Vulnerabilities > IBM > Websphere Commerce > 7.0.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-03 | CVE-2017-1569 | Unspecified vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. | 7.5 |
| 2017-07-10 | CVE-2017-1398 | Open Redirect vulnerability in IBM Websphere Commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2017-03-08 | CVE-2016-5894 | Information Exposure vulnerability in IBM Websphere Commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. | 5.1 |
| 2017-02-01 | CVE-2016-6090 | Unspecified vulnerability in IBM Websphere Commerce IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service. | 9.8 |
| 2016-07-03 | CVE-2016-2862 | Cross-site Scripting vulnerability in IBM Websphere Commerce Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-03-14 | CVE-2016-0208 | Improper Access Control vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. | 3.7 |
| 2016-02-29 | CVE-2016-0225 | Improper Access Control vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors. | 4.9 |
| 2016-01-18 | CVE-2015-5009 | Cross-site Scripting vulnerability in IBM Websphere Commerce Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
| 2016-01-18 | CVE-2015-5008 | Cross-site Scripting vulnerability in IBM Websphere Commerce Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-01-15 | CVE-2015-5007 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Commerce Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 8.8 |