Ibm: >> Websphere Commerce Suite >> 3.1.2 Security Vulnerabilities
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
CVSS Score
5.0
EPSS Score
0.002
Published
2009-08-24
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
CVSS Score
7.5
EPSS Score
0.011
Published
2001-09-19
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
CVSS Score
7.5
EPSS Score
0.093
Published
2001-05-03