{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAPBASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790 et 791","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS ABAP (Business Server Pages application) versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G et 75H","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"BusinessObjects Business Intelligence (Web Intelligence UI) version 430","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"BusinessObjects Business Intelligence platform (CMC) versions 420 et 430","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS for ABAP and ABAP Platform version 740, 750, 751, 752, 753, 754, 755, 756, 757, 789 et 790","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"CRM (WebClient UI) versions 700, 701, 702, 731, 740, 750, 751 et 752, WEBCUIF 748, 800 et 801, S4FND 102 et 103","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver Application Server for ABAP and ABAP Platform versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789 et 790","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"S/4 HANA (Map Treasury Correspondence Format Data) versions 104 et 105","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Host Agent Service versions 7.21 et 7.22","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Fiori apps 1.0 for travel management in SAP ERP (My Travel Requests) version 600","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"BusinessObjects Business Intelligence platform (Analysis edition for OLAP) versions 420 et 430","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS ABAP (BSP Framework) version 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751 et 752","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"GRC Process Control application versions GRCFND_A V1200, V8100, GRCPINW V1100_700, V1100_731 et V1200_750","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Solution Manager (BSP Application) version 720","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Solution Manager version 720","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS for ABAP and ABAP Platform version 702, 731, 740, 750, 751, 752, 753, 754, 755, 756 et 757","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS for Java (Http Provider Service) version 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Business Planning and Consolidation versions SAP_BW 750, 751, 752, 753, 754, 755, 756 et 757, DWCORE 200 et 300 et CPMBPC 810","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS for ABAP and ABAP Platform versions 740, 750, 751, 752, 753, 754, 755, 756 et 757","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS ABAP (BSP Framework) version 700, 701, 702, 731 et 740","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Business Client versions 6.5, 7.0 et 7.70","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Business Planning and Consolidation versions 200 et 300","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-23854","url":"https://www.cve.org/CVERecord?id=CVE-2023-23854"},{"name":"CVE-2023-0020","url":"https://www.cve.org/CVERecord?id=CVE-2023-0020"},{"name":"CVE-2023-24529","url":"https://www.cve.org/CVERecord?id=CVE-2023-24529"},{"name":"CVE-2023-23859","url":"https://www.cve.org/CVERecord?id=CVE-2023-23859"},{"name":"CVE-2023-25614","url":"https://www.cve.org/CVERecord?id=CVE-2023-25614"},{"name":"CVE-2023-24530","url":"https://www.cve.org/CVERecord?id=CVE-2023-24530"},{"name":"CVE-2023-23851","url":"https://www.cve.org/CVERecord?id=CVE-2023-23851"},{"name":"CVE-2023-23855","url":"https://www.cve.org/CVERecord?id=CVE-2023-23855"},{"name":"CVE-2023-24523","url":"https://www.cve.org/CVERecord?id=CVE-2023-24523"},{"name":"CVE-2023-24528","url":"https://www.cve.org/CVERecord?id=CVE-2023-24528"},{"name":"CVE-2023-0019","url":"https://www.cve.org/CVERecord?id=CVE-2023-0019"},{"name":"CVE-2023-24525","url":"https://www.cve.org/CVERecord?id=CVE-2023-24525"},{"name":"CVE-2023-23852","url":"https://www.cve.org/CVERecord?id=CVE-2023-23852"},{"name":"CVE-2022-41264","url":"https://www.cve.org/CVERecord?id=CVE-2022-41264"},{"name":"CVE-2023-23860","url":"https://www.cve.org/CVERecord?id=CVE-2023-23860"},{"name":"CVE-2022-41268","url":"https://www.cve.org/CVERecord?id=CVE-2022-41268"},{"name":"CVE-2023-23856","url":"https://www.cve.org/CVERecord?id=CVE-2023-23856"},{"name":"CVE-2023-24521","url":"https://www.cve.org/CVERecord?id=CVE-2023-24521"},{"name":"CVE-2023-24522","url":"https://www.cve.org/CVERecord?id=CVE-2023-24522"},{"name":"CVE-2022-41262","url":"https://www.cve.org/CVERecord?id=CVE-2022-41262"},{"name":"CVE-2023-23858","url":"https://www.cve.org/CVERecord?id=CVE-2023-23858"},{"name":"CVE-2023-23853","url":"https://www.cve.org/CVERecord?id=CVE-2023-23853"},{"name":"CVE-2023-0025","url":"https://www.cve.org/CVERecord?id=CVE-2023-0025"},{"name":"CVE-2023-0013","url":"https://www.cve.org/CVERecord?id=CVE-2023-0013"},{"name":"CVE-2023-0024","url":"https://www.cve.org/CVERecord?id=CVE-2023-0024"},{"name":"CVE-2023-24524","url":"https://www.cve.org/CVERecord?id=CVE-2023-24524"}],"links":[],"reference":"CERTFR-2023-AVI-0125","revisions":[{"description":"Version initiale","revision_date":"2023-02-15T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP du 14 f\u00e9vrier 2023","url":"https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=1"}]}