Vulnerabilities > IBM > Websphere Commerce > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-11-13 | CVE-2018-1808 | Code Injection vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. | 6.5 |
2018-08-27 | CVE-2018-1644 | Information Exposure vulnerability in IBM Websphere Commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user. | 4.0 |
2017-11-27 | CVE-2017-1484 | Information Exposure vulnerability in IBM Websphere Commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. | 4.0 |
2017-10-03 | CVE-2017-1569 | Unspecified vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. | 5.0 |
2017-07-10 | CVE-2017-1398 | Open Redirect vulnerability in IBM Websphere Commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.8 |
2017-04-26 | CVE-2017-1170 | Local Session Hijacking vulnerability in IBM WebSphere Commerce IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. | 4.6 |
2016-07-03 | CVE-2016-2863 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Commerce Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.0 |
2016-07-03 | CVE-2016-2862 | Cross-site Scripting vulnerability in IBM Websphere Commerce Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2016-03-14 | CVE-2016-0208 | Improper Access Control vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. | 4.3 |
2016-02-29 | CVE-2016-0225 | Improper Access Control vulnerability in IBM Websphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors. | 4.0 |