{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SolarWinds Orion API version 2018.4 sans le correctif SUPERNOVA Patch (publi\u00e9 le 23 D\u00e9cembre 2020)","product":{"name":"Orion","vendor":{"name":"SolarWinds","scada":false}}},{"description":"SolarWinds Orion API version 2020.2.1 sans le correctif HF 2 (publi\u00e9 le 15 D\u00e9cembre 2020)","product":{"name":"Orion","vendor":{"name":"SolarWinds","scada":false}}},{"description":"SolarWinds Orion API version 2019.2 sans le correctif SUPERNOVA Patch (publi\u00e9 le 23 D\u00e9cembre 2020)","product":{"name":"Orion","vendor":{"name":"SolarWinds","scada":false}}},{"description":"SolarWinds Orion API version 2019.4 sans le correctif HF 6 (publi\u00e9 le 14 D\u00e9cembre 2020)","product":{"name":"Orion","vendor":{"name":"SolarWinds","scada":false}}},{"description":"SolarWinds Orion API version 2018.2 sans le correctif SUPERNOVA Patch (publi\u00e9 le 23 D\u00e9cembre 2020)","product":{"name":"Orion","vendor":{"name":"SolarWinds","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2020-10148","url":"https://www.cve.org/CVERecord?id=CVE-2020-10148"}],"links":[],"reference":"CERTFR-2020-AVI-845","revisions":[{"description":"Version initiale","revision_date":"2020-12-28T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans l'API Orion de SolarWinds. Elle\npermet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n","title":"Vuln\u00e9rabilit\u00e9 dans SolarWinds Orion API","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SolarWinds 843464 du 26 d\u00e9cembre 2020","url":"https://kb.cert.org/vuls/id/843464"}]}