Search criteria
7 vulnerabilities found for N/A by Liferay
CERTFR-2024-AVI-0141
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Liferay. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Liferay DXP 7.3 sans la mise \u00e0 jour 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay DXP 7.4 sans la mise \u00e0 jour 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay Portal versions ant\u00e9rieures \u00e0 7.4.3.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay DXP 7.2 sans le correctif de s\u00e9curit\u00e9 pack 17",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-25145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25145"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0141",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Liferay. Elle permet \u00e0 un\nattaquant de provoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Liferay",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Liferay cve-2024-25145 du 06 f\u00e9vrier 2024",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145"
}
]
}
CERTFR-2024-AVI-0140
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Liferay. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Liferay | N/A | Liferay Portal versions antérieures à 7.4.3.27 | ||
| Liferay | N/A | Liferay DXP 7.3 sans la mise à jour 6 | ||
| Liferay | N/A | Liferay DXP 7.4 sans la mise à jour 27 | ||
| Liferay | N/A | Liferay DXP 7.2 sans le correctif de sécurité pack 19 | ||
| Liferay | N/A | Liferay DXP 7.3 sans le service pack 3 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Liferay Portal versions ant\u00e9rieures \u00e0 7.4.3.27",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay DXP 7.3 sans la mise \u00e0 jour 6",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay DXP 7.4 sans la mise \u00e0 jour 27",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay DXP 7.2 sans le correctif de s\u00e9curit\u00e9 pack 19",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay DXP 7.3 sans le service pack 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-25144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25144"
},
{
"name": "CVE-2024-25146",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25146"
},
{
"name": "CVE-2024-25148",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25148"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0140",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Liferay. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Liferay",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Liferay du 07 f\u00e9vrier 2024",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Liferay du 06 f\u00e9vrier 2024",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144"
}
]
}
CERTFR-2023-AVI-0892
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Liferay. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Liferay | N/A | Liferay DXP 7.3 toutes versions | ||
| Liferay | N/A | Liferay DXP 7.0 fix pack 83 et postérieures | ||
| Liferay | N/A | Liferay DXP 7.1 toutes versions | ||
| Liferay | N/A | Liferay Portal versions 7.1.x à 7.4.x et antérieures à 7.4.3.92 | ||
| Liferay | N/A | Liferay DXP 7.4 antérieures à 7.4 update 92 | ||
| Liferay | N/A | Liferay DXP 7.2 toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Liferay DXP 7.3 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay DXP 7.0 fix pack 83 et post\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay DXP 7.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay Portal versions 7.1.x \u00e0 7.4.x et ant\u00e9rieures \u00e0 7.4.3.92",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay DXP 7.4 ant\u00e9rieures \u00e0 7.4 update 92",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay DXP 7.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-42627",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42627"
},
{
"name": "CVE-2023-44309",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44309"
},
{
"name": "CVE-2023-44310",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44310"
},
{
"name": "CVE-2023-42628",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42628"
},
{
"name": "CVE-2023-44311",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44311"
},
{
"name": "CVE-2023-42629",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42629"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0892",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nLiferay. Elles permettent \u00e0 un attaquant de provoquer une injection de\ncode indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Liferay",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Liferay cve-2023-42627 du 13 octobre 2023",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42627"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Liferay cve-2023-42629 du 17 octobre 2023",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42629"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Liferay cve-2023-44311 du 17 octobre 2023",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44311"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Liferay cve-2023-44310 du 17 octobre 2023",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Liferay cve-2023-42628 du 13 octobre 2023",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Liferay cve-2023-44309 du 17 octobre 2023",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44309"
}
]
}
CERTFR-2023-AVI-0880
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits Liferay. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Liferay Portal versions 7.4.3.x post\u00e9rieures \u00e0 7.4.3.3 et ant\u00e9rieures \u00e0 7.4.3.86",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay DXP versions 7.4 sans le correctif 86",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-42497",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42497"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0880",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Liferay. Elle\npermet \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Liferay",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Liferay cve-2023-42497 du 17 octobre 2023",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497"
}
]
}
CERTFR-2023-AVI-0491
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Liferay. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Liferay Portal 7.4.3.7x versions ant\u00e9rieures \u00e0 7.4.3.77",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Liferay DXP versions 7.4 update 7x ant\u00e9rieures \u00e0 77",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-35030",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35030"
},
{
"name": "CVE-2023-35029",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35029"
},
{
"name": "CVE-2023-3193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3193"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0491",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Liferay. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Liferay",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Liferay cve-2023-3193 du 14 juin 2023",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3193"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Liferay cve-2023-35030 du 14 juin 2023",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-35030"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Liferay cve-2023-35029 du 14 juin 2023",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-35029"
}
]
}
CERTFR-2014-AVI-299
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans les produits Huawei. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AnyOffice V200R002C10SPC500",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "eSpace Meeting Portal V100R001C00",
"product": {
"name": "Portal",
"vendor": {
"name": "Liferay",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0116",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0116"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20140707-01-Struts2 du 07 juillet 2014",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
}
],
"reference": "CERTFR-2014-AVI-299",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-07-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits \u003cspan\nclass=\"textit\"\u003eHuawei\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Huawei",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20140707-01-Struts2 du 07 juillet 2014",
"url": null
}
]
}
CERTA-2006-AVI-046
Vulnerability from certfr_avis - Published: - Updated:None
Description
Une vulnérabilité a été découverte dans plusieurs produits de la société Computer Associate. Cette vulnérabilité, de type débordement de mémoire et présente dans le module iGateway, peut être exploitée par un utilisateur mal intentionné afin de réaliser un déni de service et/ou exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | BrightStor ARCserve Backup v9.01 ; | ||
| N/A | N/A | Unicenter Service Delivery R11 ; | ||
| N/A | N/A | BrightStor ARCserve Backup Laptop & Desktop r11.1 ; | ||
| N/A | N/A | eTrust Secure Content Manager (SCM) R8 ; | ||
| Centreon | Web | Unicenter Web Server Management R11 ; | ||
| N/A | N/A | BrightStor Storage Resource Manager r11.1 ; | ||
| N/A | N/A | Unicenter Application Performance Monitor R11 ; | ||
| N/A | N/A | eTrust Directory R8.1 ; | ||
| Liferay | N/A | Unicenter Service Catalog/Fulfillment/Accounting R11 ; | ||
| N/A | N/A | eTrust Audit 8.0 (iRecorders et ARIES) ; | ||
| Symfony | process | BrightStor Process Automation Manager r11.1 ; | ||
| Liferay | N/A | Unicenter AutoSys JM R11 ; | ||
| N/A | N/A | BrightStor ARCserve Backup Laptop & Desktop r11 ; | ||
| N/A | N/A | Unicenter MQ Management R11 ; | ||
| N/A | N/A | eTrust Integrated Threat Management (ITM) R8 ; | ||
| Microsoft | Windows | BrightStor ARCserve Backup for Windows r11 ; | ||
| N/A | N/A | BrightStor Storage Resource Manager 6.4 ; | ||
| Matrix | N/A | Unicenter Service Matrix Analysis R11 ; | ||
| N/A | N/A | Unicenter Management for WebLogic / Management for WebSphere R11 ; | ||
| N/A | N/A | eTrust Identity Minder 8.0 ; | ||
| Liferay | Portal | BrightStor Portal 11.1 ; | ||
| N/A | N/A | eTrust Admin 8.1 ; | ||
| N/A | N/A | Unicenter Exchange Management R11. | ||
| N/A | N/A | Unicenter Service Fulfillment R11 ; | ||
| N/A | N/A | BrightStor Enterprise Backup 10.5 ; | ||
| N/A | N/A | Unicenter Service Level Management (USLM) R11 ; | ||
| N/A | N/A | Unicenter Service Desk R11 ; | ||
