Search criteria
129 vulnerabilities found for websphere_commerce by ibm
FKIE_CVE-2018-1808
Vulnerability from fkie_nvd - Published: 2018-11-13 15:29 - Updated: 2024-11-21 04:00
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securitytracker.com/id/1042034 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/149828 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www-01.ibm.com/support/docview.wss?uid=ibm10735905 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042034 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/149828 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www-01.ibm.com/support/docview.wss?uid=ibm10735905 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_commerce | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A019F3D-55DD-47C1-89E1-E74BFBA5EAD1",
"versionEndIncluding": "9.0.0.6",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828."
},
{
"lang": "es",
"value": "IBM WebSphere Commerce, desde la versi\u00f3n 9.0.0.0 hasta la 9.0.0.6, podr\u00eda permitir la inyecci\u00f3n de c\u00f3digo del lado del servidor debido a un control inadecuado de las entradas. IBM X-Force ID: 149828."
}
],
"id": "CVE-2018-1808",
"lastModified": "2024-11-21T04:00:24.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-13T15:29:00.420",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042034"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149828"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10735905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10735905"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1541
Vulnerability from fkie_nvd - Published: 2018-10-24 12:29 - Updated: 2024-11-21 03:59
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.securityfocus.com/bid/105744 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/142596 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/docview.wss?uid=ibm10731225 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105744 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/142596 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/docview.wss?uid=ibm10731225 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_commerce | * | |
| ibm | websphere_commerce | * | |
| ibm | websphere_commerce | * | |
| ibm | websphere_commerce | * | |
| ibm | websphere_commerce | * | |
| ibm | websphere_commerce | 7.0.0.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18F5428C-2F2C-4FA1-95B8-C6518461BD62",
"versionEndIncluding": "8.0.0.19",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6351FC8-9F02-4ADA-9C99-BE10501B40EB",
"versionEndIncluding": "8.0.1.13",
"versionStartIncluding": "8.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF06DB82-B1D8-4A67-A9A2-5DF1139F95B9",
"versionEndIncluding": "8.0.3.6",
"versionStartIncluding": "8.0.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FDED80B-0CF5-4482-8312-1A85672E74F6",
"versionEndIncluding": "8.0.4.17",
"versionStartIncluding": "8.0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A019F3D-55DD-47C1-89E1-E74BFBA5EAD1",
"versionEndIncluding": "9.0.0.6",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "66F86968-8BD4-42D0-A5C5-9685E3287D01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596."
},
{
"lang": "es",
"value": "IBM WebSphere Commerce Enterprise V7, V8 y V9 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. Esto podr\u00eda dar lugar a una revelaci\u00f3n de credenciales en una sesi\u00f3n de confianza. IBM X-Force ID: 142596."
}
],
"id": "CVE-2018-1541",
"lastModified": "2024-11-21T03:59:58.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-24T12:29:00.260",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105744"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142596"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731225"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1644
Vulnerability from fkie_nvd - Published: 2018-08-27 14:29 - Updated: 2024-11-21 04:00
Severity ?
3.1 (Low) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=ibm10728829 | Vendor Advisory | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/144589 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=ibm10728829 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/144589 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:developer:*:*:*",
"matchCriteriaId": "4B62A0C9-90E3-4E6B-B38E-1C42771A9682",
"versionEndIncluding": "8.0.0.19",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "0FA13C9C-4C02-43D7-B26A-1E2BC677F809",
"versionEndIncluding": "8.0.0.19",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:express:*:*:*",
"matchCriteriaId": "2CB4DE96-3BF0-4414-BCD4-0EDACF528D96",
"versionEndIncluding": "8.0.0.19",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:professional:*:*:*",
"matchCriteriaId": "62202904-9E60-4867-8F8C-78F3ADB35E5D",
"versionEndIncluding": "8.0.0.19",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:developer:*:*:*",
"matchCriteriaId": "2A9EA16E-66DF-467C-8989-02F0910FBDF1",
"versionEndIncluding": "8.0.1.13",
"versionStartIncluding": "8.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "336FB46A-F478-4AE5-B13F-D663322CE253",
"versionEndIncluding": "8.0.1.13",
"versionStartIncluding": "8.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:express:*:*:*",
"matchCriteriaId": "1E39B661-02F0-411A-BC3F-03F21EE55FEA",
"versionEndIncluding": "8.0.1.13",
"versionStartIncluding": "8.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:professional:*:*:*",
"matchCriteriaId": "C69CD787-B3A0-4F5D-B55C-2FD861BA91D8",
"versionEndIncluding": "8.0.1.13",
"versionStartIncluding": "8.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:developer:*:*:*",
"matchCriteriaId": "4B55E2F7-6687-47FF-BED6-57116A71F131",
"versionEndIncluding": "8.0.3.6",
"versionStartIncluding": "8.0.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "69EB2121-48E3-4207-9D23-456E1C41190D",
"versionEndIncluding": "8.0.3.6",
"versionStartIncluding": "8.0.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:express:*:*:*",
"matchCriteriaId": "27F388EA-773F-46FE-B4CA-0531DEDFB0D0",
"versionEndIncluding": "8.0.3.6",
"versionStartIncluding": "8.0.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:professional:*:*:*",
"matchCriteriaId": "016DC77E-1C40-4FE5-ADBE-D60E7B55D286",
"versionEndIncluding": "8.0.3.6",
"versionStartIncluding": "8.0.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:developer:*:*:*",
"matchCriteriaId": "6B2232CA-F919-432A-AB6D-7D1831E53A7F",
"versionEndIncluding": "8.0.4.14",
"versionStartIncluding": "8.0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "398CA5FE-4430-474F-B119-8CFD9ABE8296",
"versionEndIncluding": "8.0.4.14",
"versionStartIncluding": "8.0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:express:*:*:*",
"matchCriteriaId": "580B0D48-39C9-4335-8842-A3065BCE3B37",
"versionEndIncluding": "8.0.4.14",
"versionStartIncluding": "8.0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:professional:*:*:*",
"matchCriteriaId": "D55C11E6-1D7F-40E2-8D0C-1D03D52A3473",
"versionEndIncluding": "8.0.4.14",
"versionStartIncluding": "8.0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:developer:*:*:*",
"matchCriteriaId": "F4442A95-E915-4663-B968-1872CC0B634E",
"versionEndIncluding": "9.0.0.4",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "E0761F7F-255C-4D7E-982D-CC83EC999839",
"versionEndIncluding": "9.0.0.4",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:express:*:*:*",
"matchCriteriaId": "EA470530-44E3-4D4D-84FD-1D90923EAB5E",
"versionEndIncluding": "9.0.0.4",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:professional:*:*:*",
"matchCriteriaId": "539C827B-CCE9-4C5F-BABD-5E4BD753BB7F",
"versionEndIncluding": "9.0.0.4",
"versionStartIncluding": "9.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "7C20CB96-9E05-4702-94F1-E6C7439FAA13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user."
},
{
"lang": "es",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express y Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14 y 7.0.0.0 Feature Pack 8 podr\u00edan permitir que un usuario autenticado obtenga informaci\u00f3n sensible sobre otro usuario."
