Vulnerabilities > IBM > Websphere Commerce > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-01 | CVE-2013-2994 | Improper Input Validation vulnerability in IBM Websphere Commerce 7.0 IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors. | 6.4 |
| 2013-08-01 | CVE-2013-2993 | Improper Authentication vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | 5.8 |
| 2013-06-21 | CVE-2013-0523 | Information Exposure vulnerability in IBM Websphere Commerce IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access. | 4.3 |
| 2013-03-05 | CVE-2012-4855 | Denial Of Service vulnerability in IBM WebSphere Commerce Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors. network ibm | 4.3 |
| 2012-09-25 | CVE-2012-3300 | Resource Management Errors vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. | 2.6 |
| 2012-09-25 | CVE-2012-3298 | Denial-Of-Service vulnerability in IBM Websphere Commerce 7.0 Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors. | 10.0 |
| 2011-09-20 | CVE-2011-3577 | Improper Authentication vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors. | 10.0 |
| 2010-12-06 | CVE-2010-2639 | Information Exposure vulnerability in IBM Websphere Commerce 7.0/7.0.0.1 IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues." | 5.0 |
| 2010-11-09 | CVE-2010-2636 | Cross-Site Scripting vulnerability in IBM Websphere Commerce 7.0 Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2010-02-05 | CVE-2009-2752 | Cryptographic Issues vulnerability in IBM Websphere Commerce 7.0 IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. | 1.5 |