{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"IBM WebSphere Hybrid Edition 5.1 sans le correctif de s\u00e9curit\u00e9 APAR PH52925","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"IBM WebSphere Automation versions ant\u00e9rieures \u00e0 1.5.2","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"IBM WebSphere Application Server 9.0 sans le correctif de s\u00e9curit\u00e9 APAR PH52925","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.5.0 UP5","product":{"name":"QRadar SIEM","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Db2 Web Queryfor i versions 2.3.0 et 2.4.0 sans le correctif de s\u00e9curit\u00e9 5733WQX","product":{"name":"Db2","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Spectrum Protect Plus Server versions ant\u00e9rieures \u00e0 10.1.12.4","product":{"name":"Spectrum","vendor":{"name":"IBM","scada":false}}},{"description":"IBM HTTP Server for i sans le correctif de s\u00e9curit\u00e9 5770DG1","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.5.0 UP4 IF01","product":{"name":"QRadar SIEM","vendor":{"name":"IBM","scada":false}}},{"description":"QRadar User Behavior Analytics versions 1.0.0 \u00e0 4.1.10 ant\u00e9rieures \u00e0 4.1.11","product":{"name":"QRadar User Behavior Analytics","vendor":{"name":"IBM","scada":false}}},{"description":"IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.4.3 FP9","product":{"name":"QRadar SIEM","vendor":{"name":"IBM","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-28733","url":"https://www.cve.org/CVERecord?id=CVE-2022-28733"},{"name":"CVE-2022-31129","url":"https://www.cve.org/CVERecord?id=CVE-2022-31129"},{"name":"CVE-2022-32189","url":"https://www.cve.org/CVERecord?id=CVE-2022-32189"},{"name":"CVE-2020-24025","url":"https://www.cve.org/CVERecord?id=CVE-2020-24025"},{"name":"CVE-2021-21409","url":"https://www.cve.org/CVERecord?id=CVE-2021-21409"},{"name":"CVE-2023-26283","url":"https://www.cve.org/CVERecord?id=CVE-2023-26283"},{"name":"CVE-2022-30631","url":"https://www.cve.org/CVERecord?id=CVE-2022-30631"},{"name":"CVE-2022-23825","url":"https://www.cve.org/CVERecord?id=CVE-2022-23825"},{"name":"CVE-2021-39227","url":"https://www.cve.org/CVERecord?id=CVE-2021-39227"},{"name":"CVE-2021-23364","url":"https://www.cve.org/CVERecord?id=CVE-2021-23364"},{"name":"CVE-2022-22971","url":"https://www.cve.org/CVERecord?id=CVE-2022-22971"},{"name":"CVE-2021-37701","url":"https://www.cve.org/CVERecord?id=CVE-2021-37701"},{"name":"CVE-2021-25220","url":"https://www.cve.org/CVERecord?id=CVE-2021-25220"},{"name":"CVE-2022-2964","url":"https://www.cve.org/CVERecord?id=CVE-2022-2964"},{"name":"CVE-2021-3677","url":"https://www.cve.org/CVERecord?id=CVE-2021-3677"},{"name":"CVE-2018-19797","url":"https://www.cve.org/CVERecord?id=CVE-2018-19797"},{"name":"CVE-2021-32804","url":"https://www.cve.org/CVERecord?id=CVE-2021-32804"},{"name":"CVE-2018-19827","url":"https://www.cve.org/CVERecord?id=CVE-2018-19827"},{"name":"CVE-2018-15494","url":"https://www.cve.org/CVERecord?id=CVE-2018-15494"},{"name":"CVE-2022-30635","url":"https://www.cve.org/CVERecord?id=CVE-2022-30635"},{"name":"CVE-2018-11694","url":"https://www.cve.org/CVERecord?id=CVE-2018-11694"},{"name":"CVE-2022-41715","url":"https