}
],
"id": "CVE-2018-1644",
"lastModified": "2024-11-21T04:00:07.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-27T14:29:00.867",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10728829"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10728829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144589"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1484
Vulnerability from fkie_nvd - Published: 2017-11-27 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22010103 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/101894 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/128622 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22010103 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101894 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/128622 | VDB Entry, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E7243-19A2-47B2-905E-47219F08F4EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C534568E-A611-472C-9399-15FC66D875C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF3D419-A12C-4A21-9796-DBB73D638E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87504CD1-92DA-4847-BDA7-013622CA7AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "625E1896-9035-46F3-957B-83FB128F90F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F3AC68C-CCA2-495D-AE21-04C937CD5340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E56CE80F-A7E1-4BE0-9679-BB4F94362B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3C8F33-D613-4183-ABE1-5A3A08C16BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "44B5F593-BE92-4E37-9EE9-42C05FA87DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "58D19E4D-A256-44D5-A8D8-7C9F3A64B09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "12961C31-63AD-4AA8-8267-E003F985CE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9D8DAA-285C-4ED1-A602-412725FD79AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C75B5188-E337-4240-9834-92C11DCE9DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2E3F22-60F9-4B70-9485-6DDAC7FE4496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8902699B-AE6A-44A4-838A-28F3EB62881B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CB50A02C-E75F-4602-BDAA-FA4CBEE9CB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEC536A-498B-439F-927E-B72314F8B0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0A8CAD-D5DD-45DE-900F-046673002D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CC353B83-4053-4762-8E90-9E96AA30F04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3EBB9-C6B1-4A2D-A4E5-2D3E53A1CF02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17E1895E-384D-4EF3-A395-7AFFC22E46CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "438E93D2-502F-4569-AB8A-EFECA403798F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64287718-D7AD-425B-B7B7-A6442BFD5671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1523569-2A23-4689-BE59-F74E678A8B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F4B2FD-14BA-46D9-B09F-1DABBA88FF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57B22C48-3347-422C-9730-0A9442645D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDA8ACF-4134-434E-A5FD-39A587DE27FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFB25F3-6FD7-45C9-AFCF-FAB034107E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BCC81A-B7DA-40B9-B883-A00DF9CE585B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8C98FD-E4AB-4BC8-9729-652294B1DF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6F938475-91A7-4FE8-AD38-6D4C0377865B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "21C13D23-08C9-4836-A204-5168C8B019AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DE36EB64-A7C6-42F2-876D-B7DBAF7C83BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF019C2-CD66-406D-9469-BEAB38248474",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73A754F0-1328-48EF-B3C6-8435EC11D680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3DF211-CE2D-47AE-BADA-A75F28B6961C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DB29B-5FC7-496A-B20E-99A644D8A073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "038D04C7-A19F-4EB6-91AE-A8890F8FFEA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72243D91-19BC-4D66-8DF0-AD615E5CAE9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73151B02-88BC-43BE-A725-02759A33BD1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8D520C-4724-4622-80AE-0F9F39DB8AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DABD4B-DD76-4E73-A85E-7E1515BD3DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16E7F742-FA1B-4224-A528-71FC2F2056BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45802520-DA5B-4BD8-AED7-E60455B0E1CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB0C3F5-A39F-43C4-A007-C0EF362A3FDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "55EA3685-96CE-43CB-8D21-CCCA668559FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9775AF83-13CA-4C15-864E-4079F8B02927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F88032-7020-4BDD-AFF0-D75D50D5301A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "7C20CB96-9E05-4702-94F1-E6C7439FAA13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622."
},
{
"lang": "es",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express y Developer 7.0 y 8.0 podr\u00edan permitir que un atacante autenticado obtenga informaci\u00f3n como los datos personales de usuario. IBM X-Force ID: 128622."
}
],
"id": "CVE-2017-1484",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-27T21:29:00.423",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010103"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101894"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128622"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1569
Vulnerability from fkie_nvd - Published: 2017-10-03 01:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22008547 | Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/101073 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/131779 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22008547 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101073 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/131779 | VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB67367A-C255-4003-B2E7-AE84DB84A63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "213C52C9-C5B5-4F26-BBB7-EE0824A995AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC937CD-1BE1-4827-9145-E2EA7F3AA792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6189A9-E083-41D3-9D36-7B41D82EC197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE6F4DC0-41E3-4F73-9F62-3D415F8949C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACFED34-9B1E-4950-9D03-756942EF32F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "202F791B-697B-4D9C-BF5D-84F7C657C790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "012405FA-CE85-47B6-B368-2EAEBD06A15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "05260EDC-BD28-4F89-809A-7852E294A540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E7243-19A2-47B2-905E-47219F08F4EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C534568E-A611-472C-9399-15FC66D875C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF3D419-A12C-4A21-9796-DBB73D638E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87504CD1-92DA-4847-BDA7-013622CA7AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "625E1896-9035-46F3-957B-83FB128F90F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F3AC68C-CCA2-495D-AE21-04C937CD5340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E56CE80F-A7E1-4BE0-9679-BB4F94362B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3C8F33-D613-4183-ABE1-5A3A08C16BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "44B5F593-BE92-4E37-9EE9-42C05FA87DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "58D19E4D-A256-44D5-A8D8-7C9F3A64B09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "12961C31-63AD-4AA8-8267-E003F985CE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9D8DAA-285C-4ED1-A602-412725FD79AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C75B5188-E337-4240-9834-92C11DCE9DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2E3F22-60F9-4B70-9485-6DDAC7FE4496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8902699B-AE6A-44A4-838A-28F3EB62881B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CB50A02C-E75F-4602-BDAA-FA4CBEE9CB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEC536A-498B-439F-927E-B72314F8B0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0A8CAD-D5DD-45DE-900F-046673002D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CC353B83-4053-4762-8E90-9E96AA30F04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3EBB9-C6B1-4A2D-A4E5-2D3E53A1CF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17E1895E-384D-4EF3-A395-7AFFC22E46CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "438E93D2-502F-4569-AB8A-EFECA403798F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64287718-D7AD-425B-B7B7-A6442BFD5671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1523569-2A23-4689-BE59-F74E678A8B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F4B2FD-14BA-46D9-B09F-1DABBA88FF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57B22C48-3347-422C-9730-0A9442645D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDA8ACF-4134-434E-A5FD-39A587DE27FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFB25F3-6FD7-45C9-AFCF-FAB034107E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BCC81A-B7DA-40B9-B883-A00DF9CE585B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8C98FD-E4AB-4BC8-9729-652294B1DF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6F938475-91A7-4FE8-AD38-6D4C0377865B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "21C13D23-08C9-4836-A204-5168C8B019AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DE36EB64-A7C6-42F2-876D-B7DBAF7C83BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF019C2-CD66-406D-9469-BEAB38248474",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73A754F0-1328-48EF-B3C6-8435EC11D680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3DF211-CE2D-47AE-BADA-A75F28B6961C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DB29B-5FC7-496A-B20E-99A644D8A073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "038D04C7-A19F-4EB6-91AE-A8890F8FFEA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72243D91-19BC-4D66-8DF0-AD615E5CAE9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73151B02-88BC-43BE-A725-02759A33BD1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8D520C-4724-4622-80AE-0F9F39DB8AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E8DABD4B-DD76-4E73-A85E-7E1515BD3DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "16E7F742-FA1B-4224-A528-71FC2F2056BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45802520-DA5B-4BD8-AED7-E60455B0E1CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB0C3F5-A39F-43C4-A007-C0EF362A3FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot\u0027s that could cause a denial of service. IBM X-Force ID: 131779."
},
{
"lang": "es",
"value": "Las versiones 7.0 y 8.0 de IBM WebSphere Commerce contienen una vulnerabilidad sin especificar en E-Marketing Spots que podr\u00eda provocar una denegaci\u00f3n de servicio (DoS). IBM X-Force ID: 131779."
