Sterling Selling And Fulfillment Foundation@9.2.1 Security Vulnerabilities and Issues — Sterling Selling And Fulfillment Foundation@9.2.1 CVE List

Lucene search

IbmSterling Selling And Fulfillment Foundation9.2.1

3 matches found

CVE•added 2017/06/08 9:29 p.m.•34 views

CVE-2016-9991

IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314.

8CVSS7.6AI score0.00164EPSS

CVE•added 2017/02/01 10:59 p.m.•33 views

CVE-2016-5953

IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL.

4.3CVSS4AI score0.00141EPSS

CVE•added 2017/03/31 6:59 p.m.•28 views

CVE-2016-8917

IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 2000943.

8.8CVSS8.6AI score0.00151EPSS