275 matches found
IBM WebSphere Commerce Cross-Site Request Forgery Vulnerability
IBM WebSphere Commerce is = a suite of e-commerce solutions. The solution supports all sales business models, including B2C, B2B and B2B2C, on a single customer interaction platform. A cross-site request forgery vulnerability exists in IBM WebSphere Commerce that allows remote attackers to...
CVE-2015-5007
Cross-site request forgery CSRF vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...
CVE-2015-5007
Cross-site request forgery CSRF vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...
CVE-2015-5007
Cross-site request forgery CSRF vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences...
CVE-2015-5007
CVE-2015-5007 describes a cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce. Affected versions are 6.0 up to 6.0.0.11, 7.0 up to 7.0.0.9, and 7.0 Feature Pack 8. The issue allows remote authenticated users to hijack the authentication of arbitrary users via requests that i...
IBM WebSphere Commerce Open Redirection Vulnerability
IBM WebSphere Commerce is a suite of e-commerce solutions. The solution supports all sales business models, including B2C, B2B, and B2B2C, on a single customer interaction platform.Aurora starter store is one of the page layout tools. An open redirection vulnerability exists in the Aurora starter...
CVE-2015-7397
Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter...
Open redirect
Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter...
CVE-2015-7397
The CVE-2015-7397 entry concerns IBM WebSphere Commerce’s Aurora starter store, where an open redirection vulnerability in the referrer parameter allows remote attackers to redirect users to arbitrary URLs, enabling phishing attempts. Affected software is WebSphere Commerce 7.0 through Feature Pa...
CVE-2015-7397
Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter...
IBM WebSphere Commerce Enterprise Information Disclosure Vulnerability
IBM WebSphere Commerce Enterprise is a suite of e-commerce solutions from IBM in the United States. The solution is primarily used for high-volume B2C and B2B business models and advanced platforms for multiple e-commerce sites. A security vulnerability exists in IBM WebSphere Commerce Enterprise...
CVE-2015-5015
IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL...
CVE-2015-5015
IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL...
Information disclosure
IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL...
CVE-2015-5015
IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL...
CVE-2015-4980
Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors...
CVE-2015-4980
Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors...
Code injection
Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors...
CVE-2015-4980
Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors...