{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"NetWeaver Administrator (System Overview) version LM-CORE 7.50 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver Application Server ABAP versions KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89 et 7.93 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver Application Server for ABAP and ABAP Platform versions SAP_BASIS 740, SAP_BASIS 750, KRNL64NUC 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT, 7.53, 8.04, KERNEL 7.22, 7.53, 7.54, 7.77, 7.89, 7.93, 8.04, 9.12 et 9.13 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"HCM version S4HCMGXX 101 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Commerce Cloud versions HY_COM 2205 et COM_CLOUD 2211 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS for JAVA (Adobe Document Services) version ADSSSAP 7.50 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Web Dispatcher versions WEBDISP 7.77, 7.89, 7.93, KERNEL 7.77, 7.89, 7.93, 9.12 et 9.13 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"BusinessObjects Business Intelligence Platform versions ENTERPRISE 430 et 2025 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver AS JAVA version LM-CORE 7.50 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Product Lifecycle Costing version PLC_CLIENT 4 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":"","content":"## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des correctifs (cf. section Documentation).","cves":[{"name":"CVE-2024-54197","url":"https://www.cve.org/CVERecord?id=CVE-2024-54197"},{"name":"CVE-2024-47586","url":"https://www.cve.org/CVERecord?id=CVE-2024-47586"},{"name":"CVE-2024-47577","url":"https://www.cve.org/CVERecord?id=CVE-2024-47577"},{"name":"CVE-2024-47578","url":"https://www.cve.org/CVERecord?id=CVE-2024-47578"},{"name":"CVE-2024-47585","url":"https://www.cve.org/CVERecord?id=CVE-2024-47585"},{"name":"CVE-2024-54198","url":"https://www.cve.org/CVERecord?id=CVE-2024-54198"},{"name":"CVE-2024-28166","url":"https://www.cve.org/CVERecord?id=CVE-2024-28166"},{"name":"CVE-2024-41731","url":"https://www.cve.org/CVERecord?id=CVE-2024-41731"},{"name":"CVE-2024-47581","url":"https://www.cve.org/CVERecord?id=CVE-2024-47581"},{"name":"CVE-2024-47590","url":"https://www.cve.org/CVERecord?id=CVE-2024-47590"},{"name":"CVE-2024-32732","url":"https://www.cve.org/CVERecord?id=CVE-2024-32732"},{"name":"CVE-2024-47576","url":"https://www.cve.org/CVERecord?id=CVE-2024-47576"},{"name":"CVE-2024-42375","url":"https://www.cve.org/CVERecord?id=CVE-2024-42375"},{"name":"CVE-2024-47579","url":"https://www.cve.org/CVERecord?id=CVE-2024-47579"},{"name":"CVE-2024-47580","url":"https://www.cve.org/CVERecord?id=CVE-2024-47580"},{"name":"CVE-2024-47582","url":"https://www.cve.org/CVERecord?id=CVE-2024-47582"}],"links":[],"reference":"CERTFR-2024-AVI-1054","revisions":[{"description":"Version initiale","revision_date":"2024-12-10T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":"2024-12-10","title":"Bulletin de s\u00e9curit\u00e9 SAP december-2024","url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news/december-2024.html"}]}