{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP NetWeaver AS for ABAP (RFC Gateway) versions KRNL32NUC - 7.22, 7.22EXT, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82 et 7.83","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML) versions KRNL64NUC - 7.49, KRNL64UC - 7.49, 7.53, KERNEL - 7.49, 7.53, 7.77, 7.81 et 7.84","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS ABAP et ABAP Platform (SRM_RFC_SUBMIT_REPORT) versions 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 et 755","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS ABAP versions KRNL32NUC - 7.22, 7.22EXT, KRNL32UC - 7.22, 7.22EXT, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83 et 7.84","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for ABAP (Web Survey) versions 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A et 75F","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP) versions SAP_UI \u2013 750, 752, 753, 754, 755, SAP_BASIS \u2013 702, 31","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755 et 804","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver ABAP Server et ABAP Platform (Enqueue Server) versions KRNL32NUC - 7.22, 7.22EXT, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL - 7.22, 8.04, 7.49, 7.53 et 7.73","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business One version 10.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Commerce Cloud version 100","product":{"name":"Commerce Cloud","vendor":{"name":"SAP","scada":false}}},{"description":"SAP 3D Visual Enterprise Viewer version 9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Commerce versions 1808, 1811, 1905, 2005 et 2011","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Fiori Apps 2.0 for Travel Management in SAP ERP version 608","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for Java (UserAdmin) versions 7.11,7.20,7.30,7.31,7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for JAVA versions 7.20, 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Manufacturing Execution versions 15.1, 1.5.2, 15.3 et 15.4","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver ABAP Server et ABAP Platform (Dispatcher) versions KRNL32NUC - 7.22, 7.22EXT, KRNL32UC - 7.22, 7.22EXT, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC - 8.04, 7.22, 7.22EXT, 7.49, 7.53, 7.73, KERNEL - 7.22, 8.04, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82 et 7.83","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Enable Now (SAP Workforce Performance Builder - Manager) versions 10.0 et 1.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS (Internet Graphics Server \u2013 Portwatcher) versions 7.20, 7.20EXT, 7.53, 7.20_EX2 et 7.81","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2021-27606","url":"https://www.cve.org/CVERecord?id=CVE-2021-27606"},{"name":"CVE-2021-27610","url":"https://www.cve.org/CVERecord?id=CVE-2021-27610"},{"name":"CVE-2021-27639","url":"https://www.cve.org/CVERecord?id=CVE-2021-27639"},{"name":"CVE-2021-27631","url":"https://www.cve.org/CVERecord?id=CVE-2021-27631"},{"name":"CVE-2021-27624","url":"https://www.cve.org/CVERecord?id=CVE-2021-27624"},{"name":"CVE-2021-33666","url":"https://www.cve.org/CVERecord?id=CVE-2021-33666"},{"name":"CVE-2021-27627","url":"https://www.cve.org/CVERecord?id=CVE-2021-27627"},{"name":"CVE-2021-27638","url":"https://www.cve.org/CVERecord?id=CVE-2021-27638"},{"name":"CVE-2021-27607","url":"https://www.cve.org/CVERecord?id=CVE-2021-27607"},{"name":"CVE-2021-27625","url":"https://www.cve.org/CVERecord?id=CVE-2021-27625"},{"name":"CVE-2021-27634","url":"https://www.cve.org/CVERecord?id=CVE-2021-27634"},{"name":"CVE-2021-27642","url":"https://www.cve.org/CVERecord?id=CVE-2021-27642"},{"name":"CVE-2021-27628","url":"https://www.cve.org/CVERecord?id=CVE-2021-27628"},{"name":"CVE-2021-27641","url":"https://www.cve.org/CVERecord?id=CVE-2021-27641"},{"name":"CVE-2021-27620","url":"https://www.cve.org/CVERecord?id=CVE-2021-27620"},{"name":"CVE-2021-33661","url":"https://www.cve.org/CVERecord?id=CVE-2021-33661"},{"name":"CVE-2021-27630","url":"https://www.cve.org/CVERecord?id=CVE-2021-27630"},{"name":"CVE-2021-33659","url":"https://www.cve.org/CVERecord?id=CVE-2021-33659"},{"name":"CVE-2021-27637","url":"https://www.cve.org/CVERecord?id=CVE-2021-27637"},{"name":"CVE-2021-27623","url":"https://www.cve.org/CVERecord?id=CVE-2021-27623"},{"name":"CVE-2021-33662","url":"https://www.cve.org/CVERecord?id=CVE-2021-33662"},{"name":"CVE-2021-27629","url":"https://www.cve.org/CVERecord?id=CVE-2021-27629"},{"name":"CVE-2021-27632","url":"https://www.cve.org/CVERecord?id=CVE-2021-27632"},{"name":"CVE-2021-27633","url":"https://www.cve.org/CVERecord?id=CVE-2021-27633"},{"name":"CVE-2021-33664","url":"https://www.cve.org/CVERecord?id=CVE-2021-33664"},{"name":"CVE-2021-21490","url":"https://www.cve.org/CVERecord?id=CVE-2021-21490"},{"name":"CVE-2021-27643","url":"https://www.cve.org/CVERecord?id=CVE-2021-27643"},{"name":"CVE-2021-27597","url":"https://www.cve.org/CVERecord?id=CVE-2021-27597"},{"name":"CVE-2021-33665","url":"https://www.cve.org/CVERecord?id=CVE-2021-33665"},{"name":"CVE-2021-27615","url":"https://www.cve.org/CVERecord?id=CVE-2021-27615"},{"name":"CVE-2021-33663","url":"https://www.cve.org/CVERecord?id=CVE-2021-33663"},{"name":"CVE-2021-27635","url":"https://www.cve.org/CVERecord?id=CVE-2021-27635"},{"name":"CVE-2021-33660","url":"https://www.cve.org/CVERecord?id=CVE-2021-33660"},{"name":"CVE-2021-27605","url":"https://www.cve.org/CVERecord?id=CVE-2021-27605"},{"name":"CVE-2021-27626","url":"https://www.cve.org/CVERecord?id=CVE-2021-27626"},{"name":"CVE-2021-27621","url":"https://www.cve.org/CVERecord?id=CVE-2021-27621"},{"name":"CVE-2021-27622","url":"https://www.cve.org/CVERecord?id=CVE-2021-27622"},{"name":"CVE-2021-21473","url":"https://www.cve.org/CVERecord?id=CVE-2021-21473"},{"name":"CVE-2021-27640","url":"https://www.cve.org/CVERecord?id=CVE-2021-27640"},{"name":"CVE-2021-27602","url":"https://www.cve.org/CVERecord?id=CVE-2021-27602"}],"links":[],"reference":"CERTFR-2021-AVI-440","revisions":[{"description":"Version initiale","revision_date":"2021-06-08T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP du 08 juin 2021","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999"}]}