{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP NetWeaver Master Data Management versions 710 et 710.750","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for JAVA (Telnet Commands) versions SERVERCORE 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50,","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Solution Manager version 7.20","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Setup version 9.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for JAVA (Telnet Commands) versions J2EE-FRMW 7.10, 7.20, 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for JAVA (Telnet Commands) versions ESP_FRAMEWORK 7.10, 7.20, 7.30, 7.31, 7.40 et 7.50,","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for Java (Applications based on HTMLB for Java) versions EP-BASIS 7.10, 7.11, 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Manufacturing Execution (System Rules) versions 15.1, 15.2, 15.3 et 15.4","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Process Integration (Enterprise Service Repository JAVA Mappings) versions 7.10, 7.20, 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for Java (Applications based on HTMLB for Java) versions FRAMEWORK-EXT 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Commerce versions 1808, 1811, 1905, 2005 et 2011","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Focused RUN versions 200 et 300","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for JAVA (Telnet Commands) versions ENGINEAPI 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for JAVA (HTTP Service) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Fiori Apps 2.0 for Travel Management in SAP ERP version 608","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for JAVA (Customer Usage Provisioning Servlet) versions 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Process Integration (Integration Builder Framework) versions 7.10, 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for Java (Applications based on HTMLB for Java) versions FRAMEWORK 7.10 et 7.11","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for ABAP versions 731, 740 et 750","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2021-27600","url":"https://www.cve.org/CVERecord?id=CVE-2021-27600"},{"name":"CVE-2021-27599","url":"https://www.cve.org/CVERecord?id=CVE-2021-27599"},{"name":"CVE-2021-27601","url":"https://www.cve.org/CVERecord?id=CVE-2021-27601"},{"name":"CVE-2021-21485","url":"https://www.cve.org/CVERecord?id=CVE-2021-21485"},{"name":"CVE-2021-21483","url":"https://www.cve.org/CVERecord?id=CVE-2021-21483"},{"name":"CVE-2021-27608","url":"https://www.cve.org/CVERecord?id=CVE-2021-27608"},{"name":"CVE-2021-27603","url":"https://www.cve.org/CVERecord?id=CVE-2021-27603"},{"name":"CVE-2021-27604","url":"https://www.cve.org/CVERecord?id=CVE-2021-27604"},{"name":"CVE-2021-27609","url":"https://www.cve.org/CVERecord?id=CVE-2021-27609"},{"name":"CVE-2021-27598","url":"https://www.cve.org/CVERecord?id=CVE-2021-27598"},{"name":"CVE-2021-21482","url":"https://www.cve.org/CVERecord?id=CVE-2021-21482"},{"name":"CVE-2021-27605","url":"https://www.cve.org/CVERecord?id=CVE-2021-27605"},{"name":"CVE-2021-21492","url":"https://www.cve.org/CVERecord?id=CVE-2021-21492"},{"name":"CVE-2021-27602","url":"https://www.cve.org/CVERecord?id=CVE-2021-27602"}],"links":[],"reference":"CERTFR-2021-AVI-251","revisions":[{"description":"Version initiale","revision_date":"2021-04-13T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"D\u00e9ni de service"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l'\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP 573801649 du 13 avril 2021","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649"}]}