Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CERTFR-2025-AVI-0816

Vulnerability from certfr_avis - Published: 2025-09-25 - Updated: 2025-09-25

Une vulnérabilité a été découverte dans StormShield Network Security. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Stormshield	Stormshield Network Security	StormShield Network Security versions 4.7.x et 4.8.x antérieures à 4.8.12
Stormshield	Stormshield Network Security	StormShield Network Security versions 5.0.x antérieures à 5.0.1
Stormshield	Stormshield Network Security	StormShield Network Security versions 4.3.x antérieures à 4.3.40

References

Title

Publication Time

Tags

Bulletin de sécurité StormShield 2025-003

2025-09-24

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "StormShield Network Security versions 4.7.x et 4.8.x ant\u00e9rieures \u00e0 4.8.12",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "StormShield Network Security versions 5.0.x ant\u00e9rieures \u00e0 5.0.1",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "StormShield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.40",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-48707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48707"
    }
  ],
  "initial_release_date": "2025-09-25T00:00:00",
  "last_revision_date": "2025-09-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0816",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans StormShield Network Security. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Vuln\u00e9rabilit\u00e9 dans StormShield Network Security",
  "vendor_advisories": [
    {
      "published_at": "2025-09-24",
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2025-003",
      "url": "https://advisories.stormshield.eu/2025-003/"
    }
  ]
}

CERTFR-2025-AVI-0488

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.3.x antérieures à 4.3.37
Stormshield	Stormshield Network Security	Stormshield Network Security versions antérieures à 5.0.0
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.7.x et 4.8.x antérieures à 4.8.9

References

Title

Publication Time

Tags

Bulletin de sécurité StormShield 2024-029

2025-06-10

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.37",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 5.0.0",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.7.x et 4.8.x ant\u00e9rieures \u00e0 4.8.9",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-44078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44078"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0488",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
  "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": "2025-06-10",
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-029",
      "url": "https://advisories.stormshield.eu/2024-029/"
    }
  ]
}

CERTFR-2025-AVI-0250

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans StormShield Network Security. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Stormshield	Stormshield Network Security	IPMI SN6100 versions antérieures à 1.86

References

Title

Publication Time

Tags

Bulletin de sécurité StormShield 2023-033

2025-03-27

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IPMI SN6100 versions ant\u00e9rieures \u00e0 1.86",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2021-26733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26733"
    },
    {
      "name": "CVE-2021-26730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26730"
    },
    {
      "name": "CVE-2021-26731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26731"
    },
    {
      "name": "CVE-2021-26732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26732"
    },
    {
      "name": "CVE-2021-26729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26729"
    },
    {
      "name": "CVE-2021-44776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44776"
    },
    {
      "name": "CVE-2021-26728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26728"
    },
    {
      "name": "CVE-2021-44467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44467"
    },
    {
      "name": "CVE-2021-26727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-26727"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0250",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans StormShield Network Security. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans StormShield Network Security",
  "vendor_advisories": [
    {
      "published_at": "2025-03-27",
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2023-033",
      "url": "https://advisories.stormshield.eu/2023-033"
    }
  ]
}

CERTFR-2025-AVI-0249

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans StormShield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Stormshield	Stormshield Network Security	StormShield Network Security versions 4.3.x antérieures à 4.3.35

References

Title

Publication Time

Tags

Bulletin de sécurité StormShield 2025-002

2025-03-27

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "StormShield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.35",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-27829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27829"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0249",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans StormShield Network Security. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
  "title": "Vuln\u00e9rabilit\u00e9 dans StormShield Network Security",
  "vendor_advisories": [
    {
      "published_at": "2025-03-27",
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2025-002",
      "url": "https://advisories.stormshield.eu/2025-002/"
    }
  ]
}

CERTFR-2024-AVI-0985

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.8.x antérieures à 4.8.4
	Stormshield	Stormshield Network Security	Stormshield Network Security versions antérieures à 4.3.32

References

Title

Publication Time

Tags

Bulletin de sécurité StormShield STORM-2024-028	2024-11-13	vendor-advisory
Bulletin de sécurité StormShield STORM-2024-034	2024-11-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions 4.8.x ant\u00e9rieures \u00e0 4.8.4",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 4.3.32",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-44077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-44077"
    },
    {
      "name": "CVE-2024-20505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20505"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0985",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Network Security. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2024-028",
      "url": "https://advisories.stormshield.eu/2024-028/"
    },
    {
      "published_at": "2024-11-13",
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2024-034",
      "url": "https://advisories.stormshield.eu/2024-034"
    }
  ]
}

CERTFR-2024-AVI-0804

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.4.x à 4.7.x antérieures à 4.7.9
Stormshield	Stormshield Network Security	Stormshield Network Security versions antérieures à 4.3.30
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.8.x antérieures à 4.8.3
Stormshield	Stormshield Network VPN Client	Stormshield VPN Client Exclusive sans le correctif de sécurité EC VULN IS 1986
Stormshield	Stormshield Network VPN Client	Stormshield VPN Client Standard sans le correctif de sécurité VULN EC IS 1992

References

Title

Publication Time

Tags

Bulletin de sécurité StormShield 2024-030	2024-09-24	vendor-advisory
Bulletin de sécurité Stormshield 2024-031	2024-09-25	vendor-advisory
Bulletin de sécurité Stormshield 2024-024	2024-09-24	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions 4.4.x \u00e0 4.7.x ant\u00e9rieures \u00e0 4.7.9",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 4.3.30",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.8.x ant\u00e9rieures \u00e0 4.8.3",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield VPN Client Exclusive  sans le correctif de s\u00e9curit\u00e9 EC VULN IS 1986",
      "product": {
        "name": "Stormshield Network VPN Client",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield VPN Client Standard sans le correctif de s\u00e9curit\u00e9 VULN EC IS 1992",
      "product": {
        "name": "Stormshield Network VPN Client",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-39706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39706"
    },
    {
      "name": "CVE-2024-45750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45750"
    },
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0804",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Stormshield. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": "2024-09-24",
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-030",
      "url": "https://advisories.stormshield.eu/2024-030/"
    },
    {
      "published_at": "2024-09-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2024-031",
      "url": "https://advisories.stormshield.eu/2024-031/"
    },
    {
      "published_at": "2024-09-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2024-024",
      "url": "https://advisories.stormshield.eu/2024-024/"
    }
  ]
}

CERTFR-2024-AVI-0586

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Stormshield. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Stormshield	Stormshield Network Security	Stormshield Network Security versions 3.7.x antérieures à 3.7.42
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.x antérieures à 4.3.27
Stormshield	Stormshield Network Security	Stormshield Network Security versions ultérieures à 4.4.0 et antérieures à 4.7.6
Stormshield	Stormshield Network Security	Stormshield Network Security versions 3.1x.x antérieures à 3.11.30
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.8.x antérieures à 4.8.1

References

Title

Publication Time

Tags

Bulletin de sécurité StormShield 2024-017	2024-05-28	vendor-advisory
Bulletin de sécurité StormShield 2024-007	2024-04-10	vendor-advisory
Bulletin de sécurité StormShield 2024-018	2024-05-28	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions 3.7.x ant\u00e9rieures \u00e0 3.7.42",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.x ant\u00e9rieures \u00e0 4.3.27",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions ult\u00e9rieures \u00e0 4.4.0 et ant\u00e9rieures \u00e0 4.7.6",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 3.1x.x ant\u00e9rieures \u00e0 3.11.30",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.8.x ant\u00e9rieures \u00e0 4.8.1",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-31946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31946"
    },
    {
      "name": "CVE-2024-37386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37386"
    },
    {
      "name": "CVE-2022-47522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47522"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0586",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-07-16T00:00:00.000000"
    },
    {
      "description": "Suppression de la CVE-2024-3094 non applicable",
      "revision_date": "2024-08-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Stormshield. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield",
  "vendor_advisories": [
    {
      "published_at": "2024-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-017",
      "url": "https://advisories.stormshield.eu/2024-017/"
    },
    {
      "published_at": "2024-04-10",
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-007",
      "url": "https://advisories.stormshield.eu/2024-007"
    },
    {
      "published_at": "2024-05-28",
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield 2024-018",
      "url": "https://advisories.stormshield.eu/2024-018/"
    }
  ]
}

CERTFR-2024-AVI-0309

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.3.x antérieures à 4.3.25
Stormshield	Stormshield Network Security	Stormshield Network Security versions 3.11.0 à 3.11.27
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.6.0 à 4.6.10
Stormshield	Stormshield Network Security	Stormshield Network Security versions 3.7.0 à 3.7.39
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.7.x antérieures à 4.7.5

