{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"IBM Cloud Pak for Security versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0","product":{"name":"Cloud Pak","vendor":{"name":"IBM","scada":false}}},{"description":"QRadar Suite Software versions 1.10.x.x ant\u00e9rieures \u00e0 1.10.21.0","product":{"name":"QRadar Suite Software","vendor":{"name":"IBM","scada":false}}},{"description":"QRadar Assistant versions ant\u00e9rieures \u00e0 3.7.0","product":{"name":"QRadar Assistant","vendor":{"name":"IBM","scada":false}}},{"description":"Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.3","product":{"name":"Cognos Analytics","vendor":{"name":"IBM","scada":false}}},{"description":"QRadar SIEM sur Azure Marketplace versions ant\u00e9rieures \u00e0 7.3.x post\u00e9rieures \u00e0 7.3.3 et ant\u00e9rieures \u00e0 7.5.0 avec le paquet OMI install\u00e9","product":{"name":"QRadar SIEM","vendor":{"name":"IBM","scada":false}}},{"description":"WebSphere eXtreme Scale versions 8.6.1.x ant\u00e9rieures \u00e0 8.6.1.6 sans le correctif de s\u00e9curit\u00e9 PH61029","product":{"name":"WebSphere","vendor":{"name":"IBM","scada":false}}},{"description":"Cognos Analytics versions 11.2.x FP2 ant\u00e9rieures \u00e0 11.2.4 FP3","product":{"name":"Cognos Analytics","vendor":{"name":"IBM","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-25577","url":"https://www.cve.org/CVERecord?id=CVE-2023-25577"},{"name":"CVE-2022-31116","url":"https://www.cve.org/CVERecord?id=CVE-2022-31116"},{"name":"CVE-2023-28841","url":"https://www.cve.org/CVERecord?id=CVE-2023-28841"},{"name":"CVE-2024-28849","url":"https://www.cve.org/CVERecord?id=CVE-2024-28849"},{"name":"CVE-2023-28840","url":"https://www.cve.org/CVERecord?id=CVE-2023-28840"},{"name":"CVE-2023-45857","url":"https://www.cve.org/CVERecord?id=CVE-2023-45857"},{"name":"CVE-2021-30465","url":"https://www.cve.org/CVERecord?id=CVE-2021-30465"},{"name":"CVE-2022-29162","url":"https://www.cve.org/CVERecord?id=CVE-2022-29162"},{"name":"CVE-2022-31117","url":"https://www.cve.org/CVERecord?id=CVE-2022-31117"},{"name":"CVE-2023-23934","url":"https://www.cve.org/CVERecord?id=CVE-2023-23934"},{"name":"CVE-2023-27561","url":"https://www.cve.org/CVERecord?id=CVE-2023-27561"},{"name":"CVE-2024-28102","url":"https://www.cve.org/CVERecord?id=CVE-2024-28102"},{"name":"CVE-2019-14322","url":"https://www.cve.org/CVERecord?id=CVE-2019-14322"},{"name":"CVE-2023-44270","url":"https://www.cve.org/CVERecord?id=CVE-2023-44270"},{"name":"CVE-2023-34462","url":"https://www.cve.org/CVERecord?id=CVE-2023-34462"},{"name":"CVE-2019-1010083","url":"https://www.cve.org/CVERecord?id=CVE-2019-1010083"},{"name":"CVE-2018-18074","url":"https://www.cve.org/CVERecord?id=CVE-2018-18074"},{"name":"CVE-2022-23541","url":"https://www.cve.org/CVERecord?id=CVE-2022-23541"},{"name":"CVE-2023-44487","url":"https://www.cve.org/CVERecord?id=CVE-2023-44487"},{"name":"CVE-2022-40897","url":"https://www.cve.org/CVERecord?id=CVE-2022-40897"},{"name":"CVE-2023-5072","url":"https://www.cve.org/CVERecord?id=CVE-2023-5072"},{"name":"CVE-2024-21503","url":"https://www.cve.org/CVERecord?id=CVE-2024-21503"},{"name":"CVE-2022-23540","url":"https://www.cve.org/CVERecord?id=CVE-2022-23540"},{"name":"CVE-2024-1135","url":"https://www.cve.org/CVERecord?id=CVE-2024-1135"},{"name