}
],
"id": "CVE-2017-1569",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-03T01:29:03.060",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008547"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101073"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131779"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1398
Vulnerability from fkie_nvd - Published: 2017-07-10 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22005360 | Mitigation, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/99491 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/127385 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22005360 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99491 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/127385 | VDB Entry |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E7243-19A2-47B2-905E-47219F08F4EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C534568E-A611-472C-9399-15FC66D875C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF3D419-A12C-4A21-9796-DBB73D638E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87504CD1-92DA-4847-BDA7-013622CA7AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "625E1896-9035-46F3-957B-83FB128F90F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F3AC68C-CCA2-495D-AE21-04C937CD5340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E56CE80F-A7E1-4BE0-9679-BB4F94362B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3C8F33-D613-4183-ABE1-5A3A08C16BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "44B5F593-BE92-4E37-9EE9-42C05FA87DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "58D19E4D-A256-44D5-A8D8-7C9F3A64B09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "12961C31-63AD-4AA8-8267-E003F985CE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9D8DAA-285C-4ED1-A602-412725FD79AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C75B5188-E337-4240-9834-92C11DCE9DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2E3F22-60F9-4B70-9485-6DDAC7FE4496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8902699B-AE6A-44A4-838A-28F3EB62881B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CB50A02C-E75F-4602-BDAA-FA4CBEE9CB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEC536A-498B-439F-927E-B72314F8B0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0A8CAD-D5DD-45DE-900F-046673002D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CC353B83-4053-4762-8E90-9E96AA30F04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3EBB9-C6B1-4A2D-A4E5-2D3E53A1CF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17E1895E-384D-4EF3-A395-7AFFC22E46CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "438E93D2-502F-4569-AB8A-EFECA403798F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64287718-D7AD-425B-B7B7-A6442BFD5671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1523569-2A23-4689-BE59-F74E678A8B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F4B2FD-14BA-46D9-B09F-1DABBA88FF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57B22C48-3347-422C-9730-0A9442645D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDA8ACF-4134-434E-A5FD-39A587DE27FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFB25F3-6FD7-45C9-AFCF-FAB034107E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BCC81A-B7DA-40B9-B883-A00DF9CE585B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8C98FD-E4AB-4BC8-9729-652294B1DF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "21C13D23-08C9-4836-A204-5168C8B019AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DE36EB64-A7C6-42F2-876D-B7DBAF7C83BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "775206CE-A901-4653-BD17-DE1BFBA076FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "213C52C9-C5B5-4F26-BBB7-EE0824A995AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC937CD-1BE1-4827-9145-E2EA7F3AA792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6189A9-E083-41D3-9D36-7B41D82EC197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE6F4DC0-41E3-4F73-9F62-3D415F8949C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACFED34-9B1E-4950-9D03-756942EF32F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "202F791B-697B-4D9C-BF5D-84F7C657C790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "012405FA-CE85-47B6-B368-2EAEBD06A15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "05260EDC-BD28-4F89-809A-7852E294A540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "66F86968-8BD4-42D0-A5C5-9685E3287D01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B59C1AD7-5E0A-4DB6-B1F9-BAE6C6BC52D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C21677D0-CF4E-4958-83A7-EF8C3AF4B1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF24659-1284-4762-925C-4879B56AC386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "162FF755-CFF5-4AF2-B5D4-AEBA107DD93D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4783F5D2-0709-4E5B-B6B7-DF7823E928CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB6E277-36B8-483E-8F9E-34D350BBB0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "40A7EA48-BCC0-41BD-975D-0C01B6066BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2AE738-BC94-4731-B6C3-54F808756ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FE23443C-6FB5-43AC-9822-1267AE61D14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5952ADD8-4D62-401A-A5D3-1A63706D2F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA04184-B648-48CB-8664-D53AE07196BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "77F7D656-CFD1-4447-97CE-1D183CB41571",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385."
},
{
"lang": "es",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express y Developer versiones 6.0, 7.0 y 8.0, podr\u00edan permitir que un atacante remoto conducir ataques de phishing mediante un ataque de redireccionamiento abierto. Mediante la persuasi\u00f3n a una v\u00edctima para que visite un sitio Web especialmente creado, un atacante remoto podr\u00eda explotar esta vulnerabilidad para suplantar la URL desplegada para redireccionar a un usuario a un sitio web malicioso que parece ser de confianza. Esto podr\u00eda permitir al atacante conseguir informaci\u00f3n altamente sensible o conducir nuevos ataques contra la v\u00edctima. ID de IBM X-Force: 127385."
}
],
"id": "CVE-2017-1398",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-10T16:29:00.247",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005360"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99491"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127385"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1170
Vulnerability from fkie_nvd - Published: 2017-04-26 17:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg22001225 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/98027 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1038359 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg22001225 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98027 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038359 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E7243-19A2-47B2-905E-47219F08F4EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C534568E-A611-472C-9399-15FC66D875C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF3D419-A12C-4A21-9796-DBB73D638E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87504CD1-92DA-4847-BDA7-013622CA7AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "625E1896-9035-46F3-957B-83FB128F90F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F3AC68C-CCA2-495D-AE21-04C937CD5340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E56CE80F-A7E1-4BE0-9679-BB4F94362B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3C8F33-D613-4183-ABE1-5A3A08C16BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "44B5F593-BE92-4E37-9EE9-42C05FA87DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "58D19E4D-A256-44D5-A8D8-7C9F3A64B09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "12961C31-63AD-4AA8-8267-E003F985CE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9D8DAA-285C-4ED1-A602-412725FD79AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C75B5188-E337-4240-9834-92C11DCE9DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2E3F22-60F9-4B70-9485-6DDAC7FE4496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8902699B-AE6A-44A4-838A-28F3EB62881B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CB50A02C-E75F-4602-BDAA-FA4CBEE9CB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEC536A-498B-439F-927E-B72314F8B0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0A8CAD-D5DD-45DE-900F-046673002D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17E1895E-384D-4EF3-A395-7AFFC22E46CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "438E93D2-502F-4569-AB8A-EFECA403798F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64287718-D7AD-425B-B7B7-A6442BFD5671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1523569-2A23-4689-BE59-F74E678A8B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F4B2FD-14BA-46D9-B09F-1DABBA88FF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57B22C48-3347-422C-9730-0A9442645D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDA8ACF-4134-434E-A5FD-39A587DE27FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFB25F3-6FD7-45C9-AFCF-FAB034107E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BCC81A-B7DA-40B9-B883-A00DF9CE585B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8C98FD-E4AB-4BC8-9729-652294B1DF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73A754F0-1328-48EF-B3C6-8435EC11D680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3DF211-CE2D-47AE-BADA-A75F28B6961C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DB29B-5FC7-496A-B20E-99A644D8A073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "038D04C7-A19F-4EB6-91AE-A8890F8FFEA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user\u0027s session. IBM X-Force ID: 123230."
},
{
"lang": "es",
"value": "Una vulnerabilidad en IBM WebSphere Commerce Enterprise, Professional, Express y Developer 8.0 podr\u00eda permitir a un atacante local secuestrar la sesi\u00f3n de un usuario. IBM X-Force ID: 123230."
}
],
"id": "CVE-2017-1170",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-26T17:59:00.250",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001225"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98027"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1038359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038359"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-5894
Vulnerability from fkie_nvd - Published: 2017-03-08 19:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "775206CE-A901-4653-BD17-DE1BFBA076FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "213C52C9-C5B5-4F26-BBB7-EE0824A995AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC937CD-1BE1-4827-9145-E2EA7F3AA792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6189A9-E083-41D3-9D36-7B41D82EC197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE6F4DC0-41E3-4F73-9F62-3D415F8949C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACFED34-9B1E-4950-9D03-756942EF32F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "202F791B-697B-4D9C-BF5D-84F7C657C790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "012405FA-CE85-47B6-B368-2EAEBD06A15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "05260EDC-BD28-4F89-809A-7852E294A540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "66F86968-8BD4-42D0-A5C5-9685E3287D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E7243-19A2-47B2-905E-47219F08F4EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C534568E-A611-472C-9399-15FC66D875C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF3D419-A12C-4A21-9796-DBB73D638E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87504CD1-92DA-4847-BDA7-013622CA7AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "625E1896-9035-46F3-957B-83FB128F90F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F3AC68C-CCA2-495D-AE21-04C937CD5340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E56CE80F-A7E1-4BE0-9679-BB4F94362B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3C8F33-D613-4183-ABE1-5A3A08C16BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "44B5F593-BE92-4E37-9EE9-42C05FA87DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "58D19E4D-A256-44D5-A8D8-7C9F3A64B09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "12961C31-63AD-4AA8-8267-E003F985CE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9D8DAA-285C-4ED1-A602-412725FD79AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C75B5188-E337-4240-9834-92C11DCE9DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2E3F22-60F9-4B70-9485-6DDAC7FE4496",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8902699B-AE6A-44A4-838A-28F3EB62881B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CB50A02C-E75F-4602-BDAA-FA4CBEE9CB0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2FEC536A-498B-439F-927E-B72314F8B0A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AE0A8CAD-D5DD-45DE-900F-046673002D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CC353B83-4053-4762-8E90-9E96AA30F04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "78A3EBB9-C6B1-4A2D-A4E5-2D3E53A1CF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17E1895E-384D-4EF3-A395-7AFFC22E46CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "438E93D2-502F-4569-AB8A-EFECA403798F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64287718-D7AD-425B-B7B7-A6442BFD5671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1523569-2A23-4689-BE59-F74E678A8B2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F4B2FD-14BA-46D9-B09F-1DABBA88FF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "57B22C48-3347-422C-9730-0A9442645D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BDA8ACF-4134-434E-A5FD-39A587DE27FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CFB25F3-6FD7-45C9-AFCF-FAB034107E19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BCC81A-B7DA-40B9-B883-A00DF9CE585B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6F8C98FD-E4AB-4BC8-9729-652294B1DF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "21C13D23-08C9-4836-A204-5168C8B019AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DE36EB64-A7C6-42F2-876D-B7DBAF7C83BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408."