| N/A | N/A | iGateway versions antérieures à la version 4.0.051230 ; | ||
| N/A | N/A | BrightStor Storage Resource Manager 6.3 ; | ||
| N/A | N/A | BrightStor SAN Manager r11.5 ; | ||
| Liferay | N/A | Unicenter Service Desk Knowledge Tools R11 ; | ||
| N/A | N/A | BrightStor ARCserve Backup r11.5 ; | ||
| N/A | N/A | Advantage Data Transformer (ADT) R2.2 ; | ||
| Centreon | Web | Unicenter CA Web Services Distributed Management R11 ; | ||
| Liferay | N/A | Unicenter Asset Portfolio Management R11 ; | ||
| Liferay | N/A | Unicenter Service Fulfillment 2.2 ; | ||
| N/A | N/A | eTrust Audit 1.5 SP2 (iRecorders et ARIES) ; | ||
| N/A | N/A | BrightStor Storage Resource Manager r11.5 ; | ||
| N/A | N/A | Unicenter Application Server Managment R11 ; | ||
| N/A | N/A | BrightStor ARCserve Backup r11.1 ; | ||
| N/A | N/A | BrightStor SAN Manager r11.1 ; | ||
| N/A | N/A | eTrust Audit 1.5 SP3 (iRecorders et ARIES) ; |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BrightStor ARCserve Backup v9.01 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Delivery R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup Laptop \u0026 Desktop r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "eTrust Secure Content Manager (SCM) R8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Web Server Management R11 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "BrightStor Storage Resource Manager r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Application Performance Monitor R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "eTrust Directory R8.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Catalog/Fulfillment/Accounting R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "eTrust Audit 8.0 (iRecorders et ARIES) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor Process Automation Manager r11.1 ;",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Unicenter AutoSys JM R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup Laptop \u0026 Desktop r11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter MQ Management R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "eTrust Integrated Threat Management (ITM) R8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup for Windows r11 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "BrightStor Storage Resource Manager 6.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Matrix Analysis R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Matrix",
"scada": false
}
}
},
{
"description": "Unicenter Management for WebLogic / Management for WebSphere R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "eTrust Identity Minder 8.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor Portal 11.1 ;",
"product": {
"name": "Portal",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "eTrust Admin 8.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Exchange Management R11.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Fulfillment R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor Enterprise Backup 10.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Level Management (USLM) R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Desk R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "iGateway versions ant\u00e9rieures \u00e0 la version 4.0.051230 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor Storage Resource Manager 6.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor SAN Manager r11.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Desk Knowledge Tools R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Advantage Data Transformer (ADT) R2.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter CA Web Services Distributed Management R11 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Unicenter Asset Portfolio Management R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Unicenter Service Fulfillment 2.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "eTrust Audit 1.5 SP2 (iRecorders et ARIES) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor Storage Resource Manager r11.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Application Server Managment R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor SAN Manager r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "eTrust Audit 1.5 SP3 (iRecorders et ARIES) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans plusieurs produits de la soci\u00e9t\u00e9\nComputer Associate. Cette vuln\u00e9rabilit\u00e9, de type d\u00e9bordement de m\u00e9moire\net pr\u00e9sente dans le module iGateway, peut \u00eatre exploit\u00e9e par un\nutilisateur mal intentionn\u00e9 afin de r\u00e9aliser un d\u00e9ni de service et/ou\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2005-3653",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3653"
}
],
"links": [
{
"title": "Site de l\u0027\u00e9diteur :",
"url": "http://www.ca.com"
},
{
"title": "Mise \u00e0 jour :",
"url": "ftp://ftp.ca.com/pub/iTech/downloads"
}
],
"reference": "CERTA-2006-AVI-046",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-01-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9 des produits Computer Associate",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de mise \u00e0 jour Computer Associate",
"url": null
}
]
}