CVE-2017-1398
https://notcve.org/view.php?id=CVE-2017-1398
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 127385. IBM WebSphere Commerce Enterprise, Professional, Express y Developer versiones 6.0, 7.0 y 8.0, podrían permitir que un atacante remoto conducir ataques de phishing mediante un ataque de redireccionamiento abierto. • http://www.ibm.com/support/docview.wss?uid=swg22005360 http://www.securityfocus.com/bid/99491 https://exchange.xforce.ibmcloud.com/vulnerabilities/127385 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2017-1170
https://notcve.org/view.php?id=CVE-2017-1170
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230. Una vulnerabilidad en IBM WebSphere Commerce Enterprise, Professional, Express y Developer 8.0 podría permitir a un atacante local secuestrar la sesión de un usuario. IBM X-Force ID: 123230. • http://www.ibm.com/support/docview.wss?uid=swg22001225 http://www.securityfocus.com/bid/98027 http://www.securitytracker.com/id/1038359 •
CVE-2016-5894
https://notcve.org/view.php?id=CVE-2016-5894
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408. IBM WebSphere Commerce Enterprise, Professional, Express y Developer 7.0 y 8.0 es vulnerable a vulnerabilidad de divulgación de información. Un usuario local podría ver una contraseña en texto plano en una consola Unix. • http://www.ibm.com/support/docview.wss?uid=swg21997408 http://www.securityfocus.com/bid/96624 http://www.securitytracker.com/id/1037962 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-6090
https://notcve.org/view.php?id=CVE-2016-6090
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service. IBM WebSphere Commerce contiene una vulnerabilidad no especificada que podría permitir divulgación de datos personales del usuario, realizando operaciones administrativas no autorizadas y potencialmente provocar una denegación de servicio. • http://www.ibm.com/support/docview.wss?uid=swg21992759 http://www.securityfocus.com/bid/93873 http://www.securitytracker.com/id/1037091 •
CVE-2016-2862
https://notcve.org/view.php?id=CVE-2016-2862
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Commerce 6.0 hasta la versión 6.0.0.11, 7.0 en versiones anteriores a 7.0.0.9 acumulable iFix 3 y 8.0 en versiones anteriores a 8.0.0.5 permite a atacantes remotos inyectar secuencia de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR55049 http://www-01.ibm.com/support/docview.wss?uid=swg1JR55139 http://www-01.ibm.com/support/docview.wss?uid=swg1JR55141 http://www-01.ibm.com/support/docview.wss?uid=swg1JR55264 http://www-01.ibm.com/support/docview.wss? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •