Vulnerabilities > IBM > Websphere Commerce > 7.0.0.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-01-15 | CVE-2015-5007 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Commerce Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
2015-09-14 | CVE-2015-4980 | Information Exposure vulnerability in IBM Websphere Commerce Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors. | 4.0 |
2015-05-20 | CVE-2014-6211 | Information Exposure vulnerability in IBM Websphere Commerce The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file. | 2.1 |