CVE-2013-2992
https://notcve.org/view.php?id=CVE-2013-2992
The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query. El componente de búsqueda en IBM WebSphere Commerce 7.0 FP4 hasta la versión FP6, en determinadas configuraciones de asociaciones búsqueda-termino, permite a atacantes remotos provocar una denegación de servicio a través de una consulta manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR46013 http://www-01.ibm.com/support/docview.wss?uid=swg1JR47273 http://www-01.ibm.com/support/docview.wss?uid=swg1JR47295 http://www-01.ibm.com/support/docview.wss?uid=swg1JR47313 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •
CVE-2013-0566
https://notcve.org/view.php?id=CVE-2013-0566
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM WebSphere Commerce 5.6.1.0 through 5.6.1.5, 6.0.0.0 through 6.0.0.11, and 7.0.0.0 through 7.0.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de cross-site scripting (XSS) en (1) Accelerator JSPs, (2) Organization Administration Console JSPs, y (3) Administration Console JSPs en WebSphere Commerce Tools en IBM WebSphere Commerce c5.6.1.0 hasta v5.6.1.5, c6.0.0.0 hasta v6.0.0.11, y v7.0.0.0 hasta v7.0.0.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML sin especificar a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR46776 http://www.ibm.com/support/docview.wss?uid=swg21647750 https://exchange.xforce.ibmcloud.com/vulnerabilities/83139 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-2993
https://notcve.org/view.php?id=CVE-2013-2993
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. IBM WebSphere Commerce 6.x a la 6.0.0.11 y 7.x a la 7.0.0.7, no realiza una autenticación adecuada para servicios web sin especificar, lo que permite a atacantes remotos emitir peticiones en el contexto de sesiones activas de usuarios a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR45302 http://www-01.ibm.com/support/docview.wss?uid=swg21644391 https://exchange.xforce.ibmcloud.com/vulnerabilities/84031 • CWE-287: Improper Authentication •
CVE-2013-0523
https://notcve.org/view.php?id=CVE-2013-0523
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access. IBM WebSphere Commerce Enterprise v5.6.x hasta v5.6.1.5,v6.0.x hasta v6.0.0.11, y v7.0.x hasta v7.0.0.7 no utiliza un algoritmo de cifrado adecuado para las solicitudes web storefront, permitiendo a atacantes remotos obtener información sensible a través de un ataque "padding oracle" que se dirige a ciertos procesamientos UTF-8 del parámetro Krypto, y aprovecha el acceso no especificado del navegador o el acceso al log de tráfico (traffic-log) • http://www-01.ibm.com/support/docview.wss?uid=swg1JR46386 http://www.vsecurity.com/advisory/20130619-1.txt http://www.vsecurity.com/resources/advisory/20130619-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/82541 https://www-01.ibm.com/support/docview.wss?uid=swg21640597 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-4855
https://notcve.org/view.php?id=CVE-2012-4855
Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors. Vulnerabilidad no especificada en el framework de servicios web de IBM WebSphere Commerce v6.0 a la v6.0.0.11 y v7.0 a la v7.0.0.6 permite a atacantes remotos causar una denegación de servicio (parada de login) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR44528 http://www-01.ibm.com/support/docview.wss?uid=swg1JR45471 http://www.ibm.com/support/docview.wss?uid=swg21618720 https://exchange.xforce.ibmcloud.com/vulnerabilities/79735 •