All the vulnerabilites related to ibm - websphere_commerce_suite
Vulnerability from fkie_nvd
Published
2001-06-18 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_commerce_suite | 4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAE8EB5-A00C-4904-B0AE-7BC1892DAA74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL."
}
],
"id": "CVE-2001-0446",
"lastModified": "2024-11-20T23:35:23.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-06-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=98583082225053\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=98583082225053\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-05-03 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | net.commerce | 2.0 | |
| ibm | net.commerce | 3.0 | |
| ibm | net.commerce | 3.1 | |
| ibm | net.commerce | 3.1 | |
| ibm | net.commerce | 3.1.1 | |
| ibm | net.commerce | 3.1.1 | |
| ibm | net.commerce | 3.1.2 | |
| ibm | net.commerce | 3.1.2 | |
| ibm | net.commerce | 3.2 | |
| ibm | net.commerce | 3.2 | |
| ibm | net.commerce_hosting_server | 3.1.1 | |
| ibm | net.commerce_hosting_server | 3.1.2 | |
| ibm | net.commerce_hosting_server | 3.2 | |
| ibm | websphere_commerce_suite | 3.1.2 | |
| ibm | websphere_commerce_suite | 3.2 | |
| ibm | websphere_commerce_suite | 4.1 | |
| ibm | websphere_commerce_suite | 4.1 | |
| ibm | websphere_commerce_suite | 4.1 | |
| ibm | websphere_commerce_suite | 4.1.1 | |
| ibm | websphere_commerce_suite | 4.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:net.commerce:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE86316D-9345-4DAF-895C-C5CA3CE57DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE1451-5A6F-462C-AF6E-8B89992F4D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.1:*:pro:*:*:*:*:*",
"matchCriteriaId": "32F0400D-F53F-4A9D-AEAC-3C6CE82C874A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.1:*:start:*:*:*:*:*",
"matchCriteriaId": "2311CABF-10C8-425E-86A9-019C76005330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.1.1:*:pro:*:*:*:*:*",
"matchCriteriaId": "2B208B30-F707-4D89-AD78-B90B11AB3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.1.1:*:start:*:*:*:*:*",
"matchCriteriaId": "3446F9E1-2B08-4CBF-89BD-E3877734CC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.1.2:*:pro:*:*:*:*:*",
"matchCriteriaId": "F7A986BA-889F-49B1-92B6-D0E0F87CC994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.1.2:*:start:*:*:*:*:*",
"matchCriteriaId": "D7E959F6-8E57-4C15-B692-4E59DA4112E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.2:*:pro:*:*:*:*:*",
"matchCriteriaId": "30945828-4F47-484B-82C0-37C64D4DB5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.2:*:start:*:*:*:*:*",
"matchCriteriaId": "A8D8BD49-ECD4-4781-808C-D3DBDF54F734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce_hosting_server:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19361055-8688-4620-937F-310B2BC06080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce_hosting_server:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96A57EA-67E5-4C0C-8FF6-8AEDA18927B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce_hosting_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E63E2D8-EBDD-4016-85B3-188FCF9820BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:3.1.2:*:service_provider:*:*:*:*:*",
"matchCriteriaId": "0CE7944E-ECA2-4F41-9D35-B669D3CAD32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:3.2:*:service_provider:*:*:*:*:*",
"matchCriteriaId": "E6B0527C-C252-4809-BE7A-A77366917D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:4.1:*:marketplace:*:*:*:*:*",
"matchCriteriaId": "5F7ACC91-1BC3-4662-BD05-8862502F9EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:4.1:*:pro:*:*:*:*:*",
"matchCriteriaId": "D846B2D0-57C4-470B-A9D4-853981C8CE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:4.1:*:start:*:*:*:*:*",
"matchCriteriaId": "B21A547F-4F44-4754-9710-6A5250DF5581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:4.1.1:*:pro:*:*:*:*:*",
"matchCriteriaId": "4E9DD4CF-053E-4851-B0F1-A53D0FF9A98D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:4.1.1:*:start:*:*:*:*:*",
"matchCriteriaId": "FE660579-2A20-4E0D-BB15-4B41918D46E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability."