},
{
"lang": "es",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express y Developer 7.0 y 8.0 es vulnerable a vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un usuario local podr\u00eda ver una contrase\u00f1a en texto plano en una consola Unix. Referencia IBM #: 1997408."
}
],
"id": "CVE-2016-5894",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-08T19:59:00.160",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997408"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/96624"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1037962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037962"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6090
Vulnerability from fkie_nvd - Published: 2017-02-01 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | http://www.ibm.com/support/docview.wss?uid=swg21992759 | Patch, Vendor Advisory | |
| psirt@us.ibm.com | http://www.securityfocus.com/bid/93873 | Third Party Advisory, VDB Entry | |
| psirt@us.ibm.com | http://www.securitytracker.com/id/1037091 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ibm.com/support/docview.wss?uid=swg21992759 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93873 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037091 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_commerce | * | |
| ibm | websphere_commerce | * | |
| ibm | websphere_commerce | * | |
| ibm | websphere_commerce | * | |
| ibm | websphere_commerce | 8.0.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB865746-2112-42CF-ADFD-229B393E83F4",
"versionEndIncluding": "6.0.0.11",
"versionStartIncluding": "6.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F376974-4B8E-4339-9769-DD884F3286D3",
"versionEndIncluding": "7.0.0.9",
"versionStartIncluding": "7.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87CFED7E-4B3D-4A41-BED0-97FF6A9323D6",
"versionEndIncluding": "8.0.0.16",
"versionStartIncluding": "8.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F18C0A33-73CF-4804-B966-4CC24772A65E",
"versionEndIncluding": "8.0.1.8",
"versionStartIncluding": "8.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73A754F0-1328-48EF-B3C6-8435EC11D680",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service."
},
{
"lang": "es",
"value": "IBM WebSphere Commerce contiene una vulnerabilidad no especificada que podr\u00eda permitir divulgaci\u00f3n de datos personales del usuario, realizando operaciones administrativas no autorizadas y potencialmente provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2016-6090",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-01T20:59:02.397",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992759"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93873"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037091"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-2863
Vulnerability from fkie_nvd - Published: 2016-07-03 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_commerce | 7.0 | |
| ibm | websphere_commerce | 8.0.0.0 | |
| ibm | websphere_commerce | 8.0.0.1 | |
| ibm | websphere_commerce | 8.0.0.2 | |
| ibm | websphere_commerce | 8.0.0.3 | |
| ibm | websphere_commerce | 8.0.0.5 | |
| ibm | websphere_commerce | 8.0.0.6 | |
| ibm | websphere_commerce | 8.0.0.7 | |
| ibm | websphere_commerce | 8.0.0.8 | |
| ibm | websphere_commerce | 8.0.0.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "7C20CB96-9E05-4702-94F1-E6C7439FAA13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E7243-19A2-47B2-905E-47219F08F4EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C534568E-A611-472C-9399-15FC66D875C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF3D419-A12C-4A21-9796-DBB73D638E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87504CD1-92DA-4847-BDA7-013622CA7AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F3AC68C-CCA2-495D-AE21-04C937CD5340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E56CE80F-A7E1-4BE0-9679-BB4F94362B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3C8F33-D613-4183-ABE1-5A3A08C16BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "44B5F593-BE92-4E37-9EE9-42C05FA87DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "58D19E4D-A256-44D5-A8D8-7C9F3A64B09B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x en versiones anteriores a 8.0.0.10 y 8.0.1.x en versiones anteriores a 8.0.1.2 permite a usuarios remotos autenticados secuestrar la autenticaci\u00f3n de usuarios arbitrarios para peticiones que insertan secuencias de XSS."
}
],
"id": "CVE-2016-2863",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-03T21:59:12.853",
"references": [
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55776"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983626"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/91544"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1036219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036219"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-2862
Vulnerability from fkie_nvd - Published: 2016-07-03 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_commerce | 6.0.0.0 | |
| ibm | websphere_commerce | 6.0.0.1 | |
| ibm | websphere_commerce | 6.0.0.2 | |
| ibm | websphere_commerce | 6.0.0.3 | |
| ibm | websphere_commerce | 6.0.0.4 | |
| ibm | websphere_commerce | 6.0.0.5 | |
| ibm | websphere_commerce | 6.0.0.6 | |
| ibm | websphere_commerce | 6.0.0.7 | |
| ibm | websphere_commerce | 6.0.0.8 | |
| ibm | websphere_commerce | 6.0.0.9 | |
| ibm | websphere_commerce | 6.0.0.10 | |
| ibm | websphere_commerce | 6.0.0.11 | |
| ibm | websphere_commerce | 7.0 | |
| ibm | websphere_commerce | 7.0.0.1 | |
| ibm | websphere_commerce | 7.0.0.2 | |
| ibm | websphere_commerce | 7.0.0.3 | |
| ibm | websphere_commerce | 7.0.0.4 | |
| ibm | websphere_commerce | 7.0.0.5 | |
| ibm | websphere_commerce | 7.0.0.6 | |
| ibm | websphere_commerce | 7.0.0.7 | |
| ibm | websphere_commerce | 7.0.0.8 | |
| ibm | websphere_commerce | 7.0.0.9 | |
| ibm | websphere_commerce | 8.0.0.0 | |
| ibm | websphere_commerce | 8.0.0.1 | |
| ibm | websphere_commerce | 8.0.0.2 | |
| ibm | websphere_commerce | 8.0.0.3 | |
| ibm | websphere_commerce | 8.0.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B59C1AD7-5E0A-4DB6-B1F9-BAE6C6BC52D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C21677D0-CF4E-4958-83A7-EF8C3AF4B1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF24659-1284-4762-925C-4879B56AC386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "162FF755-CFF5-4AF2-B5D4-AEBA107DD93D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4783F5D2-0709-4E5B-B6B7-DF7823E928CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB6E277-36B8-483E-8F9E-34D350BBB0EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "40A7EA48-BCC0-41BD-975D-0C01B6066BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2AE738-BC94-4731-B6C3-54F808756ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FE23443C-6FB5-43AC-9822-1267AE61D14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5952ADD8-4D62-401A-A5D3-1A63706D2F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8BA04184-B648-48CB-8664-D53AE07196BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "77F7D656-CFD1-4447-97CE-1D183CB41571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "775206CE-A901-4653-BD17-DE1BFBA076FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "213C52C9-C5B5-4F26-BBB7-EE0824A995AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC937CD-1BE1-4827-9145-E2EA7F3AA792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6189A9-E083-41D3-9D36-7B41D82EC197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CE6F4DC0-41E3-4F73-9F62-3D415F8949C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1ACFED34-9B1E-4950-9D03-756942EF32F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "202F791B-697B-4D9C-BF5D-84F7C657C790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "012405FA-CE85-47B6-B368-2EAEBD06A15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "05260EDC-BD28-4F89-809A-7852E294A540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "66F86968-8BD4-42D0-A5C5-9685E3287D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E7243-19A2-47B2-905E-47219F08F4EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C534568E-A611-472C-9399-15FC66D875C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF3D419-A12C-4A21-9796-DBB73D638E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87504CD1-92DA-4847-BDA7-013622CA7AB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce:8.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "625E1896-9035-46F3-957B-83FB128F90F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en IBM WebSphere Commerce 6.0 hasta la versi\u00f3n 6.0.0.11, 7.0 en versiones anteriores a 7.0.0.9 acumulable iFix 3 y 8.0 en versiones anteriores a 8.0.0.5 permite a atacantes remotos inyectar secuencia de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2016-2862",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-03T21:59:11.883",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55049"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55139"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55141"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55264"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983625"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securityfocus.com/bid/91533"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.securitytracker.com/id/1036206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/91533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036206"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-1808 (GCVE-0-2018-1808)
Vulnerability from cvelistv5 – Published: 2018-11-13 15:00 – Updated: 2024-09-17 03:53
VLAI?
