Websphere Commerce
by IBM
CVEs (48)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-2635 | 0.00 | — | 0.01 | Nov 9, 2010 | SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages." | |||
| CVE-2009-2752 | 0.00 | — | 0.00 | Feb 5, 2010 | IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. | |||
| CVE-2009-2751 | 0.00 | — | 0.01 | Feb 5, 2010 | IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors. | |||
| CVE-2009-2956 | 0.00 | — | 0.01 | Aug 24, 2009 | The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for… | |||
| CVE-2009-2094 | 0.00 | — | 0.00 | Aug 13, 2009 | Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors. | |||
| CVE-2008-6973 | 0.00 | — | 0.02 | Aug 13, 2009 | Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors. | |||
| CVE-2001-0962 | 0.00 | — | 0.02 | Sep 19, 2001 | IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. | |||
| CVE-2001-0446 | 0.00 | — | 0.01 | Jun 18, 2001 | IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL. |
- CVE-2010-2635Nov 9, 2010risk 0.00cvss —epss 0.01
SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages."
- CVE-2009-2752Feb 5, 2010risk 0.00cvss —epss 0.00
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
- CVE-2009-2751Feb 5, 2010risk 0.00cvss —epss 0.01
IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors.
- CVE-2009-2956Aug 24, 2009risk 0.00cvss —epss 0.01
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for…
- CVE-2009-2094Aug 13, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors.
- CVE-2008-6973Aug 13, 2009risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors.
- CVE-2001-0962Sep 19, 2001risk 0.00cvss —epss 0.02
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
- CVE-2001-0446Jun 18, 2001risk 0.00cvss —epss 0.01
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
Page 3 of 3