}
],
"id": "CVE-2001-0319",
"lastModified": "2024-11-20T23:35:06.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/2350"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/2350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-09-19 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_application_server | * | |
| ibm | websphere_commerce_suite | 3.1.2 | |
| ibm | websphere_commerce_suite | 3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D25121-0964-44B9-AA96-D994389BFF19",
"versionEndIncluding": "3.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "754B1A16-2178-4FC1-B2D9-82021316A60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01FF397E-2A22-4451-8C57-BF3B7CA178C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing."
}
],
"id": "CVE-2001-0962",
"lastModified": "2024-11-20T23:36:32.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-09-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5492"
},
{
"source": "cve@mitre.org",
"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-24 15:30
Modified
2024-11-21 01:06
Severity ?
Summary
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_commerce_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9325A374-8168-4C9C-8A6B-FF034FB7EC30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files."
},
{
"lang": "es",
"value": "Los componentes (1) Net.Commerce y (2) Net.Data en IBM WebSphere Commerce Suite almacenan informaci\u00f3n sensible en el directorio web ra\u00edz con un control de acceso insuficiente, permitiendo a atacantes remotos descubrir contrase\u00f1as, y detalles de la base de datos y el sistema de ficheros, mediante una petici\u00f3n directa a los ficheros de configuraci\u00f3n."
}
],
"id": "CVE-2009-2956",
"lastModified": "2024-11-21T01:06:09.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-24T15:30:00.343",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52616"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2001-0962
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:37
Severity ?
EPSS score ?
Summary
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7153 | vdb-entry, x_refsource_XF | |
| http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p | x_refsource_CONFIRM | |
| http://www.osvdb.org/5492 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010928 Re: Websphere cookie/sessionid predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "20010919 Websphere cookie/sessionid predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "ibm-websphere-seq-predict(7153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p"
},
{
"name": "5492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010928 Re: Websphere cookie/sessionid predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "20010919 Websphere cookie/sessionid predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "ibm-websphere-seq-predict(7153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p"
},
{
"name": "5492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5492"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010928 Re: Websphere cookie/sessionid predictable",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "20010919 Websphere cookie/sessionid predictable",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "ibm-websphere-seq-predict(7153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153"
},
{
"name": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p"
},
{
"name": "5492",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5492"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0962",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0319
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:14
Severity ?
EPSS score ?
Summary
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www-4.ibm.com/software/webservers/commerce/netcomletter.html | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/2350 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6067 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:07.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"name": "20010205 IBM NetCommerce Security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"name": "2350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2350"
},
{
"name": "ibm-netcommerce-reveal-information(6067)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"name": "20010205 IBM NetCommerce Security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"name": "2350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2350"
},
{
"name": "ibm-netcommerce-reveal-information(6067)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html",
"refsource": "CONFIRM",
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"name": "20010205 IBM NetCommerce Security",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"name": "2350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2350"
},
{
"name": "ibm-netcommerce-reveal-information(6067)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0319",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-04-04T00:00:00",
"dateUpdated": "2024-08-08T04:14:07.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2956
Vulnerability from cvelistv5
Published
2009-08-24 15:00
Modified
2024-08-07 06:07
Severity ?
EPSS score ?
Summary
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/52616 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "rational-websphere-config-info-disclosure(52616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52616"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "rational-websphere-config-info-disclosure(52616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52616"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rational-websphere-config-info-disclosure(52616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52616"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2956",
"datePublished": "2009-08-24T15:00:00",
"dateReserved": "2009-08-24T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0446
Vulnerability from cvelistv5
Published
2001-05-24 04:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=98583082225053&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010328 CHINANSL Security Advisory(CSA-200107)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98583082225053\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010328 CHINANSL Security Advisory(CSA-200107)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98583082225053\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010328 CHINANSL Security Advisory(CSA-200107)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98583082225053\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0446",
"datePublished": "2001-05-24T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}