Ibm Websphere Commerce — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Websphere Commerce, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (43)
CVE-2012-3298 — CVSS 10.0 (critical): Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain…
CVE-2008-6973 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors.
CVE-2011-3577 — CVSS 10.0 (critical): IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web…
CVE-2016-6090 — CVSS 9.8 (critical): IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized…
CVE-2015-5007 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8…
CVE-2016-2863 — CVSS 8.0 (high): Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before…
CVE-2017-1569 — CVSS 7.5 (high): IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM…
CVE-2015-7397 — CVSS 7.4 (high): Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote…
CVE-2014-0943 — CVSS 7.1 (high): IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7…
CVE-2010-2635 — CVSS 6.5 (medium): SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL…
CVE-2013-2994 — CVSS 6.4 (medium): IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST…
CVE-2016-2862 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0…
CVE-2015-5008 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack…
CVE-2017-1398 — CVSS 6.1 (medium): IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing…
CVE-2013-2993 — CVSS 5.8 (medium): IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services…
CVE-2018-1541 — CVSS 5.4 (medium): IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary…
CVE-2015-5009 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack…
CVE-2015-7444 — CVSS 5.3 (medium): The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows…
CVE-2017-1170 — CVSS 5.3 (medium): IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM…
CVE-2016-5894 — CVSS 5.1 (medium): IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability…
CVE-2010-2639 — CVSS 5.0 (medium): IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors…
CVE-2015-0133 — CVSS 5.0 (medium): IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative…
CVE-2015-0196 — CVSS 5.0 (medium): CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote…
CVE-2012-4830 — CVSS 5.0 (medium): Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users'…
CVE-2016-0225 — CVSS 4.9 (medium): IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to…
CVE-2013-0566 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3)…
CVE-2012-4855 — CVSS 4.3 (medium): Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows…
CVE-2014-4834 — CVSS 4.3 (medium): IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which…
CVE-2010-2636 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote…
CVE-2009-2751 — CVSS 4.3 (medium): IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified…
CVE-2018-1808 — CVSS 4.3 (medium): IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID…
CVE-2017-1484 — CVSS 4.3 (medium): IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain…
CVE-2013-0523 — CVSS 4.3 (medium): IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable…
CVE-2013-2992 — CVSS 4.3 (medium): The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote…
CVE-2015-4980 — CVSS 4.0 (medium): Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal…
CVE-2014-4769 — CVSS 4.0 (medium): IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP…
CVE-2016-0208 — CVSS 3.7 (low): IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of…
CVE-2012-3300 — CVSS 2.6 (low): IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a…
CVE-2015-0200 — CVSS 2.1 (low): IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via…
CVE-2014-6211 — CVSS 2.1 (low): The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when…
CVE-2009-2094 — CVSS 1.5 (low): Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain…
CVE-2009-2752 — CVSS 1.5 (low): IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive…