{"id":25116,"date":"2023-12-12T13:47:55","date_gmt":"2023-12-12T18:47:55","guid":{"rendered":"https:\/\/pre-prod.okiok.com\/?p=25116"},"modified":"2024-04-30T07:26:29","modified_gmt":"2024-04-30T12:26:29","slug":"bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-rac-m-identity","status":"publish","type":"post","link":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-rac-m-identity\/","title":{"rendered":"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 \u2013 RAC\/M Identity"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-19669\" src=\"\/wp-content\/uploads\/2020\/08\/racm-identity-medium.png\" alt=\"\" width=\"203\" height=\"81\" \/><br \/>\n<em><a href=\"https:\/\/www.okiok.com\/fr\/produits\/gestion-des-identites-racm-identity\/\">RAC\/M Identity&#x2122;<\/a> est notre solution de gouvernance des identit\u00e9s (GIA) simple et efficace qui permet aux grandes et petites entreprises de comprendre et de g\u00e9rer les relations complexes entre les utilisateurs et leurs acc\u00e8s aux ressources physiques et num\u00e9riques, sur site ou dans l\u2019infonuagique.<\/em><\/p>\n<p>Une vuln\u00e9rabilit\u00e9 impactant Struts 2 a \u00e9t\u00e9 annonc\u00e9 le 7 d\u00e9cembre 2023. Cette vuln\u00e9rabilit\u00e9 permet de manipuler le nom d\u2019un fichier t\u00e9l\u00e9vers\u00e9 pour \u00e9chapper au r\u00e9pertoire des t\u00e9l\u00e9chargements (\u00ab\u202fPath traversal\u202f\u00bb). Une application qui utilise le nom du fichier t\u00e9l\u00e9vers\u00e9 pour le sauvegarder permet d\u2019\u00e9crire \u00e0 un endroit arbitraire sur le disque suite \u00e0 un t\u00e9l\u00e9versement (\u00ab\u202fUpload\u202f\u00bb). Ceci pourrait permettre \u00e0 un attaquant d\u2019ex\u00e9cuter du code sur une machine vuln\u00e9rable. <\/p>\n<p>Suite \u00e0 l\u2019investigation, RAC\/M Identity utilise la fonctionnalit\u00e9 de \u00ab\u202fFile Upload\u202f\u00bb de Struts 2, mais n\u2019utilise pas le nom du fichier envoy\u00e9 pour \u00e9crire le fichier. L\u2019application n\u2019est donc pas vuln\u00e9rable. <\/p>\n<p>R\u00e9f\u00e9rence : <\/p>\n<p>CVE: CVE-2023-50164 (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-50164\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-50164<\/a>) <\/p>\n<p>L\u2019\u00e9quipe de support OKIOK<\/p>\n<p>&nbsp;<\/p>\n<p>N\u2019h\u00e9sitez pas \u00e0 communiquer avec notre groupe de soutien si vous avez des questions concernant ce bulletin de s\u00e9curit\u00e9 : support@okiok.com<\/p>\n","protected":false},"excerpt":{"rendered":"<p>RAC\/M Identity&#x2122; est notre solution de gouvernance des identit\u00e9s (GIA) simple et efficace qui permet aux grandes et petites entreprises de comprendre et de g\u00e9rer les relations complexes entre les utilisateurs et leurs acc\u00e8s aux ressources physiques et num\u00e9riques, sur site ou dans l\u2019infonuagique. Une vuln\u00e9rabilit\u00e9 impactant Struts 2 a \u00e9t\u00e9 annonc\u00e9 le 7 d\u00e9cembre [&hellip;]<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[201,174,176],"tags":[],"class_list":["post-25116","post","type-post","status-publish","format-standard","hentry","category-blog-fr","category-nouvelles-fr","category-racm-identity-fr-fr"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 \u2013 RAC\/M Identity - OKIOK - Securit\u00e9 dans un monde en changement<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 \u2013 RAC\/M Identity - OKIOK - Securit\u00e9 dans un monde en changement\" \/>\n<meta property=\"og:description\" content=\"RAC\/M Identity&#x2122; est notre solution de gouvernance des identit\u00e9s (GIA) simple et efficace qui permet aux grandes et petites entreprises de comprendre et de g\u00e9rer les relations complexes entre les utilisateurs et leurs acc\u00e8s aux ressources physiques et num\u00e9riques, sur site ou dans l\u2019infonuagique. Une vuln\u00e9rabilit\u00e9 impactant Struts 2 a \u00e9t\u00e9 annonc\u00e9 le 7 d\u00e9cembre [&hellip;]\" \/>\n<meta property=\"og:site_name\" content=\"OKIOK - Securit\u00e9 dans un monde en changement\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/okiokdata\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-12T18:47:55+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-30T12:26:29+00:00\" \/>\n<meta name=\"author\" content=\"Okiok\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@OKIOKdata\" \/>\n<meta name=\"twitter:site\" content=\"@OKIOKdata\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Okiok\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 \u2013 RAC\/M Identity - OKIOK - Securit\u00e9 dans un monde en changement","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"fr_FR","og_type":"article","og_title":"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 \u2013 RAC\/M Identity - OKIOK - Securit\u00e9 dans un monde en changement","og_description":"RAC\/M Identity&#x2122; est notre solution de gouvernance des identit\u00e9s (GIA) simple et efficace qui permet aux grandes et petites entreprises de comprendre et de g\u00e9rer les relations complexes entre les utilisateurs et leurs acc\u00e8s aux ressources physiques et num\u00e9riques, sur site ou dans l\u2019infonuagique. Une vuln\u00e9rabilit\u00e9 impactant Struts 2 a \u00e9t\u00e9 annonc\u00e9 le 7 d\u00e9cembre [&hellip;]","og_site_name":"OKIOK - Securit\u00e9 dans un monde en changement","article_publisher":"https:\/\/www.facebook.com\/okiokdata\/","article_published_time":"2023-12-12T18:47:55+00:00","article_modified_time":"2024-04-30T12:26:29+00:00","author":"Okiok","twitter_card":"summary_large_image","twitter_creator":"@OKIOKdata","twitter_site":"@OKIOKdata","twitter_misc":{"\u00c9crit par":"Okiok"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-rac-m-identity\/#article","isPartOf":{"@id":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-rac-m-identity\/"},"author":{"name":"Okiok","@id":"https:\/\/www.okiok.com\/fr\/#\/schema\/person\/5d92c7d8760791d758c6a6fe9379a5c5"},"headline":"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 \u2013 RAC\/M Identity","datePublished":"2023-12-12T18:47:55+00:00","dateModified":"2024-04-30T12:26:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-rac-m-identity\/"},"wordCount":222,"commentCount":0,"publisher":{"@id":"https:\/\/www.okiok.com\/fr\/#organization"},"articleSection":["Blog","Nouvelles","RAC\/M Identity"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-rac-m-identity\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-rac-m-identity\/","url":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-rac-m-identity\/","name":"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 \u2013 RAC\/M Identity - OKIOK - Securit\u00e9 dans un monde en changement","isPartOf":{"@id":"https:\/\/www.okiok.com\/fr\/#website"},"datePublished":"2023-12-12T18:47:55+00:00","dateModified":"2024-04-30T12:26:29+00:00","breadcrumb":{"@id":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-rac-m-identity\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-rac-m-identity\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.okiok.com\/fr\/bulletin-de-securite-vulnerabilite-cve-2023-50164-struts-2-rac-m-identity\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/prod.okiok.com\/fr\/"},{"@type":"ListItem","position":2,"name":"Bulletin de s\u00e9curit\u00e9:\u202f Vuln\u00e9rabilit\u00e9 CVE-2023-50164 \u2013 Struts 2 \u2013 RAC\/M Identity"}]},{"@type":"WebSite","@id":"https:\/\/www.okiok.com\/fr\/#website","url":"https:\/\/www.okiok.com\/fr\/","name":"OKIOK - Securit\u00e9 dans un monde en changement","description":"","publisher":{"@id":"https:\/\/www.okiok.com\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.okiok.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.okiok.com\/fr\/#organization","name":"Okiok","url":"https:\/\/www.okiok.com\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.okiok.com\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/www.okiok.com\/wp-content\/uploads\/2017\/06\/logo-okiok-2.png","contentUrl":"https:\/\/www.okiok.com\/wp-content\/uploads\/2017\/06\/logo-okiok-2.png","width":300,"height":369,"caption":"Okiok"},"image":{"@id":"https:\/\/www.okiok.com\/fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/okiokdata\/","https:\/\/x.com\/OKIOKdata","https:\/\/www.linkedin.com\/company-beta\/119436\/"]},{"@type":"Person","@id":"https:\/\/www.okiok.com\/fr\/#\/schema\/person\/5d92c7d8760791d758c6a6fe9379a5c5","name":"Okiok","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.okiok.com\/fr\/#\/schema\/person\/image\/","url":"https:\/\/www.okiok.com\/wp-content\/litespeed\/avatar\/c2ff4924e830f919116b336e837f514b.jpg?ver=1775176560","contentUrl":"https:\/\/www.okiok.com\/wp-content\/litespeed\/avatar\/c2ff4924e830f919116b336e837f514b.jpg?ver=1775176560","caption":"Okiok"}}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/posts\/25116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/comments?post=25116"}],"version-history":[{"count":1,"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/posts\/25116\/revisions"}],"predecessor-version":[{"id":25117,"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/posts\/25116\/revisions\/25117"}],"wp:attachment":[{"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/media?parent=25116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/categories?post=25116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.okiok.com\/fr\/wp-json\/wp\/v2\/tags?post=25116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}