Search criteria
234 vulnerabilities found for N/A by VMware
CERTFR-2025-AVI-0622
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry Windows | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry Windows | ||
| VMware | N/A | Stemcells sans le dernier correctif de sécurité | ||
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry Windows | ||
| VMware | Tanzu | Anti-Virus sans le dernier correctif de sécurité pour Tanzu version 2.4.0 | ||
| VMware | Tanzu | Scheduler sans le dernier correctif de sécurité pour Tanzu version 2.0.19 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Platform | GenAI sans le dernier correctif de sécurité pour Tanzu Platform pour Cloud Foundry version 10.2.1 | ||
| VMware | Tanzu Application Service | Tanzu Application Service versions antérieures à 1.16.11 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry isolation segment | ||
| VMware | Tanzu | Spring Cloud Services sans le dernier correctif de sécurité pour Tanzu version 3.3.8 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry | ||
| VMware | Tanzu Platform | Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu | Spring Cloud Data Flow sans le dernier correctif de sécurité pour Tanzu version 1.14.7 | ||
| VMware | Tanzu Platform | Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry isolation segment | ||
| VMware | Tanzu Platform | Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry | ||
| VMware | Tanzu Application Service | Single Sign-On sans le dernier correctif de sécurité pour Tanzu Application Service version 1.16.11 | ||
| VMware | Tanzu | File Integrity Monitoring sans le dernier correctif de sécurité pour Tanzu version 2.1.47 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry Windows",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Anti-Virus sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.4.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Scheduler sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.0.19",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "GenAI sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Platform pour Cloud Foundry version 10.2.1",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.11",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Services sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 3.3.8",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Spring Cloud Data Flow sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 1.14.7",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry isolation segment",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry",
"product": {
"name": "Tanzu Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Single Sign-On sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Application Service version 1.16.11",
"product": {
"name": "Tanzu Application Service",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "File Integrity Monitoring sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.1.47",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2021-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
},
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2025-21975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2024-46821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2025-39728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
},
{
"name": "CVE-2023-28755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28755"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2023-46218",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
},
{
"name": "CVE-2025-25186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
},
{
"name": "CVE-2023-28841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
},
{
"name": "CVE-2022-49728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
},
{
"name": "CVE-2023-28840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
},
{
"name": "CVE-2025-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
},
{
"name": "CVE-2022-27191",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2020-36843",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36843"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-21941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
},
{
"name": "CVE-2025-3445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2020-15250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
},
{
"name": "CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"name": "CVE-2023-53034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2025-23138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
},
{
"name": "CVE-2024-56664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
},
{
"name": "CVE-2025-38152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2024-36945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
},
{
"name": "CVE-2022-24921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-28327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2025-49146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2024-46787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2024-47611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
},
{
"name": "CVE-2024-21068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-22050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
},
{
"name": "CVE-2024-50047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
},
{
"name": "CVE-2025-39735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-37798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2024-21012",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21012"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-22004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2024-46812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
},
{
"name": "CVE-2024-24579",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24579"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2023-45284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2022-28948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2022-31030",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2023-2253",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
},
{
"name": "CVE-2023-28322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
},
{
"name": "CVE-2025-37937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2024-53144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2025-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
},
{
"name": "CVE-2025-38637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
},
{
"name": "CVE-2025-22055",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-5372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-32149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2024-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2025-48060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
},
{
"name": "CVE-2024-6104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
},
{
"name": "CVE-2022-49636",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
},
{
"name": "CVE-2025-4877",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2023-28320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
},
{
"name": "CVE-2024-4030",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-22035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-58093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-30691",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-21959",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2025-5915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
},
{
"name": "CVE-2025-46727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
},
{
"name": "CVE-2025-5917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2025-37889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
},
{
"name": "CVE-2021-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
},
{
"name": "CVE-2025-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-28319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2025-22014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
},
{
"name": "CVE-2024-29018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-1795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
},
{
"name": "CVE-2025-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2025-23136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-37785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2025-21957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
},
{
"name": "CVE-2024-40635",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
},
{
"name": "CVE-2022-41720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
},
{
"name": "CVE-2025-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2025-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"name": "CVE-2025-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
},
{
"name": "CVE-2024-53051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2025-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38575"
},
{
"name": "CVE-2025-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2025-21970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
},
{
"name": "CVE-2025-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2023-28842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
},
{
"name": "CVE-2023-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2024-3219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2022-36056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36056"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2023-25173",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
},
{
"name": "CVE-2024-41909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
},
{
"name": "CVE-2025-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2022-36109",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36109"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2025-22010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2023-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2023-36617",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36617"
},
{
"name": "CVE-2023-33199",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33199"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2022-24769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24769"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2025-4878",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2023-30551",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30551"
