{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"NetWeaver AS Java version 7.5 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Business Client versions 6.5, 7.0 et 7.70 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver (Enterprise Portal) version 7.50 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Build Apps versions ant\u00e9rieures \u00e0 4.9.145","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"HANA Database version 2.0 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Commerce versions HY_COM 2105, HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"HANA XS Advanced version 1.0 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"BusinessObjects Business Intelligence Platform version 4.3 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"ABAP Platform versions 758 et 795 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver (WSRM) version 7.50 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver Process Integration (Support Web Pages) version 7.50 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Fiori Front End Server version 605 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS ABAP pour les applications bas\u00e9es sur SAPGUI versions 7.89 et 7.93 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-39439","url":"https://www.cve.org/CVERecord?id=CVE-2023-39439"},{"name":"CVE-2022-3075","url":"https://www.cve.org/CVERecord?id=CVE-2022-3075"},{"name":"CVE-2023-44487","url":"https://www.cve.org/CVERecord?id=CVE-2023-44487"},{"name":"CVE-2024-22133","url":"https://www.cve.org/CVERecord?id=CVE-2024-22133"},{"name":"CVE-2024-25644","url":"https://www.cve.org/CVERecord?id=CVE-2024-25644"},{"name":"CVE-2023-50164","url":"https://www.cve.org/CVERecord?id=CVE-2023-50164"},{"name":"CVE-2023-7024","url":"https://www.cve.org/CVERecord?id=CVE-2023-7024"},{"name":"CVE-2019-10744","url":"https://www.cve.org/CVERecord?id=CVE-2019-10744"},{"name":"CVE-2024-27900","url":"https://www.cve.org/CVERecord?id=CVE-2024-27900"},{"name":"CVE-2024-22127","url":"https://www.cve.org/CVERecord?id=CVE-2024-22127"},{"name":"CVE-2024-27902","url":"https://www.cve.org/CVERecord?id=CVE-2024-27902"},{"name":"CVE-2024-28163","url":"https://www.cve.org/CVERecord?id=CVE-2024-28163"},{"name":"CVE-2023-5217","url":"https://www.cve.org/CVERecord?id=CVE-2023-5217"},{"name":"CVE-2024-25645","url":"https://www.cve.org/CVERecord?id=CVE-2024-25645"},{"name":"CVE-2023-4863","url":"https://www.cve.org/CVERecord?id=CVE-2023-4863"},{"name":"CVE-2023-6345","url":"https://www.cve.org/CVERecord?id=CVE-2023-6345"},{"name":"CVE-2022-2856","url":"https://www.cve.org/CVERecord?id=CVE-2022-2856"},{"name":"CVE-2023-3079","url":"https://www.cve.org/CVERecord?id=CVE-2023-3079"},{"name":"CVE-2023-2136","url":"https://www.cve.org/CVERecord?id=CVE-2023-2136"},{"name":"CVE-2024-0519","url":"https://www.cve.org/CVERecord?id=CVE-2024-0519"}],"links":[],"reference":"CERTFR-2024-AVI-0209","revisions":[{"description":"Version initiale","revision_date":"2024-03-13T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les produits SAP</span>. Certaines d'entre elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es et une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de\nservice \u00e0 distance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SAP du 12 mars 2024","url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2024.html"}]}