{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<ul> <li>IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF03</li> <li>IBM Sterling B2B Integrator versions 6.0.0.x ant\u00e9rieures \u00e0 6.0.3.9</li> <li>IBM Sterling B2B Integrator versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.8</li> <li>IBM Sterling B2B Integrator versions 6.1.1.x ant\u00e9rieures \u00e0 6.1.1.4</li> <li>IBM Sterling B2B Integrator versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.3</li> <li>IBM Sterling B2B Integrator versions 6.1.2.x ant\u00e9rieures \u00e0 6.2.0.0</li> <li>IBM AIX version 7.3</li> <li>IBM AIX version 7.2</li> <li>IBM VIOS version 4.1</li> <li>IBM VIOS version 3.1</li> </ul> <p>Se r\u00e9f\u00e9rer aux bulletin de l'\u00e9diteur pour les versions des fichiers vuln\u00e9rables (cf. section Documentation).</p> ","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-37920","url":"https://www.cve.org/CVERecord?id=CVE-2023-37920"},{"name":"CVE-2023-1436","url":"https://www.cve.org/CVERecord?id=CVE-2023-1436"},{"name":"CVE-2023-44487","url":"https://www.cve.org/CVERecord?id=CVE-2023-44487"},{"name":"CVE-2023-26049","url":"https://www.cve.org/CVERecord?id=CVE-2023-26049"},{"name":"CVE-2023-34040","url":"https://www.cve.org/CVERecord?id=CVE-2023-34040"},{"name":"CVE-2022-40149","url":"https://www.cve.org/CVERecord?id=CVE-2022-40149"},{"name":"CVE-2023-42795","url":"https://www.cve.org/CVERecord?id=CVE-2023-42795"},{"name":"CVE-2022-40150","url":"https://www.cve.org/CVERecord?id=CVE-2022-40150"},{"name":"CVE-2023-36478","url":"https://www.cve.org/CVERecord?id=CVE-2023-36478"},{"name":"CVE-2023-45648","url":"https://www.cve.org/CVERecord?id=CVE-2023-45648"},{"name":"CVE-2023-40787","url":"https://www.cve.org/CVERecord?id=CVE-2023-40787"},{"name":"CVE-2022-45693","url":"https://www.cve.org/CVERecord?id=CVE-2022-45693"},{"name":"CVE-2023-3341","url":"https://www.cve.org/CVERecord?id=CVE-2023-3341"},{"name":"CVE-2023-43804","url":"https://www.cve.org/CVERecord?id=CVE-2023-43804"},{"name":"CVE-2023-40167","url":"https://www.cve.org/CVERecord?id=CVE-2023-40167"},{"name":"CVE-2023-22045","url":"https://www.cve.org/CVERecord?id=CVE-2023-22045"},{"name":"CVE-2023-22049","url":"https://www.cve.org/CVERecord?id=CVE-2023-22049"},{"name":"CVE-2023-36479","url":"https://www.cve.org/CVERecord?id=CVE-2023-36479"},{"name":"CVE-2022-45685","url":"https://www.cve.org/CVERecord?id=CVE-2022-45685"},{"name":"CVE-2023-41835","url":"https://www.cve.org/CVERecord?id=CVE-2023-41835"},{"name":"CVE-2023-46604","url":"https://www.cve.org/CVERecord?id=CVE-2023-46604"},{"name":"CVE-2023-35001","url":"https://www.cve.org/CVERecord?id=CVE-2023-35001"},{"name":"CVE-2023-41080","url":"https://www.cve.org/CVERecord?id=CVE-2023-41080"},{"name":"CVE-2023-46589","url":"https://www.cve.org/CVERecord?id=CVE-2023-46589"},{"name":"CVE-2023-47146","url":"https://www.cve.org/CVERecord?id=CVE-2023-47146"},{"name":"CVE-2023-32233","url":"https://www.cve.org/CVERecord?id=CVE-2023-32233"}],"links":[],"reference":"CERTFR-2023-AVI-1055","revisions":[{"description":"Version initiale","revision_date":"2023-12-22T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"},{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les produits IBM</span>. Certaines d'entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0 distance,\u00a0un d\u00e9ni de\nservice \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7099297 du 18 d\u00e9cembre 2023","url":"https://www.ibm.com/support/pages/node/7099862"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7101062 du 21 d\u00e9cembre 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7099862 du 19 d\u00e9cembre 2023","url":"https://www.ibm.com/support/pages/node/7101062"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7099313 du 18 d\u00e9cembre 2023","url":"https://www.ibm.com/support/pages/node/7099313"}]}