Search criteria
12 vulnerabilities found for websphere_commerce_suite by ibm
FKIE_CVE-2009-2956
Vulnerability from fkie_nvd - Published: 2009-08-24 15:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_commerce_suite | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9325A374-8168-4C9C-8A6B-FF034FB7EC30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files."
},
{
"lang": "es",
"value": "Los componentes (1) Net.Commerce y (2) Net.Data en IBM WebSphere Commerce Suite almacenan informaci\u00f3n sensible en el directorio web ra\u00edz con un control de acceso insuficiente, permitiendo a atacantes remotos descubrir contrase\u00f1as, y detalles de la base de datos y el sistema de ficheros, mediante una petici\u00f3n directa a los ficheros de configuraci\u00f3n."
}
],
"id": "CVE-2009-2956",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-24T15:30:00.343",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52616"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2001-0962
Vulnerability from fkie_nvd - Published: 2001-09-19 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_application_server | * | |
| ibm | websphere_commerce_suite | 3.1.2 | |
| ibm | websphere_commerce_suite | 3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D25121-0964-44B9-AA96-D994389BFF19",
"versionEndIncluding": "3.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "754B1A16-2178-4FC1-B2D9-82021316A60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "01FF397E-2A22-4451-8C57-BF3B7CA178C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing."
}
],
"id": "CVE-2001-0962",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-09-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5492"
},
{
"source": "cve@mitre.org",
"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2001-0446
Vulnerability from fkie_nvd - Published: 2001-06-18 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | websphere_commerce_suite | 4.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAE8EB5-A00C-4904-B0AE-7BC1892DAA74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL."
}
],
"id": "CVE-2001-0446",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-06-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=98583082225053\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=98583082225053\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2001-0319
Vulnerability from fkie_nvd - Published: 2001-05-03 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | net.commerce | 2.0 | |
| ibm | net.commerce | 3.0 | |
| ibm | net.commerce | 3.1 | |
| ibm | net.commerce | 3.1 | |
| ibm | net.commerce | 3.1.1 | |
| ibm | net.commerce | 3.1.1 | |
| ibm | net.commerce | 3.1.2 | |
| ibm | net.commerce | 3.1.2 | |
| ibm | net.commerce | 3.2 | |
| ibm | net.commerce | 3.2 | |
| ibm | net.commerce_hosting_server | 3.1.1 | |
| ibm | net.commerce_hosting_server | 3.1.2 | |
| ibm | net.commerce_hosting_server | 3.2 | |
| ibm | websphere_commerce_suite | 3.1.2 | |
| ibm | websphere_commerce_suite | 3.2 | |
| ibm | websphere_commerce_suite | 4.1 | |
| ibm | websphere_commerce_suite | 4.1 | |
| ibm | websphere_commerce_suite | 4.1 | |
| ibm | websphere_commerce_suite | 4.1.1 | |
| ibm | websphere_commerce_suite | 4.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:net.commerce:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE86316D-9345-4DAF-895C-C5CA3CE57DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68CE1451-5A6F-462C-AF6E-8B89992F4D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.1:*:pro:*:*:*:*:*",
"matchCriteriaId": "32F0400D-F53F-4A9D-AEAC-3C6CE82C874A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.1:*:start:*:*:*:*:*",
"matchCriteriaId": "2311CABF-10C8-425E-86A9-019C76005330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.1.1:*:pro:*:*:*:*:*",
"matchCriteriaId": "2B208B30-F707-4D89-AD78-B90B11AB3C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.1.1:*:start:*:*:*:*:*",
"matchCriteriaId": "3446F9E1-2B08-4CBF-89BD-E3877734CC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.1.2:*:pro:*:*:*:*:*",
"matchCriteriaId": "F7A986BA-889F-49B1-92B6-D0E0F87CC994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.1.2:*:start:*:*:*:*:*",
"matchCriteriaId": "D7E959F6-8E57-4C15-B692-4E59DA4112E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.2:*:pro:*:*:*:*:*",
"matchCriteriaId": "30945828-4F47-484B-82C0-37C64D4DB5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce:3.2:*:start:*:*:*:*:*",
"matchCriteriaId": "A8D8BD49-ECD4-4781-808C-D3DBDF54F734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce_hosting_server:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19361055-8688-4620-937F-310B2BC06080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce_hosting_server:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F96A57EA-67E5-4C0C-8FF6-8AEDA18927B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:net.commerce_hosting_server:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E63E2D8-EBDD-4016-85B3-188FCF9820BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:3.1.2:*:service_provider:*:*:*:*:*",
"matchCriteriaId": "0CE7944E-ECA2-4F41-9D35-B669D3CAD32F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:3.2:*:service_provider:*:*:*:*:*",
"matchCriteriaId": "E6B0527C-C252-4809-BE7A-A77366917D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:4.1:*:marketplace:*:*:*:*:*",
"matchCriteriaId": "5F7ACC91-1BC3-4662-BD05-8862502F9EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:4.1:*:pro:*:*:*:*:*",
"matchCriteriaId": "D846B2D0-57C4-470B-A9D4-853981C8CE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:4.1:*:start:*:*:*:*:*",
"matchCriteriaId": "B21A547F-4F44-4754-9710-6A5250DF5581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:4.1.1:*:pro:*:*:*:*:*",
"matchCriteriaId": "4E9DD4CF-053E-4851-B0F1-A53D0FF9A98D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:websphere_commerce_suite:4.1.1:*:start:*:*:*:*:*",
"matchCriteriaId": "FE660579-2A20-4E0D-BB15-4B41918D46E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability."
