{"id":544962,"date":"2023-01-05T23:54:23","date_gmt":"2023-01-06T01:54:23","guid":{"rendered":"https:\/\/teknomers.com\/fr\/fortinet-et-zoho-exhortent-les-clients-a-corriger-les-vulnerabilites-des-logiciels-dentreprise\/"},"modified":"2023-01-05T23:54:24","modified_gmt":"2023-01-06T01:54:24","slug":"fortinet-et-zoho-exhortent-les-clients-a-corriger-les-vulnerabilites-des-logiciels-dentreprise","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/fortinet-et-zoho-exhortent-les-clients-a-corriger-les-vulnerabilites-des-logiciels-dentreprise\/","title":{"rendered":"Fortinet et Zoho exhortent les clients \u00e0 corriger les vuln\u00e9rabilit\u00e9s des logiciels d&#8217;entreprise"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">05 janvier 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 applicative \/ SQLi<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Fortinet a mis en garde contre une faille de haute gravit\u00e9 affectant plusieurs versions du contr\u00f4leur de livraison d&#8217;applications FortiADC qui pourrait conduire \u00e0 l&#8217;ex\u00e9cution de code arbitraire.<\/p>\n<p>&#8220;Une neutralisation inappropri\u00e9e d&#8217;\u00e9l\u00e9ments sp\u00e9ciaux utilis\u00e9s dans une vuln\u00e9rabilit\u00e9 de commande du syst\u00e8me d&#8217;exploitation dans FortiADC peut permettre \u00e0 un attaquant authentifi\u00e9 ayant acc\u00e8s \u00e0 l&#8217;interface graphique Web d&#8217;ex\u00e9cuter du code ou des commandes non autoris\u00e9s via des requ\u00eates HTTP sp\u00e9cialement con\u00e7ues&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9. <a rel=\"nofollow noopener\" href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-061\" target=\"_blank\">m&#8217;a dit<\/a> dans un avis.<\/p>\n<p>La vuln\u00e9rabilit\u00e9, identifi\u00e9e comme CVE-2022-39947 (score CVSS\u00a0: 8,6) et d\u00e9couverte en interne par son \u00e9quipe de s\u00e9curit\u00e9 produit, affecte les versions suivantes\u00a0:<\/p>\n<ul>\n<li>FortiADC versions 7.0.0 \u00e0 7.0.2<\/li>\n<li>FortiADC versions 6.2.0 \u00e0 6.2.3<\/li>\n<li>FortiADC versions 6.1.0 \u00e0 6.1.6<\/li>\n<li>FortiADC versions 6.0.0 \u00e0 6.0.4<\/li>\n<li>FortiADC versions 5.4.0 \u00e0 5.4.5<\/li>\n<\/ul>\n<p>Il est recommand\u00e9 aux utilisateurs de mettre \u00e0 niveau vers les versions FortiADC 6.2.4 et 7.0.2 au fur et \u00e0 mesure de leur disponibilit\u00e9.<\/p>\n<p>Les <a rel=\"nofollow noopener\" href=\"https:\/\/www.fortiguard.com\/psirt?date=01-2023\" target=\"_blank\">Correctifs de janvier 2023<\/a> corrigent \u00e9galement un certain nombre de vuln\u00e9rabilit\u00e9s d&#8217;injection de commandes dans FortiTester (<a rel=\"nofollow noopener\" href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-274\" target=\"_blank\">CVE-2022-35845<\/a>score CVSS\u00a0: 7,6) qui pourrait permettre \u00e0 un attaquant authentifi\u00e9 d&#8217;ex\u00e9cuter des commandes arbitraires dans le shell sous-jacent.<\/p>\n<h3>Zoho exp\u00e9die des correctifs pour une faille SQLi<\/h3>\n<p>Le fournisseur de logiciels d&#8217;entreprise Zoho exhorte \u00e9galement les clients \u00e0 passer aux derni\u00e8res versions d&#8217;Access Manager Plus, PAM360 et Password Manager Pro suite \u00e0 la d\u00e9couverte d&#8217;une grave vuln\u00e9rabilit\u00e9 d&#8217;injection SQL (SQLi).<\/p>\n<p>Attribu\u00e9 l&#8217;identifiant <a rel=\"nofollow noopener\" href=\"https:\/\/www.manageengine.com\/privileged-session-management\/advisory\/cve-2022-47523.html\" target=\"_blank\">CVE-2022-47523<\/a>, le probl\u00e8me concerne les versions 4308 et inf\u00e9rieures d&#8217;Access Manager Plus ;  PAM360 versions 5800 et inf\u00e9rieures\u00a0;  et les versions 12200 et ant\u00e9rieures de Password Manager Pro.<\/p>\n<p>&#8220;Cette vuln\u00e9rabilit\u00e9 peut permettre \u00e0 un adversaire d&#8217;ex\u00e9cuter des requ\u00eates personnalis\u00e9es et d&#8217;acc\u00e9der aux entr\u00e9es de la table de base de donn\u00e9es \u00e0 l&#8217;aide de la requ\u00eate vuln\u00e9rable&#8221;, a d\u00e9clar\u00e9 la soci\u00e9t\u00e9 bas\u00e9e en Inde. <a rel=\"nofollow noopener\" href=\"https:\/\/pitstop.manageengine.com\/portal\/en\/community\/topic\/manageengine-security-advisory%e2%80%94important-security-fix-released-for-manageengine-pam360-2-1-2023\" target=\"_blank\">m&#8217;a dit<\/a>, <a rel=\"nofollow noopener\" href=\"https:\/\/pitstop.manageengine.com\/portal\/en\/community\/topic\/manageengine-security-advisory%e2%80%94important-security-fix-released-for-manageengine-password-manager-pro-2-1-2023\" target=\"_blank\">ajouter<\/a> il a corrig\u00e9 le bogue en ajoutant une validation appropri\u00e9e et en \u00e9chappant aux caract\u00e8res sp\u00e9ciaux.<\/p>\n<p>Bien que les d\u00e9tails exacts de la lacune n&#8217;aient pas \u00e9t\u00e9 divulgu\u00e9s, Zoho <a rel=\"nofollow noopener\" href=\"https:\/\/www.manageengine.com\/privileged-session-management\/release-notes.html\" target=\"_blank\">Lib\u00e9ration<\/a> <a rel=\"nofollow noopener\" href=\"https:\/\/www.manageengine.com\/products\/passwordmanagerpro\/release-notes.html\" target=\"_blank\">Remarques<\/a> r\u00e9v\u00e8lent que la faille a \u00e9t\u00e9 identifi\u00e9e dans son framework interne et qu&#8217;elle pourrait permettre \u00e0 tous les utilisateurs &#8220;d&#8217;acc\u00e9der \u00e0 la base de donn\u00e9es principale&#8221;.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/01\/fortinet-and-zoho-urge-customers-to.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80205 janvier 2023\ue804Ravie LakshmananS\u00e9curit\u00e9 applicative \/ SQLi Fortinet a mis en garde contre une faille de haute gravit\u00e9 affectant plusieurs versions du contr\u00f4leur de livraison d&#8217;applications FortiADC qui pourrait conduire \u00e0 l&#8217;ex\u00e9cution de code arbitraire. &#8220;Une neutralisation inappropri\u00e9e d&#8217;\u00e9l\u00e9ments sp\u00e9ciaux utilis\u00e9s dans une vuln\u00e9rabilit\u00e9 de commande du syst\u00e8me d&#8217;exploitation dans FortiADC peut permettre \u00e0 un [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":544963,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[8004,4168,25646,4158,4165,4161,3482,133,17201,87014,4157,4159,4171,4170,65,4167,4589,4160,4163,4162,4172,4169,4166,4164,12365,111134],"class_list":["post-544962","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-clients","tag-comment-pirater","tag-corriger","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dentreprise","tag-des","tag-exhortent","tag-fortinet","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-logiciels","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-vulnerabilites","tag-zoho"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/544962","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=544962"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/544962\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/544963"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=544962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=544962"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=544962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}