Websphere Commerce Suite
by IBM
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2001-0319 | 0.04 | — | 0.16 | May 3, 2001 | orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. | ||
| CVE-2009-2956 | 0.00 | — | 0.00 | Aug 24, 2009 | The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files. | ||
| CVE-2001-0962 | 0.00 | — | 0.01 | Sep 19, 2001 | IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. | ||
| CVE-2001-0446 | 0.00 | — | 0.01 | Jun 18, 2001 | IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL. |
- CVE-2001-0319May 3, 2001risk 0.04cvss —epss 0.16
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
- CVE-2009-2956Aug 24, 2009risk 0.00cvss —epss 0.00
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
- CVE-2001-0962Sep 19, 2001risk 0.00cvss —epss 0.01
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
- CVE-2001-0446Jun 18, 2001risk 0.00cvss —epss 0.01
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.