},
{
"name": "CVE-2022-24675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
},
{
"name": "CVE-2025-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2025-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2024-28085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2025-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2024-8805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"name": "CVE-2025-22071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2023-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2025-22075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2025-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
},
{
"name": "CVE-2025-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2025-49124",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2022-35929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35929"
},
{
"name": "CVE-2025-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
},
{
"name": "CVE-2025-37932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
},
{
"name": "CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
},
{
"name": "CVE-2020-22916",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
},
{
"name": "CVE-2024-52587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52587"
},
{
"name": "CVE-2025-5916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2022-29173",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29173"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
},
{
"name": "CVE-2022-30634",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2024-46753",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46753"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2022-3358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
},
{
"name": "CVE-2024-29902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29902"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-8096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
},
{
"name": "CVE-2025-47290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47290"
},
{
"name": "CVE-2025-22063",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
},
{
"name": "CVE-2025-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2024-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2023-46737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46737"
},
{
"name": "CVE-2023-40403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-23471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
},
{
"name": "CVE-2025-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
},
{
"name": "CVE-2024-42230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2025-37997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-2312",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
},
{
"name": "CVE-2025-53506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2022-29804",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2025-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
},
{
"name": "CVE-2025-22089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2025-32955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2025-21502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
},
{
"name": "CVE-2025-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2023-28756",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28756"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2025-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2025-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
},
{
"name": "CVE-2025-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
},
{
"name": "CVE-2025-22086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
},
{
"name": "CVE-2025-22073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-29903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29903"
},
{
"name": "CVE-2025-4575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4575"
},
{
"name": "CVE-2022-21698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
},
{
"name": "CVE-2025-32441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2025-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
},
{
"name": "CVE-2025-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2025-22079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2025-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2025-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
},
{
"name": "CVE-2025-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22081"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0622",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35981",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35981"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35967",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35967"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35980",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35980"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35974",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35974"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35979",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35979"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35984",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35984"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35970",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35970"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35983",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35983"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35978",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35978"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35968",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35968"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35973",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35973"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35976",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35976"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35969",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35969"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35966",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35966"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35972",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35972"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35977",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35977"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35982",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35982"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35971",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35971"
},
{
"published_at": "2025-07-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35975",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35975"
}
]
}
CERTFR-2024-AVI-0619
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | CF Deployment versions antérieures à 37.5.0 | ||
| VMware | N/A | VMware Tanzu Application Service for VMs versions 5.x antérieures à 5.0.8 | ||
| VMware | N/A | VMware Tanzu Application Service for VMs versions antérieures à 4.0.18+LTS-T | ||
| VMware | N/A | Isolation Segment versions 5.x antérieures à 5.0.8 | ||
| VMware | N/A | Isolation Segment versions antérieures à 4.0.18+LTS-T | ||
| VMware | N/A | Jammy Stemcells versions antérieures à 1.327 | ||
| VMware | N/A | Cflinuxfs4 versions antérieures à 1.69.0 | ||
| VMware | N/A | Operations Manager versions antérieures à 3.0.23+LTS-T |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CF Deployment versions ant\u00e9rieures \u00e0 37.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions 5.x ant\u00e9rieures \u00e0 5.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions ant\u00e9rieures \u00e0 4.0.18+LTS-T",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions 5.x ant\u00e9rieures \u00e0 5.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions ant\u00e9rieures \u00e0 4.0.18+LTS-T",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Jammy Stemcells versions ant\u00e9rieures \u00e0 1.327",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cflinuxfs4 versions ant\u00e9rieures \u00e0 1.69.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Operations Manager versions ant\u00e9rieures \u00e0 3.0.23+LTS-T",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-47008",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47008"
},
{
"name": "CVE-2023-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1544"
},
{
"name": "CVE-2023-40360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40360"
},
{
"name": "CVE-2022-47007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47007"
},
{
"name": "CVE-2023-4135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4135"
},
{
"name": "CVE-2023-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
},
{
"name": "CVE-2022-4285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4285"
},
{
"name": "CVE-2023-3255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3255"
},
{
"name": "CVE-2021-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3611"
},
{
"name": "CVE-2022-44840",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
},
{
"name": "CVE-2021-46174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46174"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2022-24599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24599"
},
{
"name": "CVE-2023-3180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3180"
},
{
"name": "CVE-2022-35205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35205"
},
{
"name": "CVE-2023-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2020-14394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14394"
},
{
"name": "CVE-2023-22028",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22028"
},
{
"name": "CVE-2022-47015",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47015"
},
{
"name": "CVE-2020-24165",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24165"
},
{
"name": "CVE-2018-13440",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13440"
},
{
"name": "CVE-2020-19726",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19726"
},
{
"name": "CVE-2022-47010",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47010"
},
{
