-6316"},{"name":"CVE-2020-26809","url":"https://www.cve.org/CVERecord?id=CVE-2020-26809"},{"name":"CVE-2020-26808","url":"https://www.cve.org/CVERecord?id=CVE-2020-26808"}],"links":[],"reference":"CERTFR-2020-AVI-722","revisions":[{"description":"Version initiale","revision_date":"2020-11-10T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l'\u00e9diteur, un contournement de la\npolitique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP 562725571 du 10 novembre 2020","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"}]}