IBM » Websphere Commerce Suite : Security Vulnerabilities, CVEs,

CVE-2009-2956

The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.
Max CVSS
5.0
EPSS Score
0.16%
Published
2009-08-24
Updated
2017-08-17

CVE-2001-0962

IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
Max CVSS
7.5
EPSS Score
1.58%
Published
2001-09-19
Updated
2017-10-10

CVE-2001-0446

IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
Max CVSS
5.0
EPSS Score
0.27%
Published
2001-06-18
Updated
2016-10-18

CVE-2001-0319

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
Max CVSS
7.5
EPSS Score
0.82%
Published
2001-05-03
Updated
2017-10-10
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close