{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Sterling Connect - Direct pour Microsoft Windows versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.2_iFix012","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Secure Proxy versions 6.1.0 sans le correctif de s\u00e9curit\u00e9 iFix 03","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Secure Proxy versions 6.0.3 sans le correctif de s\u00e9curit\u00e9 iFix 11","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Partner Engagement Manager versions 6.2.2.x ant\u00e9rieures \u00e0 6.2.2.2 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP7 IF06","product":{"name":"QRadar SIEM","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Connect - Direct pour Microsoft Windows versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.6_iFix012","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"IBM Db2 Web Query pour i version 2.4.0 sans les correctifs de s\u00e9curit\u00e9 SI85982 et SI85987","product":{"name":"Db2","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Partner Engagement Manager versions 6.2.0.x ant\u00e9rieures \u00e0 6.2.0.7 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Connect - Direct File Agent versions 1.4.0.x ant\u00e9rieures \u00e0 1.4.0.3_iFix004","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}},{"description":"Sterling Partner Engagement Manager versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.9 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"Sterling","vendor":{"name":"IBM","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2024-20919","url":"https://www.cve.org/CVERecord?id=CVE-2024-20919"},{"name":"CVE-2023-21938","url":"https://www.cve.org/CVERecord?id=CVE-2023-21938"},{"name":"CVE-2023-43642","url":"https://www.cve.org/CVERecord?id=CVE-2023-43642"},{"name":"CVE-2022-45688","url":"https://www.cve.org/CVERecord?id=CVE-2022-45688"},{"name":"CVE-2023-21954","url":"https://www.cve.org/CVERecord?id=CVE-2023-21954"},{"name":"CVE-2023-21939","url":"https://www.cve.org/CVERecord?id=CVE-2023-21939"},{"name":"CVE-2024-20926","url":"https://www.cve.org/CVERecord?id=CVE-2024-20926"},{"name":"CVE-2023-47699","url":"https://www.cve.org/CVERecord?id=CVE-2023-47699"},{"name":"CVE-2023-46179","url":"https://www.cve.org/CVERecord?id=CVE-2023-46179"},{"name":"CVE-2024-22361","url":"https://www.cve.org/CVERecord?id=CVE-2024-22361"},{"name":"CVE-2024-20921","url":"https://www.cve.org/CVERecord?id=CVE-2024-20921"},{"name":"CVE-2023-46182","url":"https://www.cve.org/CVERecord?id=CVE-2023-46182"},{"name":"CVE-2023-34454","url":"https://www.cve.org/CVERecord?id=CVE-2023-34454"},{"name":"CVE-2022-46337","url":"https://www.cve.org/CVERecord?id=CVE-2022-46337"},{"name":"CVE-2023-44487","url":"https://www.cve.org/CVERecord?id=CVE-2023-44487"},{"name":"CVE-2023-47147","url":"https://www.cve.org/CVERecord?id=CVE-2023-47147"},{"name":"CVE-2023-22081","url":"https://www.cve.org/CVERecord?id=CVE-2023-22081"},{"name":"CVE-2023-34453","url":"https://www.cve.org/CVERecord?id=CVE-2023-34453"},{"name":"CVE-2022-41678","url":"https://www.cve.org/CVERecord?id=CVE-2022-41678"},{"name":"CVE-2023-5072","url":"https://www.cve.org/CVERecord?id=CVE-2023-5072"},{"name":"CVE-2018-8088","url":"https://www.cve.org/CVERecord?id=CVE-2018-8088"},{"name":"CVE-2023-34034","url":"https://www.cve.org/CVERecord?id=CVE-2023-34034"},{"name":"CVE-2023-22067","url":"https://www.cve.org/CVERecord?id=CVE-2023-22067"},{"name":"CVE-2022-40609","url":"https://www.cve.org/CVERecord?id=CVE-2022-40609"},{"name":"CVE-2023-34455","url":"https://www.cve.org/CVERecord?id=CVE-2023-34455"},{"name":"CVE-2023-36478","url":"https://www.cve.org/CVERecord?id=CVE-2023-36478"},{"name":"CVE-2023-44981","url":"https://www.cve.org/CVERecord?id=CVE-2023-44981"},{"name":"CVE-2023-21937","url":"https://www.cve.org/CVERecord?id=CVE-2023-21937"},{"name":"CVE-2023-52428","url":"https://www.cve.org/CVERecord?id=CVE-2023-52428"},{"name":"CVE-