CVE-2017-1170
https://notcve.org/view.php?id=CVE-2017-1170
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230. Una vulnerabilidad en IBM WebSphere Commerce Enterprise, Professional, Express y Developer 8.0 podría permitir a un atacante local secuestrar la sesión de un usuario. IBM X-Force ID: 123230. • http://www.ibm.com/support/docview.wss?uid=swg22001225 http://www.securityfocus.com/bid/98027 http://www.securitytracker.com/id/1038359 •
CVE-2016-5894
https://notcve.org/view.php?id=CVE-2016-5894
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408. IBM WebSphere Commerce Enterprise, Professional, Express y Developer 7.0 y 8.0 es vulnerable a vulnerabilidad de divulgación de información. Un usuario local podría ver una contraseña en texto plano en una consola Unix. • http://www.ibm.com/support/docview.wss?uid=swg21997408 http://www.securityfocus.com/bid/96624 http://www.securitytracker.com/id/1037962 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-6090
https://notcve.org/view.php?id=CVE-2016-6090
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service. IBM WebSphere Commerce contiene una vulnerabilidad no especificada que podría permitir divulgación de datos personales del usuario, realizando operaciones administrativas no autorizadas y potencialmente provocar una denegación de servicio. • http://www.ibm.com/support/docview.wss?uid=swg21992759 http://www.securityfocus.com/bid/93873 http://www.securitytracker.com/id/1037091 •
CVE-2016-2862
https://notcve.org/view.php?id=CVE-2016-2862
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM WebSphere Commerce 6.0 hasta la versión 6.0.0.11, 7.0 en versiones anteriores a 7.0.0.9 acumulable iFix 3 y 8.0 en versiones anteriores a 8.0.0.5 permite a atacantes remotos inyectar secuencia de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR55049 http://www-01.ibm.com/support/docview.wss?uid=swg1JR55139 http://www-01.ibm.com/support/docview.wss?uid=swg1JR55141 http://www-01.ibm.com/support/docview.wss?uid=swg1JR55264 http://www-01.ibm.com/support/docview.wss? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-2863
https://notcve.org/view.php?id=CVE-2016-2863
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x en versiones anteriores a 8.0.0.10 y 8.0.1.x en versiones anteriores a 8.0.1.2 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para peticiones que insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR55776 http://www-01.ibm.com/support/docview.wss?uid=swg21983626 http://www.securityfocus.com/bid/91544 http://www.securitytracker.com/id/1036219 • CWE-352: Cross-Site Request Forgery (CSRF) •