"name": "CVE-2023-2861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2861"
},
{
"name": "CVE-2018-17095",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17095"
},
{
"name": "CVE-2021-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3638"
},
{
"name": "CVE-2019-13147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13147"
},
{
"name": "CVE-2023-3301",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3301"
},
{
"name": "CVE-2023-3354",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3354"
},
{
"name": "CVE-2023-22084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22084"
},
{
"name": "CVE-2022-47011",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47011"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2022-38533",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38533"
},
{
"name": "CVE-2022-45703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45703"
},
{
"name": "CVE-2023-5088",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5088"
},
{
"name": "CVE-2023-42467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42467"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0619",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24798",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24798"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24805",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24805"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24799",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24799"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24808",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24808"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24807",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24807"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24810",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24810"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24809",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24809"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24804",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24804"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24806",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24806"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24795",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24795"
}
]
}
CERTFR-2024-AVI-0519
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les versions 7.0.x d'ESXi et 4.x de Cloud Foundation ne bénéficieront pas de correctif de sécurité pour la vulnérabilité CVE-2024-37085. Ces versions bénéficient d'un correctif (ESXi70U3sq-23794019) pour la vulnérabilité CVE-2024-37086. Des correctifs sont prévus pour les trois vulnérabilités pour les versions 5.x de VMware Cloud Foundation.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | ESXi | VMWare ESXi versions 7.0.x sans le correctif de sécurité ESXi70U3sq-23794019 pour la vulnérabilité CVE-2024-37086 | ||
| VMware | vCenter Server | VMware vCenter Server versions 8.0.x antérieures à 8.0 U3 | ||
| VMware | vCenter Server | VMware vCenter Server versions 7.0.x antérieures à 7.0 U3q | ||
| VMware | ESXi | VMWare ESXi versions 8.0.x sans le correctif de sécurité ESXi80U3-24022510 | ||
| VMware | N/A | VMware Cloud Foundation versions 4.x et 5.x | ||
| VMware | ESXi | VMWare ESXi versions 7.0.x |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMWare ESXi versions 7.0.x sans le correctif de s\u00e9curit\u00e9 ESXi70U3sq-23794019 pour la vuln\u00e9rabilit\u00e9 CVE-2024-37086 ",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server versions 8.0.x ant\u00e9rieures \u00e0 8.0 U3",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server versions 7.0.x ant\u00e9rieures \u00e0 7.0 U3q",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMWare ESXi versions 8.0.x sans le correctif de s\u00e9curit\u00e9 ESXi80U3-24022510 \t",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation versions 4.x et 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMWare ESXi versions 7.0.x",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que les versions 7.0.x d\u0027ESXi et 4.x de Cloud Foundation ne b\u00e9n\u00e9ficieront pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-37085. Ces versions b\u00e9n\u00e9ficient d\u0027un correctif (ESXi70U3sq-23794019) pour la vuln\u00e9rabilit\u00e9 CVE-2024-37086. \nDes correctifs sont pr\u00e9vus pour les trois vuln\u00e9rabilit\u00e9s pour les versions 5.x de VMware Cloud Foundation.\n",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37087"
},
{
"name": "CVE-2024-37086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37086"
},
{
"name": "CVE-2024-37085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37085"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0519",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2024-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24505 (VMSA-2024-0013)",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
]
}
CERTFR-2024-AVI-0427
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Fusion | Fusion versions 13.x antérieures à 13.5.1 (la version la plus récente est 13.5.2) | ||
| VMware | ESXi | ESXi versions 7.x antérieures à 7.0 Update 3q | ||
| VMware | vCenter Server | vCenter Server versions 7.x antérieures à 7.0 Update 3q | ||
| VMware | N/A | Workstation versions 17.x antérieures à 17.5.1 (la version la plus récente est 17.5.2) | ||
| VMware | N/A | Cloud Foundation (ESXi et vCenter Server) versions 4.x sans le dernier correctif de sécurité | ||
| VMware | vCenter Server | vCenter Server versions 8.x antérieures à 8.0 Update 2b | ||
| VMware | N/A | Cloud Foundation (ESXi et vCenter Server) versions 5.x antérieures à 5.1.1 | ||
| VMware | ESXi | ESXi versions 8.x antérieures à 8.0 Update 2b |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Fusion versions 13.x ant\u00e9rieures \u00e0 13.5.1 (la version la plus r\u00e9cente est 13.5.2)",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 7.x ant\u00e9rieures \u00e0 7.0 Update 3q",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 7.x ant\u00e9rieures \u00e0 7.0 Update 3q",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workstation versions 17.x ant\u00e9rieures \u00e0 17.5.1 (la version la plus r\u00e9cente est 17.5.2)",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi et vCenter Server) versions 4.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 8.x ant\u00e9rieures \u00e0 8.0 Update 2b",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi et vCenter Server) versions 5.x ant\u00e9rieures \u00e0 5.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 8.x ant\u00e9rieures \u00e0 8.0 Update 2b",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-22275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22275"
},
{
"name": "CVE-2024-22273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22273"
},
{
"name": "CVE-2024-22274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22274"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0427",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24308",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
}
]
}
CERTFR-2024-AVI-0405
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Workstation Pro et Player versions 17.x ant\u00e9rieures \u00e0 17.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Fusion versions 13.x ant\u00e9rieures \u00e0 13.5.2",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22267"
},
{
"name": "CVE-2024-22269",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22269"
},
{
"name": "CVE-2024-22268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22268"
},
{
"name": "CVE-2024-22270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22270"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0405",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24280 (VMSA-2024-0010) du 14 mai 2024",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280"
}
]
}
CERTFR-2024-AVI-0387
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans VMware Avi Load Balancer. Elles permettent à un attaquant de provoquer une élévation de privilèges et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Avi Load Balancer versions 22.1.x ant\u00e9rieures \u00e0 22.1.6",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Avi Load Balancer versions 30.x.x ant\u00e9rieures \u00e0 30.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22264"
},
{
"name": "CVE-2024-22266",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22266"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0387",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Avi Load\nBalancer. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de\nprivil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Avi Load Balancer",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24219 (VMSA-2024-0009) du 09 mai 2024",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24219"
}
]
}
CERTFR-2024-AVI-0268
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans VMware SD-WAN. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SD-WAN (Edge) versions 4.5.x ant\u00e9rieures \u00e0 4.5.1+ sans l\u0027application de la proc\u00e9dure KB97391",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "SD-WAN (Orchestrator) versions 5.x ant\u00e9rieures \u00e0 5.0.1+",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "SD-WAN (Edge) versions 5.x ant\u00e9rieures \u00e0 5.0.1+ sans l\u0027application de la proc\u00e9dure KB97391",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22248",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22248"
},
{
"name": "CVE-2024-22247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22247"
},
{
"name": "CVE-2024-22246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22246"
}
],
"links": [
{
"title": "Proc\u00e9dure de correction KB97391",
"url": "https://kb.vmware.com/s/article/97391"
}
],
"reference": "CERTFR-2024-AVI-0268",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware SD-WAN.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware SD-WAN",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2024-0008 du 02 avril 2024",
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0008.html"
}
]
}
CERTFR-2024-AVI-0186
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer aux mesures de contournement proposées par l’éditeur (cf. section Documentation).
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour les mesures de contournement (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | ESXi | ESXi versions 7.0 sans le correctif de sécurité ESXi70U3p-23307199 | ||
| VMware | N/A | Workstation versions 17.x antérieures à 17.5.1 | ||
| VMware | Fusion | Fusion versions 13.x antérieures à 13.5.1 sur MacOS | ||
| VMware | N/A | VMware Cloud Foundation (ESXi) versions 5.x et 4.x sans le correctif de sécurité KB88287 | ||
| VMware | ESXi | ESXi versions 8.0 sans les correctifs de sécurité ESXi80U1d-23299997 et ESXi80U2sb-23305545 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ESXi versions 7.0 sans le correctif de s\u00e9curit\u00e9 ESXi70U3p-23307199",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workstation versions 17.x ant\u00e9rieures \u00e0 17.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Fusion versions 13.x ant\u00e9rieures \u00e0 13.5.1 sur MacOS",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation (ESXi) versions 5.x et 4.x sans le correctif de s\u00e9curit\u00e9 KB88287",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 8.0 sans les correctifs de s\u00e9curit\u00e9 ESXi80U1d-23299997 et ESXi80U2sb-23305545",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es par l\u2019\u00e9diteur (cf.\nsection Documentation).\n\n## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les mesures de\ncontournement (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22252"
},
{
"name": "CVE-2024-22253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22253"
},
{
"name": "CVE-2024-22255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22255"
},
{
"name": "CVE-2024-22254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22254"
}
],
"links": [
{
"title": "How to remove USB controllers from a Virtual Machine",
"url": "https://kb.vmware.com/s/article/96682"
}
],
"reference": "CERTFR-2024-AVI-0186",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits VMware\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2024-0006 du 05 mars 2024",
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html"
}
]
}
CERTFR-2024-AVI-0169
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits VMware. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Workstation Pro versions ant\u00e9rieures \u00e0 17.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Fusion versions ant\u00e9rieures \u00e0 13.5.1",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22251"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0169",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eles\nproduits VMware\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2024-0005 du 27 f\u00e9vrier 2024",
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0005.html"
}
]
}
CERTFR-2024-AVI-0098
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Aria Operations pour les r\u00e9seaux versions ant\u00e9rieures \u00e0 6.12.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22237"
},
{
"name": "CVE-2024-22241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22241"
},
{
"name": "CVE-2024-22238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22238"
},
{
"name": "CVE-2024-22239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22239"
},
{
"name": "CVE-2024-22240",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22240"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0098",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits VMware\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune \u00e9l\u00e9vation de privil\u00e8ges et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Aria Operations pour les r\u00e9seaux",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2024-0002 du 06 f\u00e9vrier 2024",
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0002.html"
}
]
}
CERTFR-2024-AVI-0037
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans VMware Aria Operations. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Aria Automation | VMware Aria Automation versions 8.12.x versions antérieures à 8.12.2 avec le correctif de sécurité vrlcm-vra-8.12.2-8.12.2.31368 | ||
| VMware | N/A | VMware Cloud Foundation (Aria Automation) versions 4.x et 5.x sans le dernier correctif de sécurité | ||
| VMware | Aria Automation | VMware Aria Automation versions 8.13.x versions antérieures à 8.13.1 avec le correctif de sécurité vrlcm-vra-8.13.1-8.13.1.32385 | ||
| VMware | Aria Automation | VMware Aria Automation versions 8.11.x versions antérieures à 8.11.2 avec le correctif de sécurité vrlcm-vra-8.11.2-8.11.2.30127 | ||
| VMware | Aria Automation | VMware Aria Automation versions 8.14.x antérieures à 8.14.1 avec le correctif de sécurité vrlcm-vra-8.14.1-8.14.1.33501 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Aria Automation versions 8.12.x versions ant\u00e9rieures \u00e0 8.12.2 avec le correctif de s\u00e9curit\u00e9 vrlcm-vra-8.12.2-8.12.2.31368",
"product": {
"name": "Aria Automation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation (Aria Automation) versions 4.x et 5.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Aria Automation versions 8.13.x versions ant\u00e9rieures \u00e0 8.13.1 avec le correctif de s\u00e9curit\u00e9 vrlcm-vra-8.13.1-8.13.1.32385",
"product": {
"name": "Aria Automation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Aria Automation versions 8.11.x versions ant\u00e9rieures \u00e0 8.11.2 avec le correctif de s\u00e9curit\u00e9 vrlcm-vra-8.11.2-8.11.2.30127",
"product": {
"name": "Aria Automation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Aria Automation versions 8.14.x ant\u00e9rieures \u00e0 8.14.1 avec le correctif de s\u00e9curit\u00e9 vrlcm-vra-8.14.1-8.14.1.33501",
"product": {
"name": "Aria Automation",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-34063",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34063"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0037",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans VMware Aria Operations. Elle\npermet \u00e0 un attaquant de provoquer un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans VMware Aria Operations",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2024-0001 du 16 janvier 2024",
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0001.html"
}
]
}
CERTFR-2023-AVI-1026
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans VMware Workspace ONE Launcher. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Workspace ONE Launcher versions 22.x et 23.x ant\u00e9rieures \u00e0 23.11 sur Android",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34064"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-1026",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans VMware Workspace ONE Launcher.\nElle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans VMware Workspace ONE Launcher",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0027 du 12 d\u00e9cembre 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0027.html"
}
]
}
CERTFR-2023-AVI-0903
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans VMware Workspace ONE UEM. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | Workspace ONE UEM versions 22.12.x antérieures à 22.12.0.20 | ||
| VMware | N/A | Workspace ONE UEM versions 22.09.x antérieures à 22.9.0.29 | ||
| VMware | N/A | Workspace ONE UEM versions 23.02.x antérieures à 23.2.0.10 | ||
| VMware | N/A | Workspace ONE UEM versions 22.06.x antérieures à 22.6.0.36 | ||
