{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"IBM Sterling Connect:Direct pour Microsoft Windows versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2_iFix054","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"IBM WebSphere Application Server Liberty versions 21.0.0.12 \u00e0 23.0.0.x sans le correctif de s\u00e9curit\u00e9 temporaire PH52079 ou ant\u00e9rieures \u00e0 23.0.0.2 (disponible au premier trimestre 2023)","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Sterling Connect:Direct pour Microsoft Windows versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.0.4_iFix060","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"IBM AIX versions 7.3.x sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"AIX","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Sterling Global Mailbox versions 6.0.3.x ant\u00e9rieures \u00e0 6.0.3.8","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Sterling Connect:Direct pour Microsoft Windows versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.4_iFix020","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"IBM VIOS versions 3.1.x sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"VIOS","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Sterling Global Mailbox versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.1","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Sterling Connect:Direct pour Microsoft Windows versions 4.8.0.x ant\u00e9rieures \u00e0 4.8.0.3_iFix052","product":{"name":"Sterling Connect:Direct","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Db2 versions 11.1.x ant\u00e9rieures \u00e0 11.1.4 FP7","product":{"name":"Db2","vendor":{"name":"IBM","scada":false}}},{"description":"IBM AIX versions 7.2.x sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"AIX","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.8","product":{"name":"Db2","vendor":{"name":"IBM","scada":false}}},{"description":"IBM WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 23.0.0.x sans le correctif de s\u00e9curit\u00e9 temporaire PH52095 ou ant\u00e9rieures \u00e0 23.0.0.2 (disponible au premier trimestre 2023)","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Db2 versions 10.5 ant\u00e9rieures \u00e0 10.5 FP11","product":{"name":"Db2","vendor":{"name":"IBM","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-43927","url":"https://www.cve.org/CVERecord?id=CVE-2022-43927"},{"name":"CVE-2020-13956","url":"https://www.cve.org/CVERecord?id=CVE-2020-13956"},{"name":"CVE-2022-46364","url":"https://www.cve.org/CVERecord?id=CVE-2022-46364"},{"name":"CVE-2022-40303","url":"https://www.cve.org/CVERecord?id=CVE-2022-40303"},{"name":"CVE-2022-45787","url":"https://www.cve.org/CVERecord?id=CVE-2022-45787"},{"name":"CVE-2014-3577","url":"https://www.cve.org/CVERecord?id=CVE-2014-3577"},{"name":"CVE-2022-43930","url":"https://www.cve.org/CVERecord?id=CVE-2022-43930"},{"name":"CVE-2022-43929","url":"https://www.cve.org/CVERecord?id=CVE-2022-43929"},{"name":"CVE-2022-42003","url":"https://www.cve.org/CVERecord?id=CVE-2022-42003"},{"name":"CVE-2022-40304","url":"https://www.cve.org/CVERecord?id=CVE-2022-40304"},{"name":"CVE-2022-34165","url":"https://www.cve.org/CVERecord?id=CVE-2022-34165"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 IBM\u00a06953763 du 08 f\u00e9vrier 2023","url":"https://www.ibm.com/support/pages/node/6953763"},{"title":"Bulletin de s\u00e9curit\u00e9 IBM\u00a06953755 du 08 f\u00e9vrier 2023","url":"https://www.ibm.com/support/pages/node/6953755"},{"title":"Bulletin de s\u00e9curit\u00e9 IBM\u00a06954403 du 09 f\u00e9vrier 2023","url":"https://www.ibm.com/support/pages/node/6954403"},{"title":"Bulletin de s\u00e9curit\u00e9 IBM\u00a06953825 du 08 f\u00e9vrier 2023","url":"https://www.ibm.com/support/pages/node/6953825"},{"title":"Bulletin de s\u00e9curit\u00e9 IBM\u00a06954405 du 09 f\u00e9vrier 2023","url":"https://www.ibm.com/support/pages/node/6954405"}],"reference":"CERTFR-2023-AVI-0110","revisions":[{"description":"Version initiale","revision_date":"2023-02-09T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans <span\nclass=\"textit\">IBM</span>. Elles permettent \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la\npolitique de s\u00e9curit\u00e9, un d\u00e9ni de service \u00e0 distance, une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es et\nune injection de code indirecte \u00e0 distance (XSS).\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6953593 du 07 f\u00e9vrier 2023","url":"https://www.ibm.com/support/pages/node/6953593"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6953779 du 08 f\u00e9vrier 2023","url":"https://www.ibm.com/support/pages/node/6953779"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6953757 du 08 f\u00e9vrier 2023","url":"https://www.ibm.com/support/pages/node/6953757"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6953755 du 08 f\u00e9vrier 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6954403 du 09 f\u00e9vrier 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6953825 du 08 f\u00e9vrier 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6954405 du 09 f\u00e9vrier 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6953759 du 08 f\u00e9vrier 2023","url":"https://www.ibm.com/support/pages/node/6953759"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6953763 du 08 f\u00e9vrier 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6954401 du 09 f\u00e9vrier 2023","url":"https://www.ibm.com/support/pages/node/6954401"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6953767 du 08 f\u00e9vrier 2023","url":"https://www.ibm.com/support/pages/node/6953767"}]}