Ibm

Websphere Commerce

43 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-0523

  • EPSS 0.16%
  • Veröffentlicht 21.06.2013 19:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a p...

4.3

CVE-2012-4855

  • EPSS 0.63%
  • Veröffentlicht 05.03.2013 21:38:58
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors.

5

CVE-2012-4830

  • EPSS 0.26%
  • Veröffentlicht 01.10.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors.

2.6

CVE-2012-3300

  • EPSS 0.59%
  • Veröffentlicht 25.09.2012 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.

10

CVE-2012-3298

  • EPSS 2.39%
  • Veröffentlicht 25.09.2012 20:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

10

CVE-2011-3577

  • EPSS 1.22%
  • Veröffentlicht 20.09.2011 10:55:08
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.

5

CVE-2010-2639

  • EPSS 0.29%
  • Veröffentlicht 06.12.2010 20:12:58
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching ...

4.3

CVE-2010-2636

  • EPSS 0.2%
  • Veröffentlicht 09.11.2010 21:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.

6.5

CVE-2010-2635

  • EPSS 0.22%
  • Veröffentlicht 09.11.2010 21:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages."

1.5

CVE-2009-2752

  • EPSS 0.06%
  • Veröffentlicht 05.02.2010 22:30:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.