| VMware | N/A | Workspace ONE UEM versions 22.03.x antérieures à 22.3.0.48 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Workspace ONE UEM versions 22.12.x ant\u00e9rieures \u00e0 22.12.0.20",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workspace ONE UEM versions 22.09.x ant\u00e9rieures \u00e0 22.9.0.29",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workspace ONE UEM versions 23.02.x ant\u00e9rieures \u00e0 23.2.0.10",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workspace ONE UEM versions 22.06.x ant\u00e9rieures \u00e0 22.6.0.36",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workspace ONE UEM versions 22.03.x ant\u00e9rieures \u00e0 22.3.0.48",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20886",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20886"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0903",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans VMware Workspace ONE UEM. Elle\npermet \u00e0 un attaquant de provoquer un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans VMware Workspace ONE UEM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0025 du 31 octobre 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0025.html"
}
]
}
CERTFR-2023-AVI-0896
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans VMware Tools. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Tools 11.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tools 10.3.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tools 12.x versions ant\u00e9rieures \u00e0 12.1.1 sur MacOS",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tools 12.x versions ant\u00e9rieures \u00e0 12.3.5 sur Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-34057",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34057"
},
{
"name": "CVE-2023-34058",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34058"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0896",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tools. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tools",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0024 du 26 octobre 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0024.html"
}
]
}
CERTFR-2023-AVI-0885
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans VMware vCenter. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | vCenter Server | VMware vCenter Server versions 6.5.x antérieures à 6.5U3 sans le dernier correctif exceptionnel (version en fin de support) | ||
| VMware | N/A | VMware Cloud Foundation (VMware vCenter Server) versions 4.x sans le dernier correctif de sécurité (cf. KB88287) | ||
| VMware | vCenter Server | VMware vCenter Server versions 8.x antérieures à 8.OU2 et 8.OU1d | ||
| VMware | vCenter Server | VMware vCenter Server versions 7.x antérieures à 7.OU3o | ||
| VMware | vCenter Server | VMware vCenter Server versions 6.7.x antérieures à 6.7U3 sans le dernier correctif exceptionnel (version en fin de support) | ||
| VMware | N/A | VMware Cloud Foundation (VMware vCenter Server) versions 3.x sans le dernier correctif de sécurité (cf. KB88287) | ||
| VMware | N/A | VMware Cloud Foundation (VMware vCenter Server) versions 5.x sans le dernier correctif de sécurité (cf. KB88287) |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware vCenter Server versions 6.5.x ant\u00e9rieures \u00e0 6.5U3 sans le dernier correctif exceptionnel (version en fin de support)",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation (VMware vCenter Server) versions 4.x sans le dernier correctif de s\u00e9curit\u00e9 (cf. KB88287)",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server versions 8.x ant\u00e9rieures \u00e0 8.OU2 et 8.OU1d",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server versions 7.x ant\u00e9rieures \u00e0 7.OU3o",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server versions 6.7.x ant\u00e9rieures \u00e0 6.7U3 sans le dernier correctif exceptionnel (version en fin de support)",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation (VMware vCenter Server) versions 3.x sans le dernier correctif de s\u00e9curit\u00e9 (cf. KB88287)",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation (VMware vCenter Server) versions 5.x sans le dernier correctif de s\u00e9curit\u00e9 (cf. KB88287)",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-34056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34056"
},
{
"name": "CVE-2023-34048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34048"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0885",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware vCenter.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware vCenter",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0023 du 25 octobre 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0023.html"
}
]
}
CERTFR-2023-AVI-0870
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | VMware Aria Operations for Logs versions 8.x antérieures à 8.14 | ||
| VMware | Cloud Foundation | VMware Cloud Foundation (VMware Aria Operations for Logs) versions 5.x et 4.x (se référer au KB95212 de l'éditeur) | ||
| VMware | Fusion | Fusion versions 13.x antérieures à 13.5 sur OS X |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Aria Operations for Logs versions 8.x ant\u00e9rieures \u00e0 8.14",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation (VMware Aria Operations for Logs) versions 5.x et 4.x (se r\u00e9f\u00e9rer au KB95212 de l\u0027\u00e9diteur)",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Fusion versions 13.x ant\u00e9rieures \u00e0 13.5 sur OS X",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-34052",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34052"
},
{
"name": "CVE-2023-34051",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34051"
},
{
"name": "CVE-2023-34045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34045"
},
{
"name": "CVE-2023-34044",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34044"
},
{
"name": "CVE-2023-34046",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34046"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0870",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0021 du 19 octobre 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0021.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0022 du 19 octobre 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0022.html"
}
]
}
CERTFR-2023-AVI-0781
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans VMware Aria Operations. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | VMware Aria Operations versions 8.12.x antérieures à 8.12 Hot Fix 5 | ||
| VMware | N/A | VMware Aria Operations versions 8.6.x antérieures à 8.6 Hot Fix 11 | ||
| VMware | Cloud Foundation | VMware Cloud Foundation versions 4.x et 5.x sans le dernier correctif de sécurité | ||
| VMware | N/A | VMware Aria Operations versions 8.10.x antérieures à 8.10 Hot Fix 9 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Aria Operations versions 8.12.x ant\u00e9rieures \u00e0 8.12 Hot Fix 5",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Aria Operations versions 8.6.x ant\u00e9rieures \u00e0 8.6 Hot Fix 11",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation versions 4.x et 5.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Aria Operations versions 8.10.x ant\u00e9rieures \u00e0 8.10 Hot Fix 9",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-34043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34043"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0781",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-27T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans VMware Aria Operations. Elle\npermet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans VMware Aria Operations",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0020 du 26 septembre 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0020.html"
