Websphere Commerce Security Vulnerabilities and Issues — Websphere Commerce CVE List

Lucene search

IbmWebsphere Commerce

5 matches found

CVE•added 2010/02/05 10:30 p.m.•40 views

CVE-2009-2751

IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors.

4.3CVSS6.8AI score0.00139EPSS

CVE•added 2010/12/06 8:12 p.m.•40 views

CVE-2010-2639

IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues."

5CVSS6.6AI score0.00286EPSS

CVE•added 2010/11/09 9:0 p.m.•38 views

CVE-2010-2635

SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages."

6.5CVSS8AI score0.0022EPSS

CVE•added 2010/02/05 10:30 p.m.•37 views

CVE-2009-2752

IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.

1.5CVSS5.6AI score0.00059EPSS

CVE•added 2010/11/09 9:0 p.m.•30 views

CVE-2010-2636

Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5.6AI score0.00202EPSS