{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"IBM QRadar SIEM versions 7.5.0 UPx ant\u00e9rieures \u00e0 7.5.0 UP5","product":{"name":"QRadar SIEM","vendor":{"name":"IBM","scada":false}}},{"description":"IBM WebSphere Extreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.5 incluant le correctif de s\u00e9curit\u00e9 PH53340","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"IBM WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.14 incluant le correctif de s\u00e9curit\u00e9 PH52925","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"IBM QRadar SIEM versions 7.4.3 FPx ant\u00e9rieures \u00e0 7.4.3 FP9","product":{"name":"QRadar SIEM","vendor":{"name":"IBM","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-26283","url":"https://www.cve.org/CVERecord?id=CVE-2023-26283"},{"name":"CVE-2018-15494","url":"https://www.cve.org/CVERecord?id=CVE-2018-15494"},{"name":"CVE-2019-11358","url":"https://www.cve.org/CVERecord?id=CVE-2019-11358"},{"name":"CVE-2022-43863","url":"https://www.cve.org/CVERecord?id=CVE-2022-43863"},{"name":"CVE-2020-11022","url":"https://www.cve.org/CVERecord?id=CVE-2020-11022"},{"name":"CVE-2015-9251","url":"https://www.cve.org/CVERecord?id=CVE-2015-9251"},{"name":"CVE-2012-6708","url":"https://www.cve.org/CVERecord?id=CVE-2012-6708"},{"name":"CVE-2020-7656","url":"https://www.cve.org/CVERecord?id=CVE-2020-7656"},{"name":"CVE-2020-11023","url":"https://www.cve.org/CVERecord?id=CVE-2020-11023"}],"links":[],"reference":"CERTFR-2023-AVI-0250","revisions":[{"description":"Version initiale","revision_date":"2023-03-22T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits <span\nclass=\"textit\">IBM</span>. Elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, une injection de code\nindirecte \u00e0 distance (XSS), une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6964836 du 21 mars 2023","url":"https://www.ibm.com/support/pages/node/6964836"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6964844 du 21 mars 2023","url":"https://www.ibm.com/support/pages/node/6964844"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6964862 du 21 mars 2023","url":"https://www.ibm.com/support/pages/node/6964862"}]}