43 matches found
CVE-2008-6973
Technical details for CVE-2008-6973 are not publicly available in the provided documents; no affected products, root cause, impact, or remediation are disclosed here. Monitor for updates.
CVE-2013-0523
Vulnerability CVE-2013-0523 affects IBM WebSphere Commerce Enterprise 5.6.x (5.6.1.0–5.6.1.5), 6.0.x (6.0.0.0–6.0.0.11), and 7.0.x (7.0.0.0–7.0.0.7). The issue is that the storefront uses a krypto URL parameter encrypted with a block cipher without proper integrity protection, enabling a padding ...
CVE-2013-2992
The CVE-2013-2992 entry affects IBM WebSphere Commerce 7.0 (FP4–FP6) in the Search component, where certain search-term association configurations allow a remote attacker to trigger a denial of service via a crafted query. The vulnerability is embedded in the WebSphere Commerce Search functionali...
CVE-2017-1484
CVE-2017-1484 affects IBM WebSphere Commerce Enterprise, Professional, Express, and Developer versions 7.0 and 8.0. The known issue allows an authenticated attacker to obtain information such as user personal data, constituting an information-disclosure vulnerability. The provided documents state...
CVE-2009-2752
CVE-2009-2752 affects IBM WebSphere Commerce 7.0. The vulnerability is a failure to properly encrypt data in the database, which can allow local users to obtain sensitive information by defeating cryptographic protections. The available documents do not specify affected components, root cause det...
CVE-2010-2639
CVE-2010-2639 affects IBM WebSphere Commerce Enterprise 7.0 prior to 7.0.0.2. The issue arises from access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, tied to caching of mutable objects and concurrency issues, enabling remote attackers to read messages intended for o...
CVE-2014-4834
IBM WebSphere Commerce (6.x up to 6.0.0.11 and 7.x up to 7.0.0.8) is affected by a vulnerability where recursion during XML entity expansion is not detected, allowing a remote attacker to cause memory/CPU exhaustion and an application crash via a crafted XML document with many nested entity refer...
CVE-2017-1398
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0/7.0/8.0 are affected by CVE-2017-1398, an open redirect vulnerability that could let a remote attacker lure a victim to a crafted site, spoof the displayed URL, and redirect to a malicious site to obtain sensitive informa...
CVE-2016-2863
IBM WebSphere Commerce CSRF vulnerability (CVE-2016-2863) affects: 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2. The issue allows remote authenticated users to hijack the authentication of arbitrary users via requests that insert XSS sequences. Described in CVE-2016-286...
CVE-2009-2751
CVE-2009-2751 involves IBM WebSphere Commerce 7.0, where the same cryptographic key is used for both session attributes and merchant data encryption. The underlying cause is the reuse of a single key for distinct encryption domains, which the documents describe as having an unspecified impact and...
CVE-2009-2094
Technical details about CVE-2009-2094 are not publicly available in the provided documents. Monitor for updates.
CVE-2010-2635
The CVE-2010-2635 vulnerability affects IBM WebSphere Commerce 6.0 prior to 6.0.0.10. It is a SQL injection flaw where remote authenticated users can cause arbitrary SQL execution via unspecified parameters to the Commerce Organization Admin Console JavaServer pages. Root cause: improper handling...
CVE-2016-2862
Summary of CVE-2016-2862 (IBM WebSphere Commerce XSS) : The vulnerability affects IBM WebSphere Commerce versions 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5. It is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script...
CVE-2018-1644
Technical details about CVE-2018-1644 (affected IBM WebSphere Commerce versions and remediation) are not publicly provided in the connected documents. Monitor for updates in trusted sources.
CVE-2011-3577
CVE-2011-3577 affects IBM WebSphere Commerce: versions 6.x up to 6.0.0.11 and 7.x up to 7.0.0.3 do not properly implement Activity Token authentication for Web Services. The underlying cause is an improper authentication mechanism, but the connected documents do not specify exact technical detail...
