Total
43 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-6211 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 2.1 LOW | N/A |
The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file. | |||||
CVE-2016-2862 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2016-0225 | 1 Ibm | 1 Websphere Commerce | 2019-09-30 | 4.0 MEDIUM | 4.9 MEDIUM |
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors. | |||||
CVE-2017-1484 | 1 Ibm | 1 Websphere Commerce | 2017-12-15 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622. | |||||
CVE-2017-1569 | 1 Ibm | 1 Websphere Commerce | 2017-10-11 | 5.0 MEDIUM | 7.5 HIGH |
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779. | |||||
CVE-2013-2994 | 1 Ibm | 1 Websphere Commerce | 2017-08-28 | 6.4 MEDIUM | N/A |
IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors. | |||||
CVE-2013-2993 | 1 Ibm | 1 Websphere Commerce | 2017-08-28 | 5.8 MEDIUM | N/A |
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | |||||
CVE-2013-2992 | 1 Ibm | 1 Websphere Commerce | 2017-08-28 | 4.3 MEDIUM | N/A |
The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query. | |||||
CVE-2012-4830 | 1 Ibm | 1 Websphere Commerce | 2017-08-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors. | |||||
CVE-2012-3298 | 1 Ibm | 1 Websphere Commerce | 2017-08-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | |||||
CVE-2012-3300 | 1 Ibm | 1 Websphere Commerce | 2017-08-28 | 2.6 LOW | N/A |
IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. | |||||
CVE-2010-2635 | 1 Ibm | 1 Websphere Commerce | 2017-08-16 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages." | |||||
CVE-2010-2639 | 1 Ibm | 1 Websphere Commerce | 2017-08-16 | 5.0 MEDIUM | N/A |
IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues." | |||||
CVE-2010-2636 | 1 Ibm | 1 Websphere Commerce | 2017-08-16 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2009-2752 | 1 Ibm | 1 Websphere Commerce | 2017-08-16 | 1.5 LOW | N/A |
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. | |||||
CVE-2009-2751 | 1 Ibm | 1 Websphere Commerce | 2017-08-16 | 4.3 MEDIUM | N/A |
IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors. | |||||
CVE-2009-2094 | 1 Ibm | 1 Websphere Commerce | 2017-08-16 | 1.5 LOW | N/A |
Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors. | |||||
CVE-2008-6973 | 1 Ibm | 1 Websphere Commerce | 2017-08-16 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors. | |||||
CVE-2015-4980 | 1 Ibm | 1 Websphere Commerce | 2016-12-21 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors. | |||||
CVE-2015-7397 | 1 Ibm | 1 Websphere Commerce | 2016-12-07 | 5.8 MEDIUM | 7.4 HIGH |
Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter. |