Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
websphere commerce vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2015-7397
Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter.
Ibm Websphere Commerce 7.0
5
CVSSv2
CVE-2015-5015
IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote malicious users to obtain sensitive information via a crafted REST URL.
Ibm Websphere Commerce Enterprise
6.4
CVSSv2
CVE-2013-2994
IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote malicious users to issue REST requests in the context of an arbitrary user's active session via unknown ve...
Ibm Websphere Commerce 7.0
5
CVSSv2
CVE-2015-0133
IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote malicious users to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Ibm Websphere Commerce 7.0
4.3
CVSSv2
CVE-2009-2751
IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors.
Ibm Websphere Commerce 7.0
10
CVSSv2
CVE-2012-3298
Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote malicious users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
Ibm Websphere Commerce 7.0
5
CVSSv2
CVE-2001-0446
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote malicious users to read source code for .jsp files by appending a / to the requested URL.
Ibm Websphere Commerce Suite 4.0.1
7.5
CVSSv2
CVE-2001-0319
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote malicious users to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
Ibm Net.commerce 3.0
Ibm Net.commerce 3.1.1
Ibm Net.commerce Hosting Server 3.1.1
Ibm Net.commerce Hosting Server 3.1.2
Ibm Websphere Commerce Suite 4.1
Ibm Net.commerce 3.1.2
Ibm Net.commerce 3.1
Ibm Websphere Commerce Suite 3.2
Ibm Websphere Commerce Suite 4.1.1
Ibm Net.commerce Hosting Server 3.2
Ibm Websphere Commerce Suite 3.1.2
Ibm Net.commerce 2.0
Ibm Net.commerce 3.2
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5