References

Title

Publication Time

Tags

Bulletin de sécurité StormShield STORM-2024-005 du 10 avril 2024	None	vendor-advisory
Bulletin de sécurité StormShield STORM-2024-005 du 13 février 2024	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.25",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 3.11.0 \u00e0 3.11.27",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.6.0 \u00e0 4.6.10",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 3.7.0 \u00e0 3.7.39",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.7.x ant\u00e9rieures \u00e0 4.7.5",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-20813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-20813"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2024-005 du 13 f\u00e9vrier 2024",
      "url": "https://advisories.stormshield.eu/2024-005/"
    }
  ],
  "reference": "CERTFR-2024-AVI-0309",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2024-005 du 10 avril 2024",
      "url": null
    }
  ]
}

CERTFR-2024-AVI-0308

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.3.x antérieures à 4.3.25
Stormshield	Stormshield Network Security	Stormshield Network Security versions 3.11.x antérieures à 3.11.29
Stormshield	Stormshield Network Security	Stormshield Network Security versions 3.7.x antérieures à 3.7.41
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.7.x antérieures à 4.7.5

References

Title

Publication Time

Tags

Bulletin de sécurité StormShield STORM-2024-011 du 10 avril 2024

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions 4.3.x ant\u00e9rieures \u00e0 4.3.25",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.29",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 3.7.x ant\u00e9rieures \u00e0 3.7.41",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.7.x ant\u00e9rieures \u00e0 4.7.5",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-0727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0308",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2024-011 du 10 avril 2024",
      "url": "https://advisories.stormshield.eu/2024-011/"
    }
  ]
}

CERTFR-2024-AVI-0214

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Stormshield	Stormshield Network Security	SN520 versions 4.3.x antérieures à 4.3.24
	Stormshield	Stormshield Network Security	SN-S-Series versions 4.x antérieures à 4.7.3

References

Title

Publication Time

Tags

Bulletin de sécurité Stormshield STORM-2024-004 du 13 mars 2024	None	vendor-advisory
Bulletin de sécurité Stormshield STORM-2024-004 du 13 mars 2024	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SN520 versions 4.3.x ant\u00e9rieures \u00e0 4.3.24",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "SN-S-Series versions 4.x ant\u00e9rieures \u00e0 4.7.3",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-28746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
    },
    {
      "name": "CVE-2023-32282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32282"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Stormshield\u00a0STORM-2024-004 du 13 mars 2024",
      "url": "https://advisories.stormshield.eu/2024-004/"
    }
  ],
  "reference": "CERTFR-2024-AVI-0214",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Network\nSecurity. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2024-004 du 13 mars 2024",
      "url": null
    }
  ]
}

CERTFR-2024-AVI-0138

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.x.x antérieures à 4.3.23
Stormshield	Stormshield Network Security	Stormshield Network Security versions 3.11.x antérieures à 3.11.28
Stormshield	Stormshield Network Security	Stormshield Network Security versions antérieures à 3.7.40
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.x.x postérieures à 4.4.x et antérieures à 4.6.11
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.7.x antérieures à 4.7.2

References

Title

Publication Time

Tags

Bulletin de sécurité StormShield STORM-2023-023 du 15 décembre 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions 4.x.x ant\u00e9rieures \u00e0 4.3.23",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.28",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 3.7.40",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.x.x post\u00e9rieures \u00e0 4.4.x et ant\u00e9rieures \u00e0 4.6.11",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.7.x ant\u00e9rieures \u00e0 4.7.2",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-44453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44453"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0138",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-023 du 15 d\u00e9cembre 2023",
      "url": "https://advisories.stormshield.eu/2023-023/"
    }
  ]
}

CERTFR-2024-AVI-0001

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans StormShield Stormshield Network Security. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Un correctif sera bientôt fourni pour toutes les versions encore en maintenance.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour les mesures de contournement (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Stormshield	Stormshield Network Security	Stormshield Network Security toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité StormShield STORM-2023-035 du 29 décembre 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security toutes versions",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nUn correctif sera bient\u00f4t fourni pour toutes les versions encore en\nmaintenance.\n\n## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les mesures de\ncontournement (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0001",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-01-02T00:00:00.000000"
    },
    {
      "description": "Retrait des identifiants CVE-2023-46447, CVE-2023-51384 et CVE-2023-51385",
      "revision_date": "2024-01-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans StormShield Stormshield Network\nSecurity. Elle permet \u00e0 un attaquant de provoquer un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans StormShield Network Security",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-035 du 29 d\u00e9cembre 2023",
      "url": "https://advisories.stormshield.eu/2023-035/"
    }
  ]
}

