Websphere Commerce@7.0.0.5 Security Vulnerabilities and Issues — Websphere Commerce@7.0.0.5 CVE List

Lucene search

IbmWebsphere Commerce7.0.0.5

5 matches found

CVE•added 2013/09/09 11:39 a.m.•43 views

CVE-2013-2992

The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query.

4.3CVSS6.5AI score0.01078EPSS

CVE•added 2013/06/21 7:55 p.m.•41 views

CVE-2013-0523

IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 p...

4.3CVSS6.2AI score0.00159EPSS

CVE•added 2013/08/01 1:32 p.m.•39 views

CVE-2013-2993

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.

5.8CVSS7AI score0.00197EPSS

CVE•added 2013/03/05 9:38 p.m.•33 views

CVE-2012-4855

Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors.

4.3CVSS6.6AI score0.00627EPSS

CVE•added 2013/08/27 3:34 a.m.•33 views

CVE-2013-0566

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 through 6.0.0.11, and 7.0.0.0 through 7.0.0.7 all...

4.3CVSS5.7AI score0.00266EPSS