{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"IBM Qradar Advisor versions 2.5 \u00e0 2.6.4 ant\u00e9rieures \u00e0 2.6.5","product":{"name":"QRadar","vendor":{"name":"IBM","scada":false}}},{"description":"IBM QRadar Pulse App versions 1.x.x \u00e0 2.2.9 ant\u00e9rieures \u00e0 2.2.10","product":{"name":"QRadar","vendor":{"name":"IBM","scada":false}}},{"description":"AIX version 7.3 TL1 ant\u00e9rieures \u00e0 7.3.1 avec le correctif de s\u00e9curit\u00e9 32221a.230524.epkg.Z","product":{"name":"AIX","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Qradar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP5","product":{"name":"QRadar SIEM","vendor":{"name":"IBM","scada":false}}},{"description":"IBM WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 23.0.0.5 ant\u00e9rieures \u00e0 23.0.0.6","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"IBM QRadar WinCollect Agent versions 10.x.x ant\u00e9rieures \u00e0 10.1.4","product":{"name":"QRadar WinCollect Agent","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Spectrum Protect Plus Db2 Agent versions 10.1.1x ant\u00e9rieures \u00e0 10.1.14","product":{"name":"N/A","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Spectrum Protect Plus MongoDB Agent versions 10.1.x ant\u00e9rieures \u00e0 10.1.14","product":{"name":"Spectrum","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Qradar SIEM versions 7.4.3 ant\u00e9rieures \u00e0 7.4.3 FP9","product":{"name":"QRadar SIEM","vendor":{"name":"IBM","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-28867","url":"https://www.cve.org/CVERecord?id=CVE-2023-28867"},{"name":"CVE-2023-25577","url":"https://www.cve.org/CVERecord?id=CVE-2023-25577"},{"name":"CVE-2023-27555","url":"https://www.cve.org/CVERecord?id=CVE-2023-27555"},{"name":"CVE-2022-31676","url":"https://www.cve.org/CVERecord?id=CVE-2022-31676"},{"name":"CVE-2023-23934","url":"https://www.cve.org/CVERecord?id=CVE-2023-23934"},{"name":"CVE-2020-10735","url":"https://www.cve.org/CVERecord?id=CVE-2020-10735"},{"name":"CVE-2022-35977","url":"https://www.cve.org/CVERecord?id=CVE-2022-35977"},{"name":"CVE-2022-40897","url":"https://www.cve.org/CVERecord?id=CVE-2022-40897"},{"name":"CVE-2018-20801","url":"https://www.cve.org/CVERecord?id=CVE-2018-20801"},{"name":"CVE-2022-43441","url":"https://www.cve.org/CVERecord?id=CVE-2022-43441"},{"name":"CVE-2022-3786","url":"https://www.cve.org/CVERecord?id=CVE-2022-3786"},{"name":"CVE-2023-26278","url":"https://www.cve.org/CVERecord?id=CVE-2023-26278"},{"name":"CVE-2022-24999","url":"https://www.cve.org/CVERecord?id=CVE-2022-24999"},{"name":"CVE-2022-32221","url":"https://www.cve.org/CVERecord?id=CVE-2022-32221"},{"name":"CVE-2023-26277","url":"https://www.cve.org/CVERecord?id=CVE-2023-26277"},{"name":"CVE-2023-22458","url":"https://www.cve.org/CVERecord?id=CVE-2023-22458"},{"name":"CVE-2022-25901","url":"https://www.cve.org/CVERecord?id=CVE-2022-25901"},{"name":"CVE-2022-25881","url":"https://www.cve.org/CVERecord?id=CVE-2022-25881"},{"name":"CVE-2022-24736","url":"https://www.cve.org/CVERecord?id=CVE-2022-24736"},{"name":"CVE-2023-24329","url":"https://www.cve.org/CVERecord?id=CVE-2023-24329"},{"name":"CVE-2022-3602","url":"https://www.cve.org/CVERecord?id=CVE-2022-3602"},{"name":"CVE-2021-29489","url":"https://www.cve.org/CVERecord?id=CVE-2021-29489"}],"links":[],"reference":"CERTFR-2023-AVI-0427","revisions":[{"description":"Version initiale","revision_date":"2023-06-01T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits <span\nclass=\"textit\">IBM</span>. Certaines d'entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6999681 du 31 mai 2023","url":"https://www.ibm.com/support/pages/node/6999681"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6999285 du 30 mai 2023","url":"https://www.ibm.com/support/pages/node/6999285"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6998763 du 26 mai 2023","url":"https://www.ibm.com/support/pages/node/6998763"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6999343 du 30 mai 2023","url":"https://www.ibm.com/support/pages/node/6999343"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6999327 du 30 mai 2023","url":"https://www.ibm.com/support/pages/node/6999327"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6999331 du 30 mai 2023","url":"https://www.ibm.com/support/pages/node/6999331"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6999619 du 31 mai 2023","url":"https://www.ibm.com/support/pages/node/6999619"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6999287 du 30 mai 2023","url":"https://www.ibm.com/support/pages/node/6999287"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 6999341 du 30 mai 2023","url":"https://www.ibm.com/support/pages/node/6999341"}]}