{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP BusinessObjects Business Intelligence Platform (SAPUI5) versions 420 et 430","product":{"name":"SAP BusinessObjects Business Intelligence","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Development Infrastructure (Notification Service) versions 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Development Infrastructure (Component Build Service) versions 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver (Knowledge Management) versions 7.30, 7.31, 7.40 et 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Cloud Connector version 2.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business One version 10.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP BusinessObjects Business Intelligence Platform (Crystal Report) versions 420 et 430","product":{"name":"SAP BusinessObjects Business Intelligence","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50","product":{"name":"NetWeaver Enterprise Portal","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Fiori Client Native Mobile pour Android version 3.2","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"DMIS Mobile Plug-In versions DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752 et 2020","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS ABAP and ABAP Platform (SRM_RFC_SUBMIT_REPORT) versions 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 et 755","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP S/4HANA versions SAPSCORE 125, S4CORE 102, 102, 103, 104 et 105","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Enterprise Portal (Application Extensions) versions 7.30, 7.31, 7.40 et 7.50","product":{"name":"NetWeaver Enterprise Portal","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2021-33690","url":"https://www.cve.org/CVERecord?id=CVE-2021-33690"},{"name":"CVE-2021-33705","url":"https://www.cve.org/CVERecord?id=CVE-2021-33705"},{"name":"CVE-2021-33702","url":"https://www.cve.org/CVERecord?id=CVE-2021-33702"},{"name":"CVE-2021-33694","url":"https://www.cve.org/CVERecord?id=CVE-2021-33694"},{"name":"CVE-2021-33697","url":"https://www.cve.org/CVERecord?id=CVE-2021-33697"},{"name":"CVE-2021-33700","url":"https://www.cve.org/CVERecord?id=CVE-2021-33700"},{"name":"CVE-2021-33698","url":"https://www.cve.org/CVERecord?id=CVE-2021-33698"},{"name":"CVE-2021-33695","url":"https://www.cve.org/CVERecord?id=CVE-2021-33695"},{"name":"CVE-2021-33691","url":"https://www.cve.org/CVERecord?id=CVE-2021-33691"},{"name":"CVE-2021-33703","url":"https://www.cve.org/CVERecord?id=CVE-2021-33703"},{"name":"CVE-2021-33701","url":"https://www.cve.org/CVERecord?id=CVE-2021-33701"},{"name":"CVE-2021-33707","url":"https://www.cve.org/CVERecord?id=CVE-2021-33707"},{"name":"CVE-2021-33699","url":"https://www.cve.org/CVERecord?id=CVE-2021-33699"},{"name":"CVE-2021-33704","url":"https://www.cve.org/CVERecord?id=CVE-2021-33704"},{"name":"CVE-2021-33696","url":"https://www.cve.org/CVERecord?id=CVE-2021-33696"},{"name":"CVE-2021-21473","url":"https://www.cve.org/CVERecord?id=CVE-2021-21473"},{"name":"CVE-2021-33692","url":"https://www.cve.org/CVERecord?id=CVE-2021-33692"},{"name":"CVE-2021-33693","url":"https://www.cve.org/CVERecord?id=CVE-2021-33693"}],"links":[],"reference":"CERTFR-2021-AVI-607","revisions":[{"description":"Version initiale","revision_date":"2021-08-10T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l'\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP du 10 ao\u00fbt 2021","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806"}]}