Skip to main content

Websphere Commerce CVE-2017-1484

MEDIUM
Information Exposure (CWE-200)
2017-11-27 psirt@us.ibm.com
4.3
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 27, 2017 - 21:29 cve.org
MEDIUM 4.3

DescriptionCVE.org

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622.

AnalysisAI

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 could allow an authenticated attacker to obtain information such as user personal data. IBM X-Force ID: 128622. Affected products include: Ibm Websphere Commerce.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2012-3298 CRITICAL
10.0 Sep 25

Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote atta

CVE-2016-6090 CRITICAL
9.8 Feb 01

IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performi

CVE-2015-5007 HIGH
8.8 Jan 15

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and

CVE-2018-1808 HIGH
8.8 Nov 13

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input contr

CVE-2016-2863 HIGH
8.0 Jul 03

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, a

CVE-2017-1569 HIGH
7.5 Oct 03

IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial

CVE-2015-7397 HIGH
7.4 Jan 10

Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8

CVE-2014-0943 HIGH
7.1 May 25

IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 throug

CVE-2013-2994 MEDIUM
6.4 Aug 01

IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified int

CVE-2015-5008 MEDIUM
6.1 Jan 18

Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9

CVE-2016-2862 MEDIUM
6.1 Jul 03

Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative i

CVE-2017-1398 MEDIUM
6.1 Jul 10

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 6.0, 7.0, and 8.0 could allow a remote attacker

Share

CVE-2017-1484 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy