Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ibm websphere commerce vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv3
CVE-2015-7397
Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter.
Ibm Websphere Commerce 7.0
NA
CVE-2012-3298
Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote malicious users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
Ibm Websphere Commerce 7.0
NA
CVE-2015-5015
IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote malicious users to obtain sensitive information via a crafted REST URL.
Ibm Websphere Commerce Enterprise
NA
CVE-2009-2956
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote malicious users to discover passwords, and database and filesystem details, via direct requests fo...
Ibm Websphere Commerce Suite
NA
CVE-2015-0133
IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote malicious users to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Ibm Websphere Commerce 7.0
NA
CVE-2013-2994
IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote malicious users to issue REST requests in the context of an arbitrary user's active session via unknown ve...
Ibm Websphere Commerce 7.0
NA
CVE-2010-2636
Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 prior to 7.0.0.1 allow remote malicious users to inject arbitrary web script or HTML via a crafted URL.
Ibm Websphere Commerce 7.0
NA
CVE-2001-0446
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote malicious users to read source code for .jsp files by appending a / to the requested URL.
Ibm Websphere Commerce Suite 4.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5