}
]
}
CERTFR-2023-AVI-0702
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans VMware Tools. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Tools versions 10.3.x \u00e0 12.x ant\u00e9rieures \u00e0 12.3.0 sur Windows",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tools (open-vm-tools) versions 10.3.x \u00e0 12.x ant\u00e9rieures \u00e0 12.3.0 sur Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tools versions 10.3.x ant\u00e9rieures \u00e0 10.3.26 sur Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20900"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0702",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans VMware Tools. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans VMware Tools",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0019 du 31 ao\u00fbt 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0019.html"
}
]
}
CERTFR-2023-AVI-0697
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans VMware Aria Operations for Networks. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Aria Operations for Networks versions 6.x \u00e0 6.11 sans le correctif de s\u00e9curit\u00e9 KB94152",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20890",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20890"
},
{
"name": "CVE-2023-34039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34039"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0697",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans\u003cspan\nclass=\"textit\"\u003e VMware Aria Operations for Networks\u003c/span\u003e. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Aria Operations for Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0018 du 29 ao\u00fbt 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0018.html"
}
]
}
CERTFR-2023-AVI-0619
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans VMware Horizon Server. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Horizon Server versions 2206.x \u00e0 2209.x ant\u00e9rieures \u00e0 2209.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Horizon Server versions 2006.x \u00e0 2111.x ant\u00e9rieures \u00e0 2111.2",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Horizon Server versions 2212.x ant\u00e9rieures \u00e0 2212.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Horizon Server versions 2303.x ant\u00e9rieures \u00e0 2306",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-34038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34038"
},
{
"name": "CVE-2023-34037",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34037"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0619",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-08-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Horizon\nServer. Elles permettent \u00e0 un attaquant de provoquer un contournement de\nla politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Horizon Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0017 du 03 ao\u00fbt 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0017.html"
}
]
}
CERTFR-2023-AVI-0587
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits VMware. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu | VMware Tanzu Application Service pour machines virtuelles versions 2.11.x antérieures à 2.11.42 | ||
| VMware | N/A | Isolation Segment versions 3.0.x antérieures à 3.0.13 | ||
| VMware | Tanzu | VMware Tanzu Application Service pour machines virtuelles versions 2.13.x antérieures à 2.13.24 | ||
| VMware | Tanzu | VMware Tanzu Application Service pour machines virtuelles versions 4.0.x antérieures à 4.0.5 | ||
| VMware | Tanzu | VMware Tanzu Application Service pour machines virtuelles versions 3.0.x antérieures à 3.0.14 | ||
| VMware | N/A | Isolation Segment versions 2.13.x antérieures à 2.13.20 | ||
| VMware | N/A | Isolation Segment versions 4.0.x antérieures à 4.0.4 | ||
| VMware | N/A | Isolation Segment versions 2.11.x antérieures à 2.11.35 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Tanzu Application Service pour machines virtuelles versions 2.11.x ant\u00e9rieures \u00e0 2.11.42",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions 3.0.x ant\u00e9rieures \u00e0 3.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service pour machines virtuelles versions 2.13.x ant\u00e9rieures \u00e0 2.13.24",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service pour machines virtuelles versions 4.0.x ant\u00e9rieures \u00e0 4.0.5",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service pour machines virtuelles versions 3.0.x ant\u00e9rieures \u00e0 3.0.14",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions 2.13.x ant\u00e9rieures \u00e0 2.13.20",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions 4.0.x ant\u00e9rieures \u00e0 4.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions 2.11.x ant\u00e9rieures \u00e0 2.11.35",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20891",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20891"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0587",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eles\nproduits VMware\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0016 du 25 juillet 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0016.html"
}
]
}
CERTFR-2023-AVI-0518
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans VMware. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware SD-WAN (Edge) versions 4.5.x ant\u00e9rieures \u00e0 4.5.2",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware SD-WAN (Edge) versions 5.0.x ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20899"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0518",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0015 du 06 juillet 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0015.html"
}
]
}
CERTFR-2023-AVI-0457
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans VMware Tools. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Tools versions 10.3.x \u00e0 12.x ant\u00e9rieures \u00e0 12.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20867"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0457",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans VMware Tools. Elle permet \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans VMware Tools",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0013 du 13 juin 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"
}
]
}
CERTFR-2023-AVI-0441
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Aria Operations for Networks versions \u00e0 6.x sans le correctif HF KB92684",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20888",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20888"
},
{
"name": "CVE-2023-20889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20889"
},
{
"name": "CVE-2023-20887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20887"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0441",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits VMware\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Aria Operations for Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0012 du 07 juin 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0012.html"
}
]
}
CERTFR-2023-AVI-0424