2023-33850","url":"https://www.cve.org/CVERecord?id=CVE-2023-33850"},{"name":"CVE-2023-39685","url":"https://www.cve.org/CVERecord?id=CVE-2023-39685"},{"name":"CVE-2023-47162","url":"https://www.cve.org/CVERecord?id=CVE-2023-47162"},{"name":"CVE-2023-40167","url":"https://www.cve.org/CVERecord?id=CVE-2023-40167"},{"name":"CVE-2023-41900","url":"https://www.cve.org/CVERecord?id=CVE-2023-41900"},{"name":"CVE-2023-2597","url":"https://www.cve.org/CVERecord?id=CVE-2023-2597"},{"name":"CVE-2022-34169","url":"https://www.cve.org/CVERecord?id=CVE-2022-34169"},{"name":"CVE-2023-22045","url":"https://www.cve.org/CVERecord?id=CVE-2023-22045"},{"name":"CVE-2023-22049","url":"https://www.cve.org/CVERecord?id=CVE-2023-22049"},{"name":"CVE-2023-36479","url":"https://www.cve.org/CVERecord?id=CVE-2023-36479"},{"name":"CVE-2023-5676","url":"https://www.cve.org/CVERecord?id=CVE-2023-5676"},{"name":"CVE-2023-46604","url":"https://www.cve.org/CVERecord?id=CVE-2023-46604"},{"name":"CVE-2023-21968","url":"https://www.cve.org/CVERecord?id=CVE-2023-21968"},{"name":"CVE-2024-20932","url":"https://www.cve.org/CVERecord?id=CVE-2024-20932"},{"name":"CVE-2023-21930","url":"https://www.cve.org/CVERecord?id=CVE-2023-21930"},{"name":"CVE-2023-24998","url":"https://www.cve.org/CVERecord?id=CVE-2023-24998"},{"name":"CVE-2024-20918","url":"https://www.cve.org/CVERecord?id=CVE-2024-20918"},{"name":"CVE-2023-45177","url":"https://www.cve.org/CVERecord?id=CVE-2023-45177"},{"name":"CVE-2023-2976","url":"https://www.cve.org/CVERecord?id=CVE-2023-2976"},{"name":"CVE-2023-38039","url":"https://www.cve.org/CVERecord?id=CVE-2023-38039"},{"name":"CVE-2024-20945","url":"https://www.cve.org/CVERecord?id=CVE-2024-20945"},{"name":"CVE-2023-21967","url":"https://www.cve.org/CVERecord?id=CVE-2023-21967"},{"name":"CVE-2022-24839","url":"https://www.cve.org/CVERecord?id=CVE-2022-24839"},{"name":"CVE-2024-20952","url":"https://www.cve.org/CVERecord?id=CVE-2024-20952"},{"name":"CVE-2023-46181","url":"https://www.cve.org/CVERecord?id=CVE-2023-46181"}],"links":[],"reference":"CERTFR-2024-AVI-0228","revisions":[{"description":"Version initiale","revision_date":"2024-03-15T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les produits IBM</span>. Certaines d'entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\natteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans IBM","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7142007 du 14 mars 2024","url":"https://www.ibm.com/support/pages/node/7142007"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7142038 du 14 mars 2024","url":"https://www.ibm.com/support/pages/node/7142038"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7138527 du 12 mars 2024","url":"https://www.ibm.com/support/pages/node/7138527"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7138509 du 12 mars 2024","url":"https://www.ibm.com/support/pages/node/7138509"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7140420 du 13 mars 2024","url":"https://www.ibm.com/support/pages/node/7140420"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7138477 du 12 mars 2024","url":"https://www.ibm.com/support/pages/node/7138477"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7142032 du 14 mars 2024","url":"https://www.ibm.com/support/pages/node/7142032"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7138522 du 12 mars 2024","url":"https://www.ibm.com/support/pages/node/7138522"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7137248 du 12 mars 2024","url":"https://www.ibm.com/support/pages/node/7137248"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7137258 du 12 mars 2024","url":"https://www.ibm.com/support/pages/node/7137258"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7138503 du 12 mars 2024","url":"https://www.ibm.com/support/pages/node/7138503"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7142006 du 14 mars 2024","url":"https://www.ibm.com/support/pages/node/7142006"}]}