Summary
IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Commerce |
Affected:
9.0.0.0
Affected: 9.0.0.4 Affected: 9.0.0.1 Affected: 9.0.0.2 Affected: 9.0.0.3 Affected: 9.0.0.5 Affected: 9.0.0.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1042034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042034"
},
{
"name": "ibm-websphere-cve20181808-ssi(149828)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149828"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10735905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0.0.4"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.0.2"
},
{
"status": "affected",
"version": "9.0.0.3"
},
{
"status": "affected",
"version": "9.0.0.5"
},
{
"status": "affected",
"version": "9.0.0.6"
}
]
}
],
"datePublic": "2018-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:L/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T10:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1042034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042034"
},
{
"name": "ibm-websphere-cve20181808-ssi(149828)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149828"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10735905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-10-24T00:00:00",
"ID": "CVE-2018-1808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce",
"version": {
"version_data": [
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0.0.4"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.0.2"
},
{
"version_value": "9.0.0.3"
},
{
"version_value": "9.0.0.5"
},
{
"version_value": "9.0.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1042034",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042034"
},
{
"name": "ibm-websphere-cve20181808-ssi(149828)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149828"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10735905",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10735905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1808",
"datePublished": "2018-11-13T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T03:53:51.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1541 (GCVE-0-2018-1541)
Vulnerability from cvelistv5 – Published: 2018-10-24 13:00 – Updated: 2024-09-16 19:35
VLAI?
Summary
IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Commerce Enterprise |
Affected:
V7
Affected: V8 Affected: V9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:43.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731225"
},
{
"name": "105744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105744"
},
{
"name": "ibm-websphere-cve20181541-xss(142596)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142596"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "V7"
},
{
"status": "affected",
"version": "V8"
},
{
"status": "affected",
"version": "V9"
}
]
}
],
"datePublic": "2018-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-30T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731225"
},
{
"name": "105744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105744"
},
{
"name": "ibm-websphere-cve20181541-xss(142596)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142596"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-10-19T00:00:00",
"ID": "CVE-2018-1541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "V7"
},
{
"version_value": "V8"
},
{
"version_value": "V9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10731225",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731225"
},
{
"name": "105744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105744"
},
{
"name": "ibm-websphere-cve20181541-xss(142596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142596"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1541",
"datePublished": "2018-10-24T13:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T19:35:20.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1644 (GCVE-0-2018-1644)
Vulnerability from cvelistv5 – Published: 2018-08-27 15:00 – Updated: 2024-09-16 17:49
VLAI?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Commerce |
Affected:
7.0.0.0
Affected: 8.0.4.0 Affected: 8.0.4.14 Affected: 8.0.3.0 Affected: 8.0.3.6 Affected: 8.0.1.0 Affected: 8.0.1.13 Affected: 8.0.0.0 Affected: 8.0.0.19 Affected: 9.0.0.0 Affected: 9.0.0.4 Affected: 8.0.4.3 Affected: 8.0.4.4 Affected: 8.0.4.5 Affected: 8.0.4.6 Affected: 8.0.4.7 Affected: 8.0.4.8 Affected: 8.0.4.9 Affected: 8.0.4.10 Affected: 8.0.4.11 Affected: 8.0.4.12 Affected: 8.0.4.13 Affected: 8.0.3.1 Affected: 8.0.3.2 Affected: 8.0.3.3 Affected: 8.0.3.4 Affected: 8.0.3.5 Affected: 8.0.4.1 Affected: 8.0.4.2 Affected: 8.0.1.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 8.0.1.5 Affected: 8.0.1.6 Affected: 8.0.1.7 Affected: 8.0.1.8 Affected: 8.0.1.9 Affected: 8.0.1.10 Affected: 8.0.1.11 Affected: 8.0.1.12 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.0.6 Affected: 8.0.0.7 Affected: 8.0.0.8 Affected: 8.0.0.9 Affected: 8.0.0.10 Affected: 8.0.0.11 Affected: 8.0.0.12 Affected: 8.0.0.13 Affected: 8.0.0.14 Affected: 8.0.0.15 Affected: 8.0.0.16 Affected: 8.0.0.17 Affected: 8.0.0.18 Affected: 9.0.0.1 Affected: 9.0.0.2 Affected: 9.0.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10728829"
},
{
"name": "ibm-websphere-cve20181644-info-disc(144589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0.0"
},
{
"status": "affected",
"version": "8.0.4.0"
},
{
"status": "affected",
"version": "8.0.4.14"
},
{
"status": "affected",
"version": "8.0.3.0"
},
{
"status": "affected",
"version": "8.0.3.6"
},
{
"status": "affected",
"version": "8.0.1.0"
},
{
"status": "affected",
"version": "8.0.1.13"
},
{
"status": "affected",
"version": "8.0.0.0"
},
{
"status": "affected",
"version": "8.0.0.19"
},
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0.0.4"
},
{
"status": "affected",
"version": "8.0.4.3"
},
{
"status": "affected",
"version": "8.0.4.4"
},
{
"status": "affected",
"version": "8.0.4.5"
},
{
"status": "affected",
"version": "8.0.4.6"
},
{
"status": "affected",
"version": "8.0.4.7"
},
{
"status": "affected",
"version": "8.0.4.8"
},
{
"status": "affected",
"version": "8.0.4.9"
},
{
"status": "affected",
"version": "8.0.4.10"
},
{
"status": "affected",
"version": "8.0.4.11"
},
{
"status": "affected",
"version": "8.0.4.12"
},
{
"status": "affected",
"version": "8.0.4.13"
},
{
"status": "affected",
"version": "8.0.3.1"
},
{
"status": "affected",
"version": "8.0.3.2"
},
{
"status": "affected",
"version": "8.0.3.3"
},
{
"status": "affected",
"version": "8.0.3.4"
},
{
"status": "affected",
"version": "8.0.3.5"
},
{
"status": "affected",
"version": "8.0.4.1"
},
{
"status": "affected",
"version": "8.0.4.2"
},
{
"status": "affected",
"version": "8.0.1.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "8.0.1.6"
},
{
"status": "affected",
"version": "8.0.1.7"
},
{
"status": "affected",
"version": "8.0.1.8"
},
{
"status": "affected",
"version": "8.0.1.9"
},
{
"status": "affected",
"version": "8.0.1.10"
},
{
"status": "affected",
"version": "8.0.1.11"
},
{
"status": "affected",
"version": "8.0.1.12"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.0.6"
},
{
"status": "affected",
"version": "8.0.0.7"
},
{
"status": "affected",
"version": "8.0.0.8"
},
{
"status": "affected",
"version": "8.0.0.9"
},
{
"status": "affected",
"version": "8.0.0.10"
},
{
"status": "affected",
"version": "8.0.0.11"
},
{
"status": "affected",
"version": "8.0.0.12"
},
{
"status": "affected",
"version": "8.0.0.13"
},
{
"status": "affected",
"version": "8.0.0.14"
},
{
"status": "affected",
"version": "8.0.0.15"
},
{
"status": "affected",
"version": "8.0.0.16"
},
{
"status": "affected",
"version": "8.0.0.17"
},
{
"status": "affected",
"version": "8.0.0.18"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.0.2"
},
{
"status": "affected",
"version": "9.0.0.3"
}
]
}
],
"datePublic": "2018-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 2.7,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-27T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10728829"
},
{
"name": "ibm-websphere-cve20181644-info-disc(144589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144589"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-08-23T00:00:00",
"ID": "CVE-2018-1644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce",
"version": {
"version_data": [
{
"version_value": "7.0.0.0"
},
{
"version_value": "8.0.4.0"
},
{
"version_value": "8.0.4.14"
},
{
"version_value": "8.0.3.0"
},
{
"version_value": "8.0.3.6"
},
{
"version_value": "8.0.1.0"
},
{
"version_value": "8.0.1.13"
},
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.19"
},
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0.0.4"
},
{
"version_value": "8.0.4.3"
},
{
"version_value": "8.0.4.4"
},
{
"version_value": "8.0.4.5"
},
{
"version_value": "8.0.4.6"
},
{
"version_value": "8.0.4.7"
},
{
"version_value": "8.0.4.8"
},
{
"version_value": "8.0.4.9"
},
{
"version_value": "8.0.4.10"
},
{
"version_value": "8.0.4.11"
},
{
"version_value": "8.0.4.12"
},
{
"version_value": "8.0.4.13"
},
{
"version_value": "8.0.3.1"
},
{
"version_value": "8.0.3.2"
},
{
"version_value": "8.0.3.3"
},
{
"version_value": "8.0.3.4"
},
{
"version_value": "8.0.3.5"
},
{
"version_value": "8.0.4.1"
},
{
"version_value": "8.0.4.2"
},
{
"version_value": "8.0.1.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "8.0.1.6"
},
{
"version_value": "8.0.1.7"
},
{
"version_value": "8.0.1.8"
},
{
"version_value": "8.0.1.9"
},
{
"version_value": "8.0.1.10"
},
{
"version_value": "8.0.1.11"
},
{
"version_value": "8.0.1.12"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.6"
},
{
"version_value": "8.0.0.7"
},
{
"version_value": "8.0.0.8"
},
{
"version_value": "8.0.0.9"
},
{
"version_value": "8.0.0.10"
},
{
"version_value": "8.0.0.11"
},
{
"version_value": "8.0.0.12"
},
{
"version_value": "8.0.0.13"
},
{
"version_value": "8.0.0.14"
},
{
"version_value": "8.0.0.15"
},
{
"version_value": "8.0.0.16"
},
{
"version_value": "8.0.0.17"
},
{
"version_value": "8.0.0.18"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.0.2"
},
{
"version_value": "9.0.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10728829",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10728829"
},
{
"name": "ibm-websphere-cve20181644-info-disc(144589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144589"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1644",
"datePublished": "2018-08-27T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T17:49:28.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1484 (GCVE-0-2017-1484)
Vulnerability from cvelistv5 – Published: 2017-11-27 21:00 – Updated: 2024-09-17 00:51
VLAI?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Commerce Enterprise |
Affected:
7.0
Affected: 8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010103"
},
{