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans les produits VMware. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | Workspace ONE Access versions 22.09.1.0 sans le correctif de sécurité KB92512 | ||
| VMware | N/A | Workspace ONE Access versions 22.09.0.0 antérieures à 22.09.1.0 | ||
| VMware | Cloud Foundation | VMware Cloud Foundation (vIDM) toutes versions sans le correctif de sécurité KB92512 | ||
| VMware | N/A | Workspace ONE Access versions 21.08.x antérieures à 22.09.1.0 | ||
| VMware | N/A | VMware Identity Manager (vIDM) version 3.3.6 antérieures à 3.3.7 | ||
| VMware | N/A | VMware Identity Manager (vIDM) version 3.3.6 sans le correctif de sécurité KB92512 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Workspace ONE Access versions 22.09.1.0 sans le correctif de s\u00e9curit\u00e9 KB92512",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workspace ONE Access versions 22.09.0.0 ant\u00e9rieures \u00e0 22.09.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation (vIDM) toutes versions sans le correctif de s\u00e9curit\u00e9 KB92512",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workspace ONE Access versions 21.08.x ant\u00e9rieures \u00e0 22.09.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Identity Manager (vIDM) version 3.3.6 ant\u00e9rieures \u00e0 3.3.7",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Identity Manager (vIDM) version 3.3.6 sans le correctif de s\u00e9curit\u00e9 KB92512",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20884",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20884"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0424",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-31T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0011 du 30 mai 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0011.html"
}
]
}
CERTFR-2023-AVI-0379
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Vmware Aria Operations (anciennement vRealize Operations). Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | VMware Aria Operations (anciennement vRealize Operations) versions 8.10 antérieures à 8.10 Hot Fix 4 | ||
| VMware | Cloud Foundation | VMware Cloud Foundation (VMware Aria Operations) versions 4.x sans le correctif de sécurité KB92148 | ||
| VMware | N/A | VMware Aria Operations (anciennement vRealize Operations) versions 8.6.x antérieures à 8.6 Hot Fix 10 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Aria Operations (anciennement vRealize Operations) versions 8.10 ant\u00e9rieures \u00e0 8.10 Hot Fix 4",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation (VMware Aria Operations) versions 4.x sans le correctif de s\u00e9curit\u00e9 KB92148",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Aria Operations (anciennement vRealize Operations) versions 8.6.x ant\u00e9rieures \u00e0 8.6 Hot Fix 10",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20877"
},
{
"name": "CVE-2023-20880",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20880"
},
{
"name": "CVE-2023-20878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20878"
},
{
"name": "CVE-2023-20879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20879"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0379",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eVmware Aria Operations (anciennement vRealize\nOperations)\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s Vmware Aria Operations",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Vmware VMSA-2023-0009 du 11 mai 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0009.html"
}
]
}
CERTFR-2023-AVI-0342
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans VMware. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges et une exécution de code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Fusion versions 13.x ant\u00e9rieures \u00e0 13.0.2",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Workstation versions 17.x ant\u00e9rieures \u00e0 17.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20869"
},
{
"name": "CVE-2023-20870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20870"
},
{
"name": "CVE-2023-20872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20872"
},
{
"name": "CVE-2023-20871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20871"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0342",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une \u00e9l\u00e9vation\nde privil\u00e8ges et une ex\u00e9cution de code arbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Vmware VMSA-2023-0008 du 25 avril 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0008.html"
}
]
}
CERTFR-2023-AVI-0332
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Vmware Aria Operations for Logs. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | VMware Aria Operations for Logs (Operations for Logs) versions 8.8.x antérieures à 8.12 | ||
| VMware | N/A | VMware Aria Operations for Logs (Operations for Logs) versions 8.6.x antérieures à 8.12 | ||
| VMware | N/A | VMware Aria Operations for Logs (Operations for Logs) versions 8.10 à 8.10.2 antérieures à 8.12 | ||
| VMware | Cloud Foundation | VMware Cloud Foundation (VMware Aria Operations for Logs) versions 4.x sans le correctif de sécurité KB91865 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Aria Operations for Logs (Operations for Logs) versions 8.8.x ant\u00e9rieures \u00e0 8.12",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Aria Operations for Logs (Operations for Logs) versions 8.6.x ant\u00e9rieures \u00e0 8.12",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Aria Operations for Logs (Operations for Logs) versions 8.10 \u00e0 8.10.2 ant\u00e9rieures \u00e0 8.12",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation (VMware Aria Operations for Logs) versions 4.x sans le correctif de s\u00e9curit\u00e9 KB91865",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20865"
},
{
"name": "CVE-2023-20864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20864"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0332",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eVmware Aria Operations for Logs\u003c/span\u003e. Elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Vmware Aria Operations for Logs",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Vmware VMSA-2023-0007 du 20 avril 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0007.html"
}
]
}
CERTFR-2023-AVI-0318
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | Isolation Segment versions 2.12.x antérieures à 2.12.19 | ||
| VMware | Tanzu | VMware Tanzu Application Service for VMs versions 2.12.x antérieures à 2.12.24 | ||
| VMware | N/A | Canonical Ubuntu 18.04 | ||
| VMware | Tanzu | VMware Tanzu Application Service for VMs versions 2.13.x antérieures à 2.13.17 | ||
| VMware | N/A | Platform Automation Toolkit versions 4.0.x antérieures à to 4.0.13 | ||
| VMware | Tanzu | VMware Tanzu Application Service for VMs versions 2.11.x antérieures à 2.11.35 | ||
| VMware | N/A | Platform Automation Toolkit versions 4.3.x versions antérieures à 4.3.5 | ||
| VMware | N/A | Platform Automation Toolkit versions 5.1.x versions antérieures à 5.1.0 | ||
| VMware | N/A | Operations Manager versions 3.0.x antérieures à 3.0.4 | ||
| VMware | N/A | Operations Manager versions 2.10.x antérieures à 2.10.51 | ||
| VMware | N/A | Isolation Segment versions 3.0.x antérieures à 3.0.7 (avec Jammy Stemcells versions antérieures à 1.80) | ||
| VMware | N/A | Isolation Segment versions 2.11.x antérieures à 2.11.29 | ||
| VMware | N/A | Platform Automation Toolkit versions 4.2.x antérieures à 4.2.8 | ||