://www.cve.org/CVERecord?id=CVE-2022-41715"},{"name":"CVE-2022-37603","url":"https://www.cve.org/CVERecord?id=CVE-2022-37603"},{"name":"CVE-2018-8036","url":"https://www.cve.org/CVERecord?id=CVE-2018-8036"},{"name":"CVE-2022-25647","url":"https://www.cve.org/CVERecord?id=CVE-2022-25647"},{"name":"CVE-2022-29900","url":"https://www.cve.org/CVERecord?id=CVE-2022-29900"},{"name":"CVE-2022-29901","url":"https://www.cve.org/CVERecord?id=CVE-2022-29901"},{"name":"CVE-2022-36364","url":"https://www.cve.org/CVERecord?id=CVE-2022-36364"},{"name":"CVE-2022-4883","url":"https://www.cve.org/CVERecord?id=CVE-2022-4883"},{"name":"CVE-2022-41966","url":"https://www.cve.org/CVERecord?id=CVE-2022-41966"},{"name":"CVE-2022-21624","url":"https://www.cve.org/CVERecord?id=CVE-2022-21624"},{"name":"CVE-2020-13936","url":"https://www.cve.org/CVERecord?id=CVE-2020-13936"},{"name":"CVE-2022-30629","url":"https://www.cve.org/CVERecord?id=CVE-2022-30629"},{"name":"CVE-2022-40153","url":"https://www.cve.org/CVERecord?id=CVE-2022-40153"},{"name":"CVE-2022-42252","url":"https://www.cve.org/CVERecord?id=CVE-2022-42252"},{"name":"CVE-2022-32148","url":"https://www.cve.org/CVERecord?id=CVE-2022-32148"},{"name":"CVE-2022-40149","url":"https://www.cve.org/CVERecord?id=CVE-2022-40149"},{"name":"CVE-2022-21626","url":"https://www.cve.org/CVERecord?id=CVE-2022-21626"},{"name":"CVE-2020-7764","url":"https://www.cve.org/CVERecord?id=CVE-2020-7764"},{"name":"CVE-2022-41946","url":"https://www.cve.org/CVERecord?id=CVE-2022-41946"},{"name":"CVE-2022-25927","url":"https://www.cve.org/CVERecord?id=CVE-2022-25927"},{"name":"CVE-2022-30630","url":"https://www.cve.org/CVERecord?id=CVE-2022-30630"},{"name":"CVE-2021-37713","url":"https://www.cve.org/CVERecord?id=CVE-2021-37713"},{"name":"CVE-2021-42581","url":"https://www.cve.org/CVERecord?id=CVE-2021-42581"},{"name":"CVE-2022-1705","url":"https://www.cve.org/CVERecord?id=CVE-2022-1705"},{"name":"CVE-2021-37137","url":"https://www.cve.org/CVERecord?id=CVE-2021-37137"},{"name":"CVE-2021-37712","url":"https://www.cve.org/CVERecord?id=CVE-2021-37712"},{"name":"CVE-2022-21724","url":"https://www.cve.org/CVERecord?id=CVE-2022-21724"},{"name":"CVE-2022-46364","url":"https://www.cve.org/CVERecord?id=CVE-2022-46364"},{"name":"CVE-2022-40150","url":"https://www.cve.org/CVERecord?id=CVE-2022-40150"},{"name":"CVE-2022-24999","url":"https://www.cve.org/CVERecord?id=CVE-2022-24999"},{"name":"CVE-2022-30633","url":"https://www.cve.org/CVERecord?id=CVE-2022-30633"},{"name":"CVE-2019-10785","url":"https://www.cve.org/CVERecord?id=CVE-2019-10785"},{"name":"CVE-2022-21628","url":"https://www.cve.org/CVERecord?id=CVE-2022-21628"},{"name":"CVE-2022-24823","url":"https://www.cve.org/CVERecord?id=CVE-2022-24823"},{"name":"CVE-2021-37136","url":"https://www.cve.org/CVERecord?id=CVE-2021-37136"},{"name":"CVE-2022-30632","url":"https://www.cve.org/CVERecord?id=CVE-2022-30632"},{"name":"CVE-2022-37601","url":"https://www.cve.org/CVERecord?id=CVE-2022-37601"},{"name":"CVE-2022-40152","url":"https://www.cve.org/CVERecord?id=CVE-2022-40152"},{"name":"CVE-2021-3807","url":"https://www.cve.org/CVERecord?id=CVE-2021-3807"},{"name":"CVE-2022-46363","url":"https://www.cve.org/CVERecord?id=CVE-