Page 2 of 9 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 32EXPL: 0

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230. Una vulnerabilidad en IBM WebSphere Commerce Enterprise, Professional, Express y Developer 8.0 podría permitir a un atacante local secuestrar la sesión de un usuario. IBM X-Force ID: 123230. • http://www.ibm.com/support/docview.wss?uid=swg22001225 http://www.securityfocus.com/bid/98027 http://www.securitytracker.com/id/1038359 •

CVSS: 5.1EPSS: 0%CPEs: 42EXPL: 0

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix console. IBM Reference #: 1997408. IBM WebSphere Commerce Enterprise, Professional, Express y Developer 7.0 y 8.0 es vulnerable a vulnerabilidad de divulgación de información. Un usuario local podría ver una contraseña en texto plano en una consola Unix. • http://www.ibm.com/support/docview.wss?uid=swg21997408 http://www.securityfocus.com/bid/96624 http://www.securitytracker.com/id/1037962 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0

IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service. IBM WebSphere Commerce contiene una vulnerabilidad no especificada que podría permitir divulgación de datos personales del usuario, realizando operaciones administrativas no autorizadas y potencialmente provocar una denegación de servicio. • http://www.ibm.com/support/docview.wss?uid=swg21992759 http://www.securityfocus.com/bid/93873 http://www.securitytracker.com/id/1037091 •

CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x en versiones anteriores a 8.0.0.10 y 8.0.1.x en versiones anteriores a 8.0.1.2 permite a usuarios remotos autenticados secuestrar la autenticación de usuarios arbitrarios para peticiones que insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR55776 http://www-01.ibm.com/support/docview.wss?uid=swg21983626 http://www.securityfocus.com/bid/91544 http://www.securitytracker.com/id/1036219 • CWE-352: Cross-Site Request Forgery (CSRF) •