Websphere Commerce Security Vulnerabilities and Issues — Websphere Commerce CVE List

Lucene search

IbmWebsphere Commerce

3 matches found

CVE•added 2013/08/01 1:32 p.m.•39 views

CVE-2013-2993

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.

5.8CVSS7AI score0.00197EPSS

CVE•added 2013/08/01 1:32 p.m.•35 views

CVE-2013-2994

IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors.

6.4CVSS6.7AI score0.00227EPSS

CVE•added 2013/08/27 3:34 a.m.•33 views

CVE-2013-0566

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 through 6.0.0.11, and 7.0.0.0 through 7.0.0.7 all...

4.3CVSS5.7AI score0.00266EPSS