2022-46363"},{"name":"CVE-2021-21295","url":"https://www.cve.org/CVERecord?id=CVE-2021-21295"},{"name":"CVE-2022-1962","url":"https://www.cve.org/CVERecord?id=CVE-2022-1962"},{"name":"CVE-2021-23382","url":"https://www.cve.org/CVERecord?id=CVE-2021-23382"},{"name":"CVE-2019-6286","url":"https://www.cve.org/CVERecord?id=CVE-2019-6286"},{"name":"CVE-2022-2795","url":"https://www.cve.org/CVERecord?id=CVE-2022-2795"},{"name":"CVE-2020-5259","url":"https://www.cve.org/CVERecord?id=CVE-2020-5259"},{"name":"CVE-2022-28131","url":"https://www.cve.org/CVERecord?id=CVE-2022-28131"},{"name":"CVE-2021-26401","url":"https://www.cve.org/CVERecord?id=CVE-2021-26401"},{"name":"CVE-2022-24785","url":"https://www.cve.org/CVERecord?id=CVE-2022-24785"},{"name":"CVE-2021-23450","url":"https://www.cve.org/CVERecord?id=CVE-2021-23450"},{"name":"CVE-2018-19839","url":"https://www.cve.org/CVERecord?id=CVE-2018-19839"},{"name":"CVE-2021-43797","url":"https://www.cve.org/CVERecord?id=CVE-2021-43797"},{"name":"CVE-2021-32803","url":"https://www.cve.org/CVERecord?id=CVE-2021-32803"},{"name":"CVE-2022-4254","url":"https://www.cve.org/CVERecord?id=CVE-2022-4254"},{"name":"CVE-2022-2880","url":"https://www.cve.org/CVERecord?id=CVE-2022-2880"},{"name":"CVE-2023-22809","url":"https://www.cve.org/CVERecord?id=CVE-2023-22809"},{"name":"CVE-2018-20821","url":"https://www.cve.org/CVERecord?id=CVE-2018-20821"},{"name":"CVE-2022-45143","url":"https://www.cve.org/CVERecord?id=CVE-2022-45143"},{"name":"CVE-2022-26373","url":"https://www.cve.org/CVERecord?id=CVE-2022-26373"},{"name":"CVE-2022-2879","url":"https://www.cve.org/CVERecord?id=CVE-2022-2879"},{"name":"CVE-2019-6283","url":"https://www.cve.org/CVERecord?id=CVE-2019-6283"},{"name":"CVE-2019-6284","url":"https://www.cve.org/CVERecord?id=CVE-2019-6284"},{"name":"CVE-2022-42898","url":"https://www.cve.org/CVERecord?id=CVE-2022-42898"},{"name":"CVE-2022-25901","url":"https://www.cve.org/CVERecord?id=CVE-2022-25901"},{"name":"CVE-2020-15366","url":"https://www.cve.org/CVERecord?id=CVE-2020-15366"},{"name":"CVE-2022-22970","url":"https://www.cve.org/CVERecord?id=CVE-2022-22970"},{"name":"CVE-2022-1552","url":"https://www.cve.org/CVERecord?id=CVE-2022-1552"},{"name":"CVE-2022-3676","url":"https://www.cve.org/CVERecord?id=CVE-2022-3676"},{"name":"CVE-2022-42890","url":"https://www.cve.org/CVERecord?id=CVE-2022-42890"},{"name":"CVE-2022-23437","url":"https://www.cve.org/CVERecord?id=CVE-2022-23437"},{"name":"CVE-2022-34917","url":"https://www.cve.org/CVERecord?id=CVE-2022-34917"},{"name":"CVE-2021-23343","url":"https://www.cve.org/CVERecord?id=CVE-2021-23343"},{"name":"CVE-2022-2588","url":"https://www.cve.org/CVERecord?id=CVE-2022-2588"},{"name":"CVE-2022-43928","url":"https://www.cve.org/CVERecord?id=CVE-2022-43928"},{"name":"CVE-2021-42740","url":"https://www.cve.org/CVERecord?id=CVE-2021-42740"},{"name":"CVE-2021-3918","url":"https://www.cve.org/CVERecord?id=CVE-2021-3918"},{"name":"CVE-2018-20190","url":"https://www.cve.org/CVERecord?id=CVE-2018-20190"},{"name":"CVE-2022-30580","url":"https://www.cve.org/CVERecord?id=CVE-2022-30580"},{"name":"CVE-2021-21290","url":"https://www.cve.org/CVERecord?id=CVE-2021-21290"},{"name":"CVE-2022-40156","url":"https://