}
],
"id": "CVE-2001-0319",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/2350"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/2350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-2956 (GCVE-0-2009-2956)
Vulnerability from cvelistv5 – Published: 2009-08-24 15:00 – Updated: 2024-08-07 06:07
VLAI?
Summary
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "rational-websphere-config-info-disclosure(52616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52616"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "rational-websphere-config-info-disclosure(52616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52616"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rational-websphere-config-info-disclosure(52616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52616"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2956",
"datePublished": "2009-08-24T15:00:00",
"dateReserved": "2009-08-24T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0962 (GCVE-0-2001-0962)
Vulnerability from cvelistv5 – Published: 2002-06-25 04:00 – Updated: 2024-08-08 04:37
VLAI?
Summary
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010928 Re: Websphere cookie/sessionid predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "20010919 Websphere cookie/sessionid predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "ibm-websphere-seq-predict(7153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p"
},
{
"name": "5492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010928 Re: Websphere cookie/sessionid predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "20010919 Websphere cookie/sessionid predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "ibm-websphere-seq-predict(7153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p"
},
{
"name": "5492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5492"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010928 Re: Websphere cookie/sessionid predictable",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "20010919 Websphere cookie/sessionid predictable",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "ibm-websphere-seq-predict(7153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153"
},
{
"name": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p"
},
{
"name": "5492",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5492"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0962",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0446 (GCVE-0-2001-0446)
Vulnerability from cvelistv5 – Published: 2001-05-24 04:00 – Updated: 2024-08-08 04:21
VLAI?
Summary
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010328 CHINANSL Security Advisory(CSA-200107)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98583082225053\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010328 CHINANSL Security Advisory(CSA-200107)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98583082225053\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010328 CHINANSL Security Advisory(CSA-200107)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98583082225053\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0446",
"datePublished": "2001-05-24T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0319 (GCVE-0-2001-0319)
Vulnerability from cvelistv5 – Published: 2001-05-07 04:00 – Updated: 2024-08-08 04:14
VLAI?
Summary
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:07.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"name": "20010205 IBM NetCommerce Security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"name": "2350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2350"
},
{
"name": "ibm-netcommerce-reveal-information(6067)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"name": "20010205 IBM NetCommerce Security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"name": "2350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2350"
},
{
"name": "ibm-netcommerce-reveal-information(6067)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html",
"refsource": "CONFIRM",
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"name": "20010205 IBM NetCommerce Security",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"name": "2350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2350"
},
{
"name": "ibm-netcommerce-reveal-information(6067)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0319",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-04-04T00:00:00",
"dateUpdated": "2024-08-08T04:14:07.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2956 (GCVE-0-2009-2956)
Vulnerability from nvd – Published: 2009-08-24 15:00 – Updated: 2024-08-07 06:07
VLAI?
Summary
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:37.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "rational-websphere-config-info-disclosure(52616)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52616"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "rational-websphere-config-info-disclosure(52616)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52616"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rational-websphere-config-info-disclosure(52616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52616"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2956",
"datePublished": "2009-08-24T15:00:00",
"dateReserved": "2009-08-24T00:00:00",
"dateUpdated": "2024-08-07T06:07:37.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0962 (GCVE-0-2001-0962)
Vulnerability from nvd – Published: 2002-06-25 04:00 – Updated: 2024-08-08 04:37
VLAI?
Summary
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010928 Re: Websphere cookie/sessionid predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "20010919 Websphere cookie/sessionid predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "ibm-websphere-seq-predict(7153)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p"
},
{
"name": "5492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5492"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010928 Re: Websphere cookie/sessionid predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "20010919 Websphere cookie/sessionid predictable",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "ibm-websphere-seq-predict(7153)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p"
},
{
"name": "5492",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5492"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010928 Re: Websphere cookie/sessionid predictable",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "20010919 Websphere cookie/sessionid predictable",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html"
},
{
"name": "ibm-websphere-seq-predict(7153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153"
},
{
"name": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805\u0026pf=Multi-Platform\u0026v=3.0.2\u0026e=Standard+%26+Advanced+Editions\u0026cat=\u0026s=p"
},
{
"name": "5492",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5492"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0962",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0446 (GCVE-0-2001-0446)
Vulnerability from nvd – Published: 2001-05-24 04:00 – Updated: 2024-08-08 04:21
VLAI?
Summary
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010328 CHINANSL Security Advisory(CSA-200107)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98583082225053\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010328 CHINANSL Security Advisory(CSA-200107)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98583082225053\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010328 CHINANSL Security Advisory(CSA-200107)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98583082225053\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0446",
"datePublished": "2001-05-24T04:00:00",
"dateReserved": "2001-05-24T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0319 (GCVE-0-2001-0319)
Vulnerability from nvd – Published: 2001-05-07 04:00 – Updated: 2024-08-08 04:14
VLAI?
Summary
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:07.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"name": "20010205 IBM NetCommerce Security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"name": "2350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2350"
},
{
"name": "ibm-netcommerce-reveal-information(6067)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"name": "20010205 IBM NetCommerce Security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"name": "2350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2350"
},
{
"name": "ibm-netcommerce-reveal-information(6067)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html",
"refsource": "CONFIRM",
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"name": "20010205 IBM NetCommerce Security",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"name": "2350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2350"
},
{
"name": "ibm-netcommerce-reveal-information(6067)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0319",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-04-04T00:00:00",
"dateUpdated": "2024-08-08T04:14:07.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}