"name": "101894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2017-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010103"
},
{
"name": "101894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101894"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-1484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128622",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128622"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010103",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010103"
},
{
"name": "101894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1484",
"datePublished": "2017-11-27T21:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:51:10.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1569 (GCVE-0-2017-1569)
Vulnerability from cvelistv5 – Published: 2017-10-02 20:00 – Updated: 2024-09-16 22:14
VLAI?
Summary
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Commerce Enterprise |
Affected:
7.0
Affected: 8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:31.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101073",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008547"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2017-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot\u0027s that could cause a denial of service. IBM X-Force ID: 131779."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-04T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "101073",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008547"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-28T00:00:00",
"ID": "CVE-2017-1569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot\u0027s that could cause a denial of service. IBM X-Force ID: 131779."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101073"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008547",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008547"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131779",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1569",
"datePublished": "2017-10-02T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:14:25.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1398 (GCVE-0-2017-1398)
Vulnerability from cvelistv5 – Published: 2017-07-10 16:00 – Updated: 2024-09-17 02:32
VLAI?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Commerce Enterprise |
Affected:
6.0
Affected: 7.0 Affected: 8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005360"
},
{
"name": "99491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99491"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127385"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2017-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005360"
},
{
"name": "99491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99491"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127385"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-06T00:00:00",
"ID": "CVE-2017-1398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "7.0"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005360",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005360"
},
{
"name": "99491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99491"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127385",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127385"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1398",
"datePublished": "2017-07-10T16:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T02:32:20.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1170 (GCVE-0-2017-1170)
Vulnerability from cvelistv5 – Published: 2017-04-26 17:00 – Updated: 2024-08-05 13:25
VLAI?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere Commerce Enterprise |
Affected:
8.0, 8.0.1.0, 8.0.3.0, 8.0.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001225"
},
{
"name": "98027",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98027"
},
{
"name": "1038359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "8.0, 8.0.1.0, 8.0.3.0, 8.0.4.0"
}
]
}
],
"datePublic": "2017-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user\u0027s session. IBM X-Force ID: 123230."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001225"
},
{
"name": "98027",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98027"
},
{
"name": "1038359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038359"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "8.0, 8.0.1.0, 8.0.3.0, 8.0.4.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user\u0027s session. IBM X-Force ID: 123230."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001225",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001225"
},
{
"name": "98027",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98027"
},
{
"name": "1038359",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038359"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1170",
"datePublished": "2017-04-26T17:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:17.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5894 (GCVE-0-2016-5894)
Vulnerability from cvelistv5 – Published: 2017-03-08 19:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere Commerce Enterprise |
Affected:
7.0
Affected: 8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997408"
},
{
"name": "1037962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037962"
},
{
"name": "96624",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2017-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997408"
},
{
"name": "1037962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037962"
},
{
"name": "96624",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997408",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997408"
},
{
"name": "1037962",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037962"
},
{
"name": "96624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-5894",
"datePublished": "2017-03-08T19:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6090 (GCVE-0-2016-6090)
Vulnerability from cvelistv5 – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere Commerce Enterprise |
Affected:
6.0
Affected: 7.0 Affected: 7 Affected: 8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992759"
},
{
"name": "93873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93873"
},
{
"name": "1037091",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992759"
},
{
"name": "93873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93873"
},
{
"name": "1037091",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "7.0"
},
{
"version_value": "7"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21992759",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992759"
},
{
"name": "93873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93873"
},
{
"name": "1037091",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6090",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2863 (GCVE-0-2016-2863)
Vulnerability from cvelistv5 – Published: 2016-07-03 21:00 – Updated: 2024-08-05 23:40
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:13.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91544",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91544"
},
{
"name": "JR55776",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55776"
},
{
"name": "1036219",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036219"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "91544",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91544"
},
{
"name": "JR55776",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55776"
},
{
"name": "1036219",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036219"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-2863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91544"
},
{
"name": "JR55776",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR55776"
},
{
"name": "1036219",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036219"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21983626",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21983626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-2863",
"datePublished": "2016-07-03T21:00:00",
"dateReserved": "2016-03-09T00:00:00",
"dateUpdated": "2024-08-05T23:40:13.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1808 (GCVE-0-2018-1808)
Vulnerability from nvd – Published: 2018-11-13 15:00 – Updated: 2024-09-17 03:53
VLAI?
Summary
IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828.
Severity ?
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Commerce |
Affected:
9.0.0.0
Affected: 9.0.0.4 Affected: 9.0.0.1 Affected: 9.0.0.2 Affected: 9.0.0.3 Affected: 9.0.0.5 Affected: 9.0.0.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:38.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1042034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042034"
},
{
"name": "ibm-websphere-cve20181808-ssi(149828)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149828"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10735905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0.0.4"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.0.2"
},
{
"status": "affected",
"version": "9.0.0.3"
},
{
"status": "affected",
"version": "9.0.0.5"
},
{
"status": "affected",
"version": "9.0.0.6"
}
]
}
],
"datePublic": "2018-10-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:L/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-14T10:57:02",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "1042034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042034"
},
{
"name": "ibm-websphere-cve20181808-ssi(149828)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149828"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10735905"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-10-24T00:00:00",
"ID": "CVE-2018-1808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce",
"version": {
"version_data": [
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0.0.4"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.0.2"
},
{
"version_value": "9.0.0.3"
},
{
"version_value": "9.0.0.5"
},
{
"version_value": "9.0.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "L",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1042034",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042034"
},
{
"name": "ibm-websphere-cve20181808-ssi(149828)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149828"
},
{
"name": "https://www-01.ibm.com/support/docview.wss?uid=ibm10735905",
"refsource": "CONFIRM",
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10735905"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1808",
"datePublished": "2018-11-13T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-17T03:53:51.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1541 (GCVE-0-2018-1541)
Vulnerability from nvd – Published: 2018-10-24 13:00 – Updated: 2024-09-16 19:35
VLAI?
