{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"IBM Sterling Secure Proxy versions versions ant\u00e9rieures \u00e0 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix08","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 08","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Sterling Secure Proxy versions versions ant\u00e9rieures \u00e0 6.1.0 sans le correctif de s\u00e9curit\u00e9 GA","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"IBM QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 4.1.13","product":{"name":"QRadar User Behavior Analytics","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Tivoli Monitoring versions 6.x.x ant\u00e9rieures \u00e0 6.3.0.7 Plus Service Pack 5","product":{"name":"Tivoli Monitoring","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Cognos Dashboards on Cloud Pak for Data versions 4.7.x ant\u00e9rieures \u00e0 4.7.2","product":{"name":"Cloud Pak","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Sterling External Authentication Server versions ant\u00e9rieures \u00e0 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 04","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-21938","url":"https://www.cve.org/CVERecord?id=CVE-2023-21938"},{"name":"CVE-2022-32213","url":"https://www.cve.org/CVERecord?id=CVE-2022-32213"},{"name":"CVE-2023-32697","url":"https://www.cve.org/CVERecord?id=CVE-2023-32697"},{"name":"CVE-2022-46175","url":"https://www.cve.org/CVERecord?id=CVE-2022-46175"},{"name":"CVE-2020-28498","url":"https://www.cve.org/CVERecord?id=CVE-2020-28498"},{"name":"CVE-2023-37920","url":"https://www.cve.org/CVERecord?id=CVE-2023-37920"},{"name":"CVE-2023-21939","url":"https://www.cve.org/CVERecord?id=CVE-2023-21939"},{"name":"CVE-2023-27554","url":"https://www.cve.org/CVERecord?id=CVE-2023-27554"},{"name":"CVE-2023-1436","url":"https://www.cve.org/CVERecord?id=CVE-2023-1436"},{"name":"CVE-2021-23440","url":"https://www.cve.org/CVERecord?id=CVE-2021-23440"},{"name":"CVE-2022-25883","url":"https://www.cve.org/CVERecord?id=CVE-2022-25883"},{"name":"CVE-2020-13936","url":"https://www.cve.org/CVERecord?id=CVE-2020-13936"},{"name":"CVE-2023-26049","url":"https://www.cve.org/CVERecord?id=CVE-2023-26049"},{"name":"CVE-2023-32342","url":"https://www.cve.org/CVERecord?id=CVE-2023-32342"},{"name":"CVE-2022-40149","url":"https://www.cve.org/CVERecord?id=CVE-2022-40149"},{"name":"CVE-2022-39161","url":"https://www.cve.org/CVERecord?id=CVE-2022-39161"},{"name":"CVE-2021-43803","url":"https://www.cve.org/CVERecord?id=CVE-2021-43803"},{"name":"CVE-2022-32222","url":"https://www.cve.org/CVERecord?id=CVE-2022-32222"},{"name":"CVE-2023-24966","url":"https://www.cve.org/CVERecord?id=CVE-2023-24966"},{"name":"CVE-2022-32212","url":"https://www.cve.org/CVERecord?id=CVE-2022-32212"},{"name":"CVE-2022-40150","url":"https://www.cve.org/CVERecord?id=CVE-2022-40150"},{"name":"CVE-2022-40609","url":"https://www.cve.org/CVERecord?id=CVE-2022-40609"},{"name":"CVE-2023-26920","url":"https://www.cve.org/CVERecord?id=CVE-2023-26920"},{"name":"CVE-2021-33813","url":"https://www.cve.org/CVERecord?id=CVE-2021-33813"},{"name":"CVE-2022-45693","url":"https://www.cve.org/CVERecord?id=CVE-2022-45693"},{"name":"CVE-2023-35890","url":"https://www.cve.org/CVERecord?id=CVE-2023-35890"},{"name":"CVE-2022-3517","url":"https://www.cve.org/CVERecord?id=CVE-2022-3517"},{"name":"CVE-2023-21937","url":"https://www.cve.org/CVERecord?id=CVE-2023-21937"},{"name":"CVE-2022-32215","url":"https://www.cve.org/CVERecord?id=CVE-2022-32215"},{"name":"CVE-2021-3803","url":"https://www.cve.org/CVERecord?id=CVE-2021-3803"},{"name":"CVE-2023-2597","url":"https://www.cve.org/CVERecord?id=CVE-2023-2597"},{"name":"CVE-2023-29261","url":"https://www.cve.org/CVERecord?id=CVE-2023-29261"},{"name":"CVE-2021-37699","url":"https://www.cve.org/CVERecord?id=CVE-2021-37699"},{"name":"CVE-2023-34104","url":"https://www.cve.org/CVERecord?id=CVE-2023-34104"},{"name":"CVE-2022-45685","url":"https://www.cve.org/CVERecord?id=CVE-2022-45685"},{"name":"CVE-2023-25690","url":"https://www.cve.org/CVERecord?id=CVE-2023-25690"},{"name":"CVE-2023-21968","url":"https://www.cve.org/CVERecord?id=CVE-2023-21968"},{"name":"CVE-2022-32214","url":"https://www.cve.org/CVERecord?id=CVE-2022-32214"},{"name":"CVE-2022-38900","url":"https://www.cve.org/CVERecord?id=CVE-2022-38900"},{"name":"CVE-2023-21930","url":"https://www.cve.org/CVERecord?id=CVE-2023-21930"},{"name":"CVE-2023-24998","url":"https://www.cve.org/CVERecord?id=CVE-2023-24998"},{"name":"CVE-2023-22874","url":"https://www.cve.org/CVERecord?id=CVE-2023-22874"},{"name":"CVE-2023-26136","url":"https://www.cve.org/CVERecord?id=CVE-2023-26136"},{"name":"CVE-2023-26048","url":"https://www.cve.org/CVERecord?id=CVE-2023-26048"},{"name":"CVE-2023-32338","url":"https://www.cve.org/CVERecord?id=CVE-2023-32338"},{"name":"CVE-2022-25858","url":"https://www.cve.org/CVERecord?id=CVE-2022-25858"}],"links":[],"reference":"CERTFR-2023-AVI-0705","revisions":[{"description":"Version initiale","revision_date":"2023-09-01T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les produits IBM</span>. Certaines d'entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7029765 du 31 ao\u00fbt 2023","url":"https://www.ibm.com/support/pages/node/7029765"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7029766 du 31 ao\u00fbt 2023","url":"https://www.ibm.com/support/pages/node/7029766"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7027925 du 31 ao\u00fbt 2023","url":"https://www.ibm.com/support/pages/node/7027925"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7029732 du 31 ao\u00fbt 2023","url":"https://www.ibm.com/support/pages/node/7029732"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7029864 du 31 ao\u00fbt 2023","url":"https://www.ibm.com/support/pages/node/7029864"}]}