Websphere Commerce@7.0 Security Vulnerabilities and Issues — Websphere Commerce@7.0 CVE List

Lucene search

IbmWebsphere Commerce7.0

4 matches found

CVE•added 2015/06/29 10:59 a.m.•32 views

CVE-2015-0196

CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

5CVSS6.9AI score0.00246EPSS

CVE•added 2015/05/29 3:59 p.m.•32 views

CVE-2015-0200

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors.

2.1CVSS5.7AI score0.00055EPSS

CVE•added 2015/05/20 1:59 a.m.•31 views

CVE-2014-6211

The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file.

2.1CVSS5.7AI score0.00055EPSS

CVE•added 2015/03/13 1:59 a.m.•30 views

CVE-2015-0133

IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5CVSS6.9AI score0.00391EPSS