Vulnerabilities
Vulnerable Software
Ibm:  >> Websphere Commerce  >> 7.0  Security Vulnerabilities
IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors.
CVSS Score
6.4
EPSS Score
0.002
Published
2013-08-01
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.
CVSS Score
5.8
EPSS Score
0.002
Published
2013-08-01
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access.
CVSS Score
4.3
EPSS Score
0.002
Published
2013-06-21
Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors.
CVSS Score
4.3
EPSS Score
0.006
Published
2013-03-05
IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.
CVSS Score
2.6
EPSS Score
0.006
Published
2012-09-25
Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
CVSS Score
10.0
EPSS Score
0.024
Published
2012-09-25
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.012
Published
2011-09-20
IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues."
CVSS Score
5.0
EPSS Score
0.003
Published
2010-12-06
Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVSS Score
4.3
EPSS Score
0.002
Published
2010-11-09
IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors.
CVSS Score
4.3
EPSS Score
0.001
Published
2010-02-05


Contact Us

Shodan ® - All rights reserved