Summary
IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596.
Severity ?
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Commerce Enterprise |
Affected:
V7
Affected: V8 Affected: V9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:43.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731225"
},
{
"name": "105744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105744"
},
{
"name": "ibm-websphere-cve20181541-xss(142596)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142596"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "V7"
},
{
"status": "affected",
"version": "V8"
},
{
"status": "affected",
"version": "V9"
}
]
}
],
"datePublic": "2018-10-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "CHANGED",
"temporalScore": 5.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:L/I:L/PR:L/S:C/UI:R/E:H/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-30T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731225"
},
{
"name": "105744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105744"
},
{
"name": "ibm-websphere-cve20181541-xss(142596)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142596"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-10-19T00:00:00",
"ID": "CVE-2018-1541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "V7"
},
{
"version_value": "V8"
},
{
"version_value": "V9"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142596."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10731225",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731225"
},
{
"name": "105744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105744"
},
{
"name": "ibm-websphere-cve20181541-xss(142596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142596"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1541",
"datePublished": "2018-10-24T13:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T19:35:20.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1644 (GCVE-0-2018-1644)
Vulnerability from nvd – Published: 2018-08-27 15:00 – Updated: 2024-09-16 17:49
VLAI?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.
Severity ?
CWE
- Obtain Information
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Commerce |
Affected:
7.0.0.0
Affected: 8.0.4.0 Affected: 8.0.4.14 Affected: 8.0.3.0 Affected: 8.0.3.6 Affected: 8.0.1.0 Affected: 8.0.1.13 Affected: 8.0.0.0 Affected: 8.0.0.19 Affected: 9.0.0.0 Affected: 9.0.0.4 Affected: 8.0.4.3 Affected: 8.0.4.4 Affected: 8.0.4.5 Affected: 8.0.4.6 Affected: 8.0.4.7 Affected: 8.0.4.8 Affected: 8.0.4.9 Affected: 8.0.4.10 Affected: 8.0.4.11 Affected: 8.0.4.12 Affected: 8.0.4.13 Affected: 8.0.3.1 Affected: 8.0.3.2 Affected: 8.0.3.3 Affected: 8.0.3.4 Affected: 8.0.3.5 Affected: 8.0.4.1 Affected: 8.0.4.2 Affected: 8.0.1.1 Affected: 8.0.1.2 Affected: 8.0.1.3 Affected: 8.0.1.4 Affected: 8.0.1.5 Affected: 8.0.1.6 Affected: 8.0.1.7 Affected: 8.0.1.8 Affected: 8.0.1.9 Affected: 8.0.1.10 Affected: 8.0.1.11 Affected: 8.0.1.12 Affected: 8.0.0.1 Affected: 8.0.0.2 Affected: 8.0.0.3 Affected: 8.0.0.4 Affected: 8.0.0.5 Affected: 8.0.0.6 Affected: 8.0.0.7 Affected: 8.0.0.8 Affected: 8.0.0.9 Affected: 8.0.0.10 Affected: 8.0.0.11 Affected: 8.0.0.12 Affected: 8.0.0.13 Affected: 8.0.0.14 Affected: 8.0.0.15 Affected: 8.0.0.16 Affected: 8.0.0.17 Affected: 8.0.0.18 Affected: 9.0.0.1 Affected: 9.0.0.2 Affected: 9.0.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:07:44.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10728829"
},
{
"name": "ibm-websphere-cve20181644-info-disc(144589)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144589"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0.0.0"
},
{
"status": "affected",
"version": "8.0.4.0"
},
{
"status": "affected",
"version": "8.0.4.14"
},
{
"status": "affected",
"version": "8.0.3.0"
},
{
"status": "affected",
"version": "8.0.3.6"
},
{
"status": "affected",
"version": "8.0.1.0"
},
{
"status": "affected",
"version": "8.0.1.13"
},
{
"status": "affected",
"version": "8.0.0.0"
},
{
"status": "affected",
"version": "8.0.0.19"
},
{
"status": "affected",
"version": "9.0.0.0"
},
{
"status": "affected",
"version": "9.0.0.4"
},
{
"status": "affected",
"version": "8.0.4.3"
},
{
"status": "affected",
"version": "8.0.4.4"
},
{
"status": "affected",
"version": "8.0.4.5"
},
{
"status": "affected",
"version": "8.0.4.6"
},
{
"status": "affected",
"version": "8.0.4.7"
},
{
"status": "affected",
"version": "8.0.4.8"
},
{
"status": "affected",
"version": "8.0.4.9"
},
{
"status": "affected",
"version": "8.0.4.10"
},
{
"status": "affected",
"version": "8.0.4.11"
},
{
"status": "affected",
"version": "8.0.4.12"
},
{
"status": "affected",
"version": "8.0.4.13"
},
{
"status": "affected",
"version": "8.0.3.1"
},
{
"status": "affected",
"version": "8.0.3.2"
},
{
"status": "affected",
"version": "8.0.3.3"
},
{
"status": "affected",
"version": "8.0.3.4"
},
{
"status": "affected",
"version": "8.0.3.5"
},
{
"status": "affected",
"version": "8.0.4.1"
},
{
"status": "affected",
"version": "8.0.4.2"
},
{
"status": "affected",
"version": "8.0.1.1"
},
{
"status": "affected",
"version": "8.0.1.2"
},
{
"status": "affected",
"version": "8.0.1.3"
},
{
"status": "affected",
"version": "8.0.1.4"
},
{
"status": "affected",
"version": "8.0.1.5"
},
{
"status": "affected",
"version": "8.0.1.6"
},
{
"status": "affected",
"version": "8.0.1.7"
},
{
"status": "affected",
"version": "8.0.1.8"
},
{
"status": "affected",
"version": "8.0.1.9"
},
{
"status": "affected",
"version": "8.0.1.10"
},
{
"status": "affected",
"version": "8.0.1.11"
},
{
"status": "affected",
"version": "8.0.1.12"
},
{
"status": "affected",
"version": "8.0.0.1"
},
{
"status": "affected",
"version": "8.0.0.2"
},
{
"status": "affected",
"version": "8.0.0.3"
},
{
"status": "affected",
"version": "8.0.0.4"
},
{
"status": "affected",
"version": "8.0.0.5"
},
{
"status": "affected",
"version": "8.0.0.6"
},
{
"status": "affected",
"version": "8.0.0.7"
},
{
"status": "affected",
"version": "8.0.0.8"
},
{
"status": "affected",
"version": "8.0.0.9"
},
{
"status": "affected",
"version": "8.0.0.10"
},
{
"status": "affected",
"version": "8.0.0.11"
},
{
"status": "affected",
"version": "8.0.0.12"
},
{
"status": "affected",
"version": "8.0.0.13"
},
{
"status": "affected",
"version": "8.0.0.14"
},
{
"status": "affected",
"version": "8.0.0.15"
},
{
"status": "affected",
"version": "8.0.0.16"
},
{
"status": "affected",
"version": "8.0.0.17"
},
{
"status": "affected",
"version": "8.0.0.18"
},
{
"status": "affected",
"version": "9.0.0.1"
},
{
"status": "affected",
"version": "9.0.0.2"
},
{
"status": "affected",
"version": "9.0.0.3"
}
]
}
],
"datePublic": "2018-08-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 2.7,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:L/I:N/PR:L/S:U/UI:N/E:U/RC:C/RL:O",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-27T14:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10728829"
},
{
"name": "ibm-websphere-cve20181644-info-disc(144589)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144589"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-08-23T00:00:00",
"ID": "CVE-2018-1644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce",
"version": {
"version_data": [
{
"version_value": "7.0.0.0"
},
{
"version_value": "8.0.4.0"
},
{
"version_value": "8.0.4.14"
},
{
"version_value": "8.0.3.0"
},
{
"version_value": "8.0.3.6"
},
{
"version_value": "8.0.1.0"
},
{
"version_value": "8.0.1.13"
},
{
"version_value": "8.0.0.0"
},
{
"version_value": "8.0.0.19"
},
{
"version_value": "9.0.0.0"
},
{
"version_value": "9.0.0.4"
},
{
"version_value": "8.0.4.3"
},
{
"version_value": "8.0.4.4"
},
{
"version_value": "8.0.4.5"
},
{
"version_value": "8.0.4.6"
},
{
"version_value": "8.0.4.7"
},
{
"version_value": "8.0.4.8"
},
{
"version_value": "8.0.4.9"
},
{
"version_value": "8.0.4.10"
},
{
"version_value": "8.0.4.11"
},
{
"version_value": "8.0.4.12"
},
{
"version_value": "8.0.4.13"
},
{
"version_value": "8.0.3.1"
},
{
"version_value": "8.0.3.2"
},
{
"version_value": "8.0.3.3"
},
{
"version_value": "8.0.3.4"
},
{
"version_value": "8.0.3.5"
},
{
"version_value": "8.0.4.1"
},
{
"version_value": "8.0.4.2"
},
{
"version_value": "8.0.1.1"
},
{
"version_value": "8.0.1.2"
},
{
"version_value": "8.0.1.3"
},
{
"version_value": "8.0.1.4"
},
{
"version_value": "8.0.1.5"
},
{
"version_value": "8.0.1.6"
},
{
"version_value": "8.0.1.7"
},
{
"version_value": "8.0.1.8"
},
{
"version_value": "8.0.1.9"
},
{
"version_value": "8.0.1.10"
},
{
"version_value": "8.0.1.11"
},
{
"version_value": "8.0.1.12"
},
{
"version_value": "8.0.0.1"
},
{
"version_value": "8.0.0.2"
},
{
"version_value": "8.0.0.3"
},
{
"version_value": "8.0.0.4"
},
{
"version_value": "8.0.0.5"
},
{
"version_value": "8.0.0.6"
},
{
"version_value": "8.0.0.7"
},
{
"version_value": "8.0.0.8"
},
{
"version_value": "8.0.0.9"
},
{
"version_value": "8.0.0.10"
},
{
"version_value": "8.0.0.11"
},
{
"version_value": "8.0.0.12"
},
{
"version_value": "8.0.0.13"
},
{
"version_value": "8.0.0.14"
},
{
"version_value": "8.0.0.15"
},
{
"version_value": "8.0.0.16"
},
{
"version_value": "8.0.0.17"
},
{
"version_value": "8.0.0.18"
},
{
"version_value": "9.0.0.1"
},
{
"version_value": "9.0.0.2"
},
{
"version_value": "9.0.0.3"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "L",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10728829",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10728829"
},
{
"name": "ibm-websphere-cve20181644-info-disc(144589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144589"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2018-1644",
"datePublished": "2018-08-27T15:00:00Z",
"dateReserved": "2017-12-13T00:00:00",
