VYPR
High severity8.8NVD Advisory· Published Jan 15, 2016· Updated Jun 17, 2026

CVE-2015-5007

CVE-2015-5007

Description

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected products

24
  • cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:*:*:*:*:*:*:*+ 23 more
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack_8:*:*:*:*:*:*
    • (no CPE)range: <=6.0.0.11, <=7.0.0.9, =7.0 Feature Pack 8

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.