Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm websphere commerce vulnerabilities and exploits
(subscribe to this query)
1.5
CVSSv2
CVE-2009-2752
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
Ibm Websphere Commerce 7.0
6.4
CVSSv2
CVE-2013-2994
IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote malicious users to issue REST requests in the context of an arbitrary user's active session via unknown ve...
Ibm Websphere Commerce 7.0
5
CVSSv2
CVE-2015-5015
IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote malicious users to obtain sensitive information via a crafted REST URL.
Ibm Websphere Commerce Enterprise
10
CVSSv2
CVE-2012-3298
Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote malicious users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
Ibm Websphere Commerce 7.0
5
CVSSv2
CVE-2015-0133
IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote malicious users to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Ibm Websphere Commerce 7.0
5
CVSSv2
CVE-2009-2956
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote malicious users to discover passwords, and database and filesystem details, via direct requests fo...
Ibm Websphere Commerce Suite
4.3
CVSSv2
CVE-2009-2751
IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors.
Ibm Websphere Commerce 7.0
5
CVSSv2
CVE-2001-0446
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote malicious users to read source code for .jsp files by appending a / to the requested URL.
Ibm Websphere Commerce Suite 4.0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5