"dateUpdated": "2024-09-16T17:49:28.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1484 (GCVE-0-2017-1484)
Vulnerability from nvd – Published: 2017-11-27 21:00 – Updated: 2024-09-17 00:51
VLAI?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Commerce Enterprise |
Affected:
7.0
Affected: 8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010103"
},
{
"name": "101894",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101894"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2017-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T10:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010103"
},
{
"name": "101894",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101894"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-1484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128622",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/128622"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22010103",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22010103"
},
{
"name": "101894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101894"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1484",
"datePublished": "2017-11-27T21:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T00:51:10.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1569 (GCVE-0-2017-1569)
Vulnerability from nvd – Published: 2017-10-02 20:00 – Updated: 2024-09-16 22:14
VLAI?
Summary
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Commerce Enterprise |
Affected:
7.0
Affected: 8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:31.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101073",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008547"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131779"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2017-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot\u0027s that could cause a denial of service. IBM X-Force ID: 131779."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-04T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "101073",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008547"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131779"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-09-28T00:00:00",
"ID": "CVE-2017-1569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot\u0027s that could cause a denial of service. IBM X-Force ID: 131779."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101073"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22008547",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22008547"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131779",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/131779"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1569",
"datePublished": "2017-10-02T20:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-16T22:14:25.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1398 (GCVE-0-2017-1398)
Vulnerability from nvd – Published: 2017-07-10 16:00 – Updated: 2024-09-17 02:32
VLAI?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | WebSphere Commerce Enterprise |
Affected:
6.0
Affected: 7.0 Affected: 8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:32:29.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005360"
},
{
"name": "99491",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99491"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127385"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2017-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-11T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005360"
},
{
"name": "99491",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99491"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127385"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2017-07-06T00:00:00",
"ID": "CVE-2017-1398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "7.0"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22005360",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22005360"
},
{
"name": "99491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99491"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127385",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127385"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1398",
"datePublished": "2017-07-10T16:00:00Z",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-09-17T02:32:20.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1170 (GCVE-0-2017-1170)
Vulnerability from nvd – Published: 2017-04-26 17:00 – Updated: 2024-08-05 13:25
VLAI?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230.
Severity ?
No CVSS data available.
CWE
- Gain Access
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere Commerce Enterprise |
Affected:
8.0, 8.0.1.0, 8.0.3.0, 8.0.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:25:17.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001225"
},
{
"name": "98027",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98027"
},
{
"name": "1038359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "8.0, 8.0.1.0, 8.0.3.0, 8.0.4.0"
}
]
}
],
"datePublic": "2017-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user\u0027s session. IBM X-Force ID: 123230."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001225"
},
{
"name": "98027",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98027"
},
{
"name": "1038359",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038359"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2017-1170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "8.0, 8.0.1.0, 8.0.3.0, 8.0.4.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user\u0027s session. IBM X-Force ID: 123230."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg22001225",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22001225"
},
{
"name": "98027",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98027"
},
{
"name": "1038359",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038359"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2017-1170",
"datePublished": "2017-04-26T17:00:00",
"dateReserved": "2016-11-30T00:00:00",
"dateUpdated": "2024-08-05T13:25:17.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5894 (GCVE-0-2016-5894)
Vulnerability from nvd – Published: 2017-03-08 19:00 – Updated: 2024-08-06 01:15
VLAI?
Summary
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408.
Severity ?
No CVSS data available.
CWE
- Obtain Information
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere Commerce Enterprise |
Affected:
7.0
Affected: 8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:15:10.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997408"
},
{
"name": "1037962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037962"
},
{
"name": "96624",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96624"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2017-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Obtain Information",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997408"
},
{
"name": "1037962",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037962"
},
{
"name": "96624",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96624"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-5894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21997408",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21997408"
},
{
"name": "1037962",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037962"
},
{
"name": "96624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96624"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-5894",
"datePublished": "2017-03-08T19:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:15:10.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6090 (GCVE-0-2016-6090)
Vulnerability from nvd – Published: 2017-02-01 20:00 – Updated: 2024-08-06 01:22
VLAI?
Summary
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service.
Severity ?
No CVSS data available.
CWE
- Gain Privileges
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM Corporation | WebSphere Commerce Enterprise |
Affected:
6.0
Affected: 7.0 Affected: 7 Affected: 8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992759"
},
{
"name": "93873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93873"
},
{
"name": "1037091",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037091"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebSphere Commerce Enterprise",
"vendor": "IBM Corporation",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8.0"
}
]
}
],
"datePublic": "2017-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Gain Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T09:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992759"
},
{
"name": "93873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93873"
},
{
"name": "1037091",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037091"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2016-6090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Commerce Enterprise",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "7.0"
},
{
"version_value": "7"
},
{
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "IBM Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21992759",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21992759"
},
{
"name": "93873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93873"
},
{
"name": "1037091",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037091"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2016-6090",
"datePublished": "2017-02-01T20:00:00",
"dateReserved": "2016-06-29T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}