CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-2956
https://notcve.org/view.php?id=CVE-2009-2956
The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files. Los componentes (1) Net.Commerce y (2) Net.Data en IBM WebSphere Commerce Suite almacenan información sensible en el directorio web raíz con un control de acceso insuficiente, permitiendo a atacantes remotos descubrir contraseñas, y detalles de la base de datos y el sistema de ficheros, mediante una petición directa a los ficheros de configuración. • https://exchange.xforce.ibmcloud.com/vulnerabilities/52616 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2001-0962
https://notcve.org/view.php?id=CVE-2001-0962
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing. • http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html http://www.osvdb.org/5492 http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p https://exchange.xforce.ibmcloud.com/vulnerabilities/7153 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0446
https://notcve.org/view.php?id=CVE-2001-0446
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL. • http://marc.info/?l=bugtraq&m=98583082225053&w=2 •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 2CVE-2001-0319 – IBM Net.Commerce 2.0/3.x/4.x - orderdspc.d2w order_rn Option SQL Injection
https://notcve.org/view.php?id=CVE-2001-0319
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. • https://www.exploit-db.com/exploits/20618 http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html http://www-4.ibm.com/software/webservers/commerce/netcomletter.html http://www.securityfocus.com/bid/2350 https://exchange.xforce.ibmcloud.com/vulnerabilities/6067 •