www.cve.org/CVERecord?id=CVE-2022-40156"},{"name":"CVE-2022-2625","url":"https://www.cve.org/CVERecord?id=CVE-2022-2625"},{"name":"CVE-2022-40155","url":"https://www.cve.org/CVERecord?id=CVE-2022-40155"},{"name":"CVE-2022-23816","url":"https://www.cve.org/CVERecord?id=CVE-2022-23816"},{"name":"CVE-2022-31197","url":"https://www.cve.org/CVERecord?id=CVE-2022-31197"},{"name":"CVE-2018-19838","url":"https://www.cve.org/CVERecord?id=CVE-2018-19838"},{"name":"CVE-2022-37599","url":"https://www.cve.org/CVERecord?id=CVE-2022-37599"},{"name":"CVE-2021-23368","url":"https://www.cve.org/CVERecord?id=CVE-2021-23368"},{"name":"CVE-2018-11698","url":"https://www.cve.org/CVERecord?id=CVE-2018-11698"},{"name":"CVE-2021-29060","url":"https://www.cve.org/CVERecord?id=CVE-2021-29060"},{"name":"CVE-2022-36033","url":"https://www.cve.org/CVERecord?id=CVE-2022-36033"},{"name":"CVE-2021-3765","url":"https://www.cve.org/CVERecord?id=CVE-2021-3765"},{"name":"CVE-2022-25758","url":"https://www.cve.org/CVERecord?id=CVE-2022-25758"},{"name":"CVE-2021-23362","url":"https://www.cve.org/CVERecord?id=CVE-2021-23362"},{"name":"CVE-2022-21619","url":"https://www.cve.org/CVERecord?id=CVE-2022-21619"},{"name":"CVE-2022-37598","url":"https://www.cve.org/CVERecord?id=CVE-2022-37598"},{"name":"CVE-2022-24839","url":"https://www.cve.org/CVERecord?id=CVE-2022-24839"},{"name":"CVE-2022-40154","url":"https://www.cve.org/CVERecord?id=CVE-2022-40154"},{"name":"CVE-2022-41704","url":"https://www.cve.org/CVERecord?id=CVE-2022-41704"},{"name":"CVE-2022-27664","url":"https://www.cve.org/CVERecord?id=CVE-2022-27664"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 IBM 6967365 du 20 mars 2023","url":"https://www.ibm.com/support/pages/node/6967365"},{"title":"Bulletin de s\u00e9curit\u00e9 IBM 6967333 du 30 mars 2023","url":"https://www.ibm.com/support/pages/node/6967333"}],"reference":"CERTFR-2023-AVI-0276","revisions":[{"description":"Version initiale","revision_date":"2023-03-31T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">IBM</span>. Elles permettent \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une \u00e9l\u00e9vation de\nprivil\u00e8ges, une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es, un contournement de\nla politique de s\u00e9curit\u00e9, une injection de code indirecte \u00e0 distance\n(XSS), une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l'\u00e9diteur.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6967016 du 29 mars 2023","url":"https://www.ibm.com/support/pages/node/6967016"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6967283 du 15 mars 2023","url":"https://www.ibm.com/support/pages/node/6967283"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6967333 du 20 mars 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6967285 du 28 mars 2023","url":"https://www.ibm.com/support/pages/node/6967285"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6966998 du 29 mars 2023","url":"https://www.ibm.com/support/pages/node/6966998"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6967315 du 30 mars 2023","url":"https://www.ibm.com/support/pages/node/6967315"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6967365 du 30 mars 2023","url":null}]}