| VMware | N/A | Canonical Ubuntu 16.04 | ||
| VMware | N/A | Platform Automation Toolkit versions 4.4.x versions antérieures à 4.4.30 | ||
| VMware | N/A | Canonical Ubuntu 22.04 | ||
| VMware | Tanzu | VMware Tanzu Application Service for VMs versions 3.0.x antérieures à 3.0.7 (avec Jammy Stemcells versions 1.80) | ||
| VMware | N/A | Platform Automation Toolkit versions 5.0.x versions antérieures à 5.0.23 | ||
| VMware | N/A | Isolation Segment versions 2.13.x antérieures à 2.13.14 | ||
| VMware | Tanzu | Tanzu Greenplum for Kubernetes versions antérieures à 1.4.0 | ||
| VMware | N/A | Platform Automation Toolkit versions 4.1.x antérieures à 4.1.13 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Isolation Segment versions 2.12.x ant\u00e9rieures \u00e0 2.12.19",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions 2.12.x ant\u00e9rieures \u00e0 2.12.24",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Canonical Ubuntu 18.04",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions 2.13.x ant\u00e9rieures \u00e0 2.13.17",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 4.0.x ant\u00e9rieures \u00e0 to 4.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions 2.11.x ant\u00e9rieures \u00e0 2.11.35",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 4.3.x versions ant\u00e9rieures \u00e0 4.3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 5.1.x versions ant\u00e9rieures \u00e0 5.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Operations Manager versions 3.0.x ant\u00e9rieures \u00e0 3.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Operations Manager versions 2.10.x ant\u00e9rieures \u00e0 2.10.51",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions 3.0.x ant\u00e9rieures \u00e0 3.0.7 (avec Jammy Stemcells versions ant\u00e9rieures \u00e0 1.80)",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions 2.11.x ant\u00e9rieures \u00e0 2.11.29",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 4.2.x ant\u00e9rieures \u00e0 4.2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Canonical Ubuntu 16.04",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 4.4.x versions ant\u00e9rieures \u00e0 4.4.30",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Canonical Ubuntu 22.04",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu Application Service for VMs versions 3.0.x ant\u00e9rieures \u00e0 3.0.7 (avec Jammy Stemcells versions 1.80)",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 5.0.x versions ant\u00e9rieures \u00e0 5.0.23",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segment versions 2.13.x ant\u00e9rieures \u00e0 2.13.14",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum for Kubernetes versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Automation Toolkit versions 4.1.x ant\u00e9rieures \u00e0 4.1.13",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-24809",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24809"
},
{
"name": "CVE-2022-47629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47629"
},
{
"name": "CVE-2022-24805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
},
{
"name": "CVE-2022-44792",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44792"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-4883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4883"
},
{
"name": "CVE-2022-44793",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44793"
},
{
"name": "CVE-2022-3165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3165"
},
{
"name": "CVE-2022-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0417"
},
{
"name": "CVE-2022-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
},
{
"name": "CVE-2022-24810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
},
{
"name": "CVE-2022-37454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
},
{
"name": "CVE-2022-44617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44617"
},
{
"name": "CVE-2021-3682",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3682"
},
{
"name": "CVE-2021-23222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23222"
},
{
"name": "CVE-2022-2962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2962"
},
{
"name": "CVE-2023-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
},
{
"name": "CVE-2022-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0392"
},
{
"name": "CVE-2022-33070",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33070"
},
{
"name": "CVE-2022-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0216"
},
{
"name": "CVE-2022-40898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40898"
},
{
"name": "CVE-2022-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
},
{
"name": "CVE-2022-46285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46285"
},
{
"name": "CVE-2021-3930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3930"
},
{
"name": "CVE-2021-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33621"
},
{
"name": "CVE-2022-24808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
},
{
"name": "CVE-2021-3750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3750"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0318",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de\nprivil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5795-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5787-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5795-2 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5787-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5787-2 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5772-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5765-1 du 13 avril 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5821-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5821-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5801-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5795-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5811-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5811-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5787-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5767-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5806-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5801-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5807-1 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5807-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5787-1 du 12 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5765-1"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5806-2 du 13 avril 2023",
"url": "https://tanzu.vmware.com/security/usn-5806-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5772-1 du 13 avril 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware USN-5767-1 du 13 avril 2023",
"url": null
}
]
}
CERTFR-2023-AVI-0175
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans VMware Workspace ONE Content. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Workspace ONE Content versions ant\u00e9rieures \u00e0 23.02 sur Android",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-20857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20857"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0175",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans VMware Workspace ONE Content.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans VMware Workspace ONE Content",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2023-0006 du 28 f\u00e9vrier 2023",
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0006.html"
}
]
}