{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SAP Web Dispatcher and Internet Communication Manager versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22,7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21,7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82,7.83, KERNEL 7.21, 7.22,7.49, 7.53, 7.73, 7.77, 7.81, 7.82 et 7.83","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Process Integration version 7.50","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Commerce versions 1905, 2005 et 2011","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Application Interface Framework (Message Monitoring and Message Monitoring for Administrators Application versions 600 et 700","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for ABAP and ABAP Platform versions 740, 750, 751, 752, 753, 754, 755, 756, 757 et 791","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Landscape Management version 3.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Application Interface Framework (ODATA service) versions 755 et 756","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS for ABAP (Business Server Pages) versions 700, 701, 702, 731, 740,750, 751, 752, 753, 754, 755, 756 et 757","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430","product":{"name":"SAP BusinessObjects Business Intelligence","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver AS Java for Deploy Service version 7.50","product":{"name":"SAP NetWeaver AS Java","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Business Client versions 6.5, 7.0 et 7.70","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Application Interface Framework (Log Message View of Message Dashboard) versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D et 75E","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP CRM versions 700, 701, 702, 712 et 713","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SapSetup (Software Installation Program) version 9.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Diagnostics Agent (OSCommand Bridge and EventLogServiceCollector) version 720","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP HCM Fiori App My Forms (Fiori 2.0) version 605","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Enterprise Portal version 7.50","product":{"name":"NetWeaver Enterprise Portal","vendor":{"name":"SAP","scada":false}}},{"description":"SAP CRM (WebClient UI) versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800 et 801","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver (BI CONT ADDON) versions 707, 737, 747 et 757","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP GUI for HTML versions KERNEL 7.22, 7.53, 7.547.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22 et 7.22EXT","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Application Interface Framework (Custom Hint of Message Dashboard Application versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D et 75E","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP NetWeaver Application Server for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757 et 791","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"ABAP Platform and SAP Web Dispatcher versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89 et 7.91","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"SAP Fiori apps 1.0 for travel management in SAP ERP (My Travel Requests) version 600","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-24527","url":"https://www.cve.org/CVERecord?id=CVE-2023-24527"},{"name":"CVE-2023-29185","url":"https://www.cve.org/CVERecord?id=CVE-2023-29185"},{"name":"CVE-2023-29189","url":"https://www.cve.org/CVERecord?id=CVE-2023-29189"},{"name":"CVE-2023-29109","url":"https://www.cve.org/CVERecord?id=CVE-2023-29109"},{"name":"CVE-2020-13936","url":"https://www.cve.org/CVERecord?id=CVE-2020-13936"},{"name":"CVE-2023-27897","url":"https://www.cve.org/CVERecord?id=CVE-2023-27897"},{"name":"CVE-2023-29187","url":"https://www.cve.org/CVERecord?id=CVE-2023-29187"},{"name":"CVE-2022-41272","url":"https://www.cve.org/CVERecord?id=CVE-2022-41272"},{"name":"CVE-2023-24528","url":"https://www.cve.org/CVERecord?id=CVE-2023-24528"},{"name":"CVE-2023-26458","url":"https://www.cve.org/CVERecord?id=CVE-2023-26458"},{"name":"CVE-2023-29186","url":"https://www.cve.org/CVERecord?id=CVE-2023-29186"},{"name":"CVE-2021-33683","url":"https://www.cve.org/CVERecord?id=CVE-2021-33683"},{"name":"CVE-2023-27267","url":"https://www.cve.org/CVERecord?id=CVE-2023-27267"},{"name":"CVE-2023-28763","url":"https://www.cve.org/CVERecord?id=CVE-2023-28763"},{"name":"CVE-2023-29110","url":"https://www.cve.org/CVERecord?id=CVE-2023-29110"},{"name":"CVE-2023-27499","url":"https://www.cve.org/CVERecord?id=CVE-2023-27499"},{"name":"CVE-2023-28761","url":"https://www.cve.org/CVERecord?id=CVE-2023-28761"},{"name":"CVE-2023-27269","url":"https://www.cve.org/CVERecord?id=CVE-2023-27269"},{"name":"CVE-2023-27497","url":"https://www.cve.org/CVERecord?id=CVE-2023-27497"},{"name":"CVE-2023-1903","url":"https://www.cve.org/CVERecord?id=CVE-2023-1903"},{"name":"CVE-2023-29111","url":"https://www.cve.org/CVERecord?id=CVE-2023-29111"},{"name":"CVE-2023-29108","url":"https://www.cve.org/CVERecord?id=CVE-2023-29108"},{"name":"CVE-2023-28765","url":"https://www.cve.org/CVERecord?id=CVE-2023-28765"},{"name":"CVE-2023-29112","url":"https://www.cve.org/CVERecord?id=CVE-2023-29112"}],"links":[],"reference":"CERTFR-2023-AVI-0301","revisions":[{"description":"Version initiale","revision_date":"2023-04-12T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d'entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP du 11 avril 2023","url":"https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=1"}]}