Ibm

Websphere Commerce

43 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.1

CVE-2015-0200

  • EPSS 0.06%
  • Published 29.05.2015 15:59:04
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors.

2.1

CVE-2014-6211

  • EPSS 0.06%
  • Published 20.05.2015 01:59:59
  • Last modified 12.04.2025 10:46:40

The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain se...

5

CVE-2015-0133

  • EPSS 0.39%
  • Published 13.03.2015 01:59:25
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction with an entity reference, related to an XML Extern...

4.3

CVE-2014-4834

  • EPSS 0.76%
  • Published 05.11.2014 11:55:06
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a craft...

4

CVE-2014-4769

  • EPSS 0.27%
  • Published 05.11.2014 11:55:06
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entit...

7.1

CVE-2014-0943

  • EPSS 1.24%
  • Published 25.05.2014 22:55:02
  • Last modified 12.04.2025 10:46:40

IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id p...

4.3

CVE-2013-2992

  • EPSS 1.08%
  • Published 09.09.2013 11:39:08
  • Last modified 11.04.2025 00:51:21

The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query.

4.3

CVE-2013-0566

  • EPSS 0.27%
  • Published 27.08.2013 03:34:34
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 ...

6.4

CVE-2013-2994

  • EPSS 0.23%
  • Published 01.08.2013 13:32:25
  • Last modified 11.04.2025 00:51:21

IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active ses...

5.8

CVE-2013-2993

  • EPSS 0.2%
  • Published 01.08.2013 13:32:16
  • Last modified 11.04.2025 00:51:21

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknow...