Vulnerabilities > IBM > Websphere Commerce > 8.0.3.1

DATE CVE VULNERABILITY TITLE RISK
2018-10-24 CVE-2018-1541 Cross-site Scripting vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2018-08-27 CVE-2018-1644 Information Exposure vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.
network
low complexity
ibm CWE-200
4.0
4.0
2017-11-27 CVE-2017-1484 Information Exposure vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data.
network
low complexity
ibm CWE-200
4.0
4.0
2017-10-03 CVE-2017-1569 Unspecified vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service.
network
low complexity
ibm
5.0
5.0
2017-04-26 CVE-2017-1170 Local Session Hijacking vulnerability in IBM WebSphere Commerce
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session.
local
low complexity
ibm
4.6
4.6