CVE-2013-2993
IBM WebSphere Commerce 6.x up to 6.0.0.11 and 7.x up to 7.0.0.7 contains an authentication flaw in unspecified web services. The issue allows remote attackers to issue requests in the context of an arbitrary user’s active session via unknown vectors. Affected component is the authentication handl...
CVE-2017-1569
IBM WebSphere Commerce 7.0 and 8.0 are affected by a vulnerability in the Marketing Espots component that could cause a denial of service. The available documents identify the affected product and the Marketing Espots area as the source of the issue, but do not provide a concrete root cause detai...
CVE-2012-3300
CVE-2012-3300 affects IBM WebSphere Commerce version 7.0, prior to 7.0.0.6, where use of persistent sessions and personalization IDs can allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. The IBM Security Bulletin corroborates this vulnerability an...
CVE-2013-2994
IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 are affected by a vulnerability where a valid session is not properly controlled after unspecified interaction with REST services. This could allow a remote attacker to issue REST requests in the context of an arbitrary user’s active se...
CVE-2012-3298
CVE-2012-3298 affects IBM WebSphere Commerce 7.0 Feature Pack 4 REST services framework. The vulnerability enables remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors; CVSS v2 base score reported as 5.0 (vector AV:N/AC:L/Au:N/C:N/I:P...
CVE-2014-0943
IBM WebSphere Commerce 6.0 Feature Pack 2–5, 7.0.0.0–7.0.0.8, and 7.0 Feature Pack 1–7 are affected by CVE-2014-0943. The vulnerability allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request. The description and conne...
CVE-2017-1170
CVE-2017-1170 affects IBM WebSphere Commerce 8.0 (Enterprise, Professional, Express, Developer). A local user can hijack another user’s session, indicating a local elevation of privileges with partial confidentiality/integrity/availability impact. The provided documents do not specify the root ca...
CVE-2015-7397
The CVE-2015-7397 entry concerns IBM WebSphere Commerce’s Aurora starter store, where an open redirection vulnerability in the referrer parameter allows remote attackers to redirect users to arbitrary URLs, enabling phishing attempts. Affected software is WebSphere Commerce 7.0 through Feature Pa...
CVE-2016-6090
Technical details (affected product, component, root cause, impact specifics, or fix) for CVE-2016-6090 are not publicly available in the provided documents. Monitor for updates and additional disclosures.
CVE-2012-4830
CVE-2012-4830 affects IBM WebSphere Commerce 6.0.0.0–6.0.0.11 and 7.0.0.0–7.0.0.6. Description: a remote unauthenticated attacker could exploit a vulnerability to disclose user personal data. Impact: information disclosure with no authentication required; CVSS v2 base score 5.0 (AV:N/AC:L/Au:N/C:...
CVE-2013-0566
CVE-2013-0566 describes multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Commerce Tools. The affected products involve WebSphere Commerce 5.6.1.0–5.6.1.5, 6.0.0.0–6.0.0.11, and 7.0.0.0–7.0.0.7. Affected components are (1) Accelerator JSPs, (2) Organization Administration Conso...
CVE-2015-7444
The CVE-2015-7444 entry affects IBM WebSphere Commerce Enterprise Update Installer in versions 7.0.0.8 and 7.0.0.9. Root cause: the Update Installer does not properly replicate the search index, leading to an information disclosure vulnerability. Public details describe the affected product and t...
CVE-2016-0208
IBM WebSphere Commerce versions 6.x (through 6.0.0.11), 7.x (through 7.0.0.9), and 8.x before 8.0.0.3 are described as vulnerable to remote denial of service (order-processing outage) via unspecified vectors. Connected sources corroborate the same impact without providing concrete exploit details...
CVE-2012-4855
Technical details about CVE-2012-4855 are not publicly provided in the supplied documents. No concrete information on affected product versions, root cause, or remediation is present. Monitor for updates.
CVE-2015-0200
Vulnerability CVE-2015-0200 affects IBM WebSphere Commerce 6.x (up to 6.0.0.11) and 7.x (before 7.0.0.8 IF2). It enables local users to obtain sensitive database information via unspecified vectors, with partial confidentiality impact (C/P). Details about root cause, exploit steps, or available m...
CVE-2015-4980
IBM WebSphere Commerce 7.0.0.6–7.0.0.9 reportedly has an unspecified vulnerability allowing remote authenticated users to obtain sensitive personal data via unknown vectors. Related connected data mentions a "Code injection" characterization, but the provided documents do not supply concrete expl...
CVE-2016-5894
CVE-2016-5894 affects IBM WebSphere Commerce (Enterprise/Professional/Express/Developer) 7.0 and 8.0. The vulnerability is an information disclosure where a local user could view a plain text password in a Unix console, implying credential exposure and potential unauthorized access on affected sy...
CVE-2018-1808
CVE-2018-1808 affects IBM WebSphere Commerce versions 9.0.0.0 through 9.0.0.6, where inadequate input control could allow server-side code injection. The trusted sources in the provided documents identify the impact as server-side code injection, with the NVD listing CVSS3 base score 8.8 (HIGH) a...
CVE-2010-2636
CVE-2010-2636 : Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Commerce 7.0 sample store pages prior to 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-6211
CVE-2014-6211 affects IBM WebSphere Commerce 6.0–6.0.0.11, 7.0–7.0.0.9, and 7.0 Feature Pack 2–8. When debugging is enabled, logging is not properly restricted for personal data, allowing local users to read sensitive information from log files. Exploitation details are not provided in the suppli...
CVE-2015-5009
CVE-2015-5009 corresponds to a Cross-Site Scripting (XSS) vulnerability in IBM WebSphere Commerce. Affected products include WebSphere Commerce 6.0 (through FP11) and 6.0 FP4, 7.0 (through FP9) and 7.0 FP5–FP8, and 8.0 prior to 8.0.0.1. The issue allows remote authenticated users to inject arbitr...
CVE-2014-4769
CVE-2014-4769 affects IBM WebSphere Commerce versions 6.x (up to 6.0.0.11) and 7.x (up to 7.0.0.8). The vulnerability arises from an XML External Entity (XXE) issue where remote authenticated users can read arbitrary files or induce TCP connections to intranet resources by supplying XML data cont...
CVE-2015-0133
CVE-2015-0133 affects IBM WebSphere Commerce 7.0 Feature Pack 4–8. The vulnerability is due to an XML External Entity (XXE) declaration combined with an entity reference, enabling remote attackers to read arbitrary files and potentially gain administrative privileges. Affected component is the XM...
CVE-2015-0196
CVE-2015-0196 affects IBM WebSphere Commerce 6.0–6.0.0.11 and 7.0 before 7.0.0.8. It is a CRLF injection vulnerability that allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via a crafted URL. Identified impact is partial integrity exposure (headers) wit...
CVE-2016-0225
Summary: CVE-2016-0225 affects IBM WebSphere Commerce (6.x up to 6.0.0.11 and 7.x up to 7.0.0.9). It permits remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors. What’s affected: WebSphere Commerce installations matching the version ran...
CVE-2018-1541
IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting, allowing an attacker to embed arbitrary JavaScript in the Web UI and potentially disclose credentials within a trusted session. The vulnerability is tracked as CVE-2018-1541. Metrics indicate a CVSS v3 base sc...
CVE-2015-5008
CVE-2015-5008: An XSS vulnerability in IBM WebSphere Commerce affecting 6.0 (including FP11) and 6.0 FP4, 7.0 (including FP9) and 7.0 FP5–8, and 8.0 before 8.0.0.1. Remote attackers can inject arbitrary web script or HTML via a crafted URL. Impact details in the sources indicate potential browser...
CVE-2015-5007
CVE-2015-5007 describes a cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce. Affected versions are 6.0 up to 6.0.0.11, 7.0 up to 7.0.0.9, and 7.0 Feature Pack 8. The issue allows remote authenticated users to hijack the authentication of arbitrary users via requests that i...