{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Platform Automation Toolkit versions 4.2.x ant\u00e9rieures \u00e0 4.2.8","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Tanzu Application Service for VMs versions 4.0.x avec Jammy Stemcells ant\u00e9rieures \u00e0 1.80","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Platform Automation Toolkit versions 4.3.x ant\u00e9rieures \u00e0 4.3.5","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Isolation Segment versions 3.0.x ant\u00e9rieures \u00e0 3.0.7 avec Jammy Stemcells ant\u00e9rieures \u00e0 1.80","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Isolation Segment versions 4.0.x avec Jammy Stemcells ant\u00e9rieures \u00e0 1.80","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Isolation Segment versions 2.8.x avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Platform Automation Toolkit versions 5.0.x ant\u00e9rieures \u00e0 5.0.24","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Platform Automation Toolkit versions 4.0.x ant\u00e9rieures \u00e0 4.0.13","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Tanzu Application Service for VMs versions 2.13.x ant\u00e9rieures \u00e0 2.13.15 avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Isolation Segment versions 2.11.x ant\u00e9rieures \u00e0 2.11.27 avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Tanzu Greenplum for Kubernetes versions ant\u00e9rieures \u00e0 2.0.0","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Platform Automation Toolkit versions 4.1.x ant\u00e9rieures \u00e0 4.1.13","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Tanzu Application Service for VMs versions 2.10.x avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Tanzu Application Service for VMs versions 2.12.x ant\u00e9rieures \u00e0 2.12.22 avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Platform Automation Toolkit versions 4.4.x ant\u00e9rieures \u00e0 4.4.31","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Tanzu Application Service for VMs versions 3.0.x ant\u00e9rieures \u00e0 3.0.7 avec Jammy Stemcells ant\u00e9rieures \u00e0 1.80","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Tanzu Application Service for VMs versions 2.9.x avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Tanzu Application Service for VMs versions 2.8.x avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Isolation Segment versions 2.9.x avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Tanzu RabbitMQ for VMs versions 2.2.x avec Jammy Stemcells ant\u00e9rieures \u00e0 1.80","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Operations Manager 2.10.x versions ant\u00e9rieures 2.10.52","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Operations Manager 3.0.x versions ant\u00e9rieures 3.0.4","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Isolation Segment versions 2.13.x ant\u00e9rieures \u00e0 2.13.12 avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Tanzu Application Service for VMs versions 2.11.x ant\u00e9rieures \u00e0 2.11.33 avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Isolation Segment versions 2.10.x avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}},{"description":"Isolation Segment versions 2.12.x ant\u00e9rieures \u00e0 2.12.17 avec Xenial Stemcells ant\u00e9rieures \u00e0 621.376","product":{"name":"Tanzu","vendor":{"name":"VMware","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2019-25013","url":"https://www.cve.org/CVERecord?id=CVE-2019-25013"},{"name":"CVE-2022-3591","url":"https://www.cve.org/CVERecord?id=CVE-2022-3591"},{"name":"CVE-2022-45061","url":"https://www.cve.org/CVERecord?id=CVE-2022-45061"},{"name":"CVE-2022-3324","url":"https://www.cve.org/CVERecord?id=CVE-2022-3324"},{"name":"CVE-2022-41916","url":"https://www.cve.org/CVERecord?id=CVE-2022-41916"},{"name":"CVE-2022-43552","url":"https://www.cve.org/CVERecord?id=CVE-2022-43552"},{"name":"CVE-2022-3256","url":"https://www.cve.org/CVERecord?id=CVE-2022-3256"},{"name":"CVE-2017-11671","url":"https://www.cve.org/CVERecord?id=CVE-2017-11671"},{"name":"CVE-2022-2581","url":"https://www.cve.org/CVERecord?id=CVE-2022-2581"},{"name":"CVE-2022-2345","url":"https://www.cve.org/CVERecord?id=CVE-2022-2345"},{"name":"CVE-2022-43551","url":"https://www.cve.org/CVERecord?id=CVE-2022-43551"},{"name":"CVE-2016-10228","url":"https://www.cve.org/CVERecord?id=CVE-2016-10228"},{"name":"CVE-2022-38533","url":"https://www.cve.org/CVERecord?id=CVE-2022-38533"},{"name":"CVE-2022-3099","url":"https://www.cve.org/CVERecord?id=CVE-2022-3099"},{"name":"CVE-2020-27618","url":"https://www.cve.org/CVERecord?id=CVE-2020-27618"},{"name":"CVE-2017-12132","url":"https://www.cve.org/CVERecord?id=CVE-2017-12132"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5788-1 du 11 mai 2023","url":"https://tanzu.vmware.com/security/usn-5788-1"},{"title":"Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5767-1 du 11 mai 2023","url":"https://tanzu.vmware.com/security/usn-5766-1"},{"title":"Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5770-1 du 11 mai 2023","url":"https://tanzu.vmware.com/security/usn-5770-1"},{"title":"Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5767-2 du 11 mai 2023","url":"https://tanzu.vmware.com/security/usn-5767-2"},{"title":"Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5775-1 du 11 mai 2023","url":"https://tanzu.vmware.com/security/usn-5775-1"},{"title":"Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5766-1 du 11 mai 2023","url":"https://tanzu.vmware.com/security/usn-5762-1"},{"title":"Bulletin de s\u00e9curit\u00e9 VMware Tanzu USN-5768-1 du 11 mai 2023","url":"https://tanzu.vmware.com/security/usn-5768-1"}],"reference":"CERTFR-2023-AVI-0385","revisions":[{"description":"Version initiale","revision_date":"2023-05-15T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">VMware Tanzu</span>. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un d\u00e9ni de\nservice \u00e0 distance et une ex\u00e9cution de code arbitraire \u00e0 distance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware Tanzu","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5768-1 du 11 mai 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5788-1 du 11 mai 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5775-1 du 11 mai 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5770-1 du 11 mai 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5766-1 du 11 mai 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5762-1 du 11 mai 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5767-2 du 11 mai 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 VMware Spring USN-5767-1 du 11 mai 2023","url":null}]}