CVSS: 5.8EPSS: 0%CPEs: 19EXPL: 0CVE-2013-2993
https://notcve.org/view.php?id=CVE-2013-2993
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. IBM WebSphere Commerce 6.x a la 6.0.0.11 y 7.x a la 7.0.0.7, no realiza una autenticación adecuada para servicios web sin especificar, lo que permite a atacantes remotos emitir peticiones en el contexto de sesiones activas de usuarios a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR45302 http://www-01.ibm.com/support/docview.wss?uid=swg21644391 https://exchange.xforce.ibmcloud.com/vulnerabilities/84031 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2013-0523
https://notcve.org/view.php?id=CVE-2013-0523
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access. IBM WebSphere Commerce Enterprise v5.6.x hasta v5.6.1.5,v6.0.x hasta v6.0.0.11, y v7.0.x hasta v7.0.0.7 no utiliza un algoritmo de cifrado adecuado para las solicitudes web storefront, permitiendo a atacantes remotos obtener información sensible a través de un ataque "padding oracle" que se dirige a ciertos procesamientos UTF-8 del parámetro Krypto, y aprovecha el acceso no especificado del navegador o el acceso al log de tráfico (traffic-log) • http://www-01.ibm.com/support/docview.wss?uid=swg1JR46386 http://www.vsecurity.com/advisory/20130619-1.txt http://www.vsecurity.com/resources/advisory/20130619-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/82541 https://www-01.ibm.com/support/docview.wss?uid=swg21640597 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2012-4855
https://notcve.org/view.php?id=CVE-2012-4855
Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors. Vulnerabilidad no especificada en el framework de servicios web de IBM WebSphere Commerce v6.0 a la v6.0.0.11 y v7.0 a la v7.0.0.6 permite a atacantes remotos causar una denegación de servicio (parada de login) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR44528 http://www-01.ibm.com/support/docview.wss?uid=swg1JR45471 http://www.ibm.com/support/docview.wss?uid=swg21618720 https://exchange.xforce.ibmcloud.com/vulnerabilities/79735 •
CVSS: 5.0EPSS: 0%CPEs: 34EXPL: 0CVE-2012-4830
https://notcve.org/view.php?id=CVE-2012-4830
Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors. Vulnerabilidad no especificada en IBM WebSphere Commerce v6.0 hasta v6.0.0.11 y 7.0 hasta v7.0.0.6, permite a atacantes remotos obtener datos personales de los usuarios a través de vectores desconocidos • http://osvdb.org/85868 http://www-01.ibm.com/support/docview.wss?uid=swg1SE53160 http://www-01.ibm.com/support/docview.wss?uid=swg21612484 https://exchange.xforce.ibmcloud.com/vulnerabilities/78867 •
CVSS: 2.6EPSS: 0%CPEs: 6EXPL: 0CVE-2012-3300
https://notcve.org/view.php?id=CVE-2012-3300
IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. IBM WebSphere Commerce v7.0 antes de v7.0.0.6, cuando se habilitan las sesiones persistentes y los identificadores de personalización, permite a atacantes remotos provocar una denegación de servicio (consumo de recursos) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR42771 http://www.ibm.com/support/docview.wss?uid=swg21610909 https://exchange.xforce.ibmcloud.com/vulnerabilities/77382 • CWE-399: Resource Management Errors •