":"CVE-2024-21501","url":"https://www.cve.org/CVERecord?id=CVE-2024-21501"},{"name":"CVE-2024-22195","url":"https://www.cve.org/CVERecord?id=CVE-2024-22195"},{"name":"CVE-2021-43784","url":"https://www.cve.org/CVERecord?id=CVE-2021-43784"},{"name":"CVE-2023-28842","url":"https://www.cve.org/CVERecord?id=CVE-2023-28842"},{"name":"CVE-2024-29131","url":"https://www.cve.org/CVERecord?id=CVE-2024-29131"},{"name":"CVE-2024-21334","url":"https://www.cve.org/CVERecord?id=CVE-2024-21334"},{"name":"CVE-2023-25809","url":"https://www.cve.org/CVERecord?id=CVE-2023-25809"},{"name":"CVE-2016-10745","url":"https://www.cve.org/CVERecord?id=CVE-2016-10745"},{"name":"CVE-2023-46136","url":"https://www.cve.org/CVERecord?id=CVE-2023-46136"},{"name":"CVE-2024-29133","url":"https://www.cve.org/CVERecord?id=CVE-2024-29133"},{"name":"CVE-2023-44981","url":"https://www.cve.org/CVERecord?id=CVE-2023-44981"},{"name":"CVE-2024-27088","url":"https://www.cve.org/CVERecord?id=CVE-2024-27088"},{"name":"CVE-2022-23539","url":"https://www.cve.org/CVERecord?id=CVE-2022-23539"},{"name":"CVE-2018-1000656","url":"https://www.cve.org/CVERecord?id=CVE-2018-1000656"},{"name":"CVE-2024-25047","url":"https://www.cve.org/CVERecord?id=CVE-2024-25047"},{"name":"CVE-2021-28363","url":"https://www.cve.org/CVERecord?id=CVE-2021-28363"},{"name":"CVE-2020-15366","url":"https://www.cve.org/CVERecord?id=CVE-2020-15366"},{"name":"CVE-2015-3627","url":"https://www.cve.org/CVERecord?id=CVE-2015-3627"},{"name":"CVE-2023-31484","url":"https://www.cve.org/CVERecord?id=CVE-2023-31484"},{"name":"CVE-2023-28642","url":"https://www.cve.org/CVERecord?id=CVE-2023-28642"},{"name":"CVE-2016-10516","url":"https://www.cve.org/CVERecord?id=CVE-2016-10516"},{"name":"CVE-2020-25032","url":"https://www.cve.org/CVERecord?id=CVE-2020-25032"},{"name":"CVE-2021-45958","url":"https://www.cve.org/CVERecord?id=CVE-2021-45958"},{"name":"CVE-2023-30861","url":"https://www.cve.org/CVERecord?id=CVE-2023-30861"},{"name":"CVE-2021-43565","url":"https://www.cve.org/CVERecord?id=CVE-2021-43565"},{"name":"CVE-2023-32681","url":"https://www.cve.org/CVERecord?id=CVE-2023-32681"},{"name":"CVE-2020-28493","url":"https://www.cve.org/CVERecord?id=CVE-2020-28493"},{"name":"CVE-2023-26159","url":"https://www.cve.org/CVERecord?id=CVE-2023-26159"},{"name":"CVE-2024-24758","url":"https://www.cve.org/CVERecord?id=CVE-2024-24758"}],"links":[],"reference":"CERTFR-2024-AVI-0366","revisions":[{"description":"Version initiale","revision_date":"2024-05-03T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"},{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les produits IBM</span>. Certaines d'entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7149736 du 29 avril 2024","url":"https://www.ibm.com/support/pages/node/7149736"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7150045 du 01 mai 2024","url":"https://www.ibm.com/support/pages/node/7150045"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7149967 du 01 mai 2024","url":"https://www.ibm.com/support/pages/node/7149967"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7149874 du 01 mai 2024","url":"https://www.ibm.com/support/pages/node/7149874"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 IBM 7150150 du 03 mai 2024","url":"https://www.ibm.com/support/pages/node/7150150"}]}