CERTFR-2023-AVI-1058

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.4.x à 4.6.x antérieures à 4.6.
Stormshield	Stormshield Network Security	Stormshield Network Security versions 2.7.x à 4.3.x antérieures à 4.3.17
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.7.x antérieures à 4.7.1

References

Title

Publication Time

Tags

Bulletin de sécurité Stormshield STORM-2023-006 du 22 décembre 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions 4.4.x \u00e0 4.6.x ant\u00e9rieures \u00e0 4.6.",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 2.7.x \u00e0 4.3.x ant\u00e9rieures \u00e0 4.3.17",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.7.x ant\u00e9rieures \u00e0 4.7.1",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-28616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28616"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-1058",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Stormshield STORM-2023-006 du 22 d\u00e9cembre 2023",
      "url": "https://advisories.stormshield.eu/2023-006/"
    }
  ]
}

CERTFR-2023-AVI-1039

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Stormshield Network Security. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.x.x antérieures à 4.3.23
Stormshield	Stormshield Network Security	Stormshield Network Security versions 3.11.x antérieures à 3.11.28
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.7.x antérieures à 4.7.2
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.6.x antérieures à 4.6.10
Stormshield	Stormshield Network Security	Stormshield Network Security versions 3.7.x antérieures à 3.7.40

References

Title

Publication Time

Tags

Bulletin de sécurité StormShield STORM-2023-024 du 15 décembre 2023	None	vendor-advisory
Bulletin de sécurité StormShield STORM-2023-027 du 15 décembre 2023	None	vendor-advisory
Bulletin de sécurité StormShield STORM-2023-031 du 15 décembre 2023	None	vendor-advisory
Bulletin de sécurité StormShield STORM-2023-032 du 15 décembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions 4.x.x ant\u00e9rieures \u00e0 4.3.23",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 3.11.x ant\u00e9rieures \u00e0 3.11.28",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.7.x ant\u00e9rieures \u00e0 4.7.2",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.6.x ant\u00e9rieures \u00e0 4.6.10",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 3.7.x ant\u00e9rieures \u00e0 3.7.40",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-47091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47091"
    },
    {
      "name": "CVE-2023-41166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41166"
    },
    {
      "name": "CVE-2023-20197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20197"
    },
    {
      "name": "CVE-2023-47093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47093"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-1039",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-12-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Stormshield Network\nSecurity. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-024 du 15 d\u00e9cembre 2023",
      "url": "https://advisories.stormshield.eu/2023-024/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-027 du 15 d\u00e9cembre 2023",
      "url": "https://advisories.stormshield.eu/2023-027/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-031 du 15 d\u00e9cembre 2023",
      "url": "https://advisories.stormshield.eu/2023-031/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 StormShield STORM-2023-032 du 15 d\u00e9cembre 2023",
      "url": "https://advisories.stormshield.eu/2023-032/"
    }
  ]
}

CERTFR-2023-AVI-0471

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Stormshield Network Security. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.0.x à 4.3.x antérieures à 4.3.19
Stormshield	Stormshield Network Security	Stormshield Network Security versions 4.4.x à 4.7.x antérieures à 4.7.1
Stormshield	Stormshield Network Security	Stormshield Network Security versions 3.8.x à 3.11.x antérieures à 3.11.25
Stormshield	Stormshield Network Security	Stormshield Network Security versions antérieures à 3.7.37

References

Title

Publication Time

Tags

Bulletin de sécurité Stormshield 2023-019 du 16 juin 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Stormshield Network Security versions 4.0.x \u00e0 4.3.x ant\u00e9rieures \u00e0 4.3.19",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 4.4.x \u00e0 4.7.x ant\u00e9rieures \u00e0 4.7.1",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions 3.8.x \u00e0 3.11.x ant\u00e9rieures \u00e0 3.11.25",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    },
    {
      "description": "Stormshield Network Security versions ant\u00e9rieures \u00e0 3.7.37",
      "product": {
        "name": "Stormshield Network Security",
        "vendor": {
          "name": "Stormshield",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-34198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34198"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0471",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Stormshield Network Security.\nElle permet \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Stormshield Network Security",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Stormshield 2023-019 du 16 juin 2023",
      "url": "https://advisories.stormshield.eu/2023-019/"
    }
  ]
}

Search criteria

74 vulnerabilities found for Stormshield Network Security by Stormshield

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Solution

Solution

Solution

Solution

Solution

Contournement provisoire

Solution

Solution

Solution