Skip to main content

Sterling Selling And Fulfillment Foundation

10 CVEs product

Monthly

CVE-2016-9991 HIGH PATCH This Week

IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling Selling And Fulfillment Foundation
NVD
CVSS 3.0
8.0
EPSS
0.2%
CVE-2016-8917 HIGH PATCH This Week

IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling Selling And Fulfillment Foundation
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-5953 LOW PATCH Monitor

IBM Sterling Order Management transmits the session identifier within the URL. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling Selling And Fulfillment Foundation
NVD
CVSS 3.0
3.7
EPSS
0.1%
CVE-2015-1911 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Sterling Field Sales Sterling Order Management Sterling Selling And Fulfillment Foundation
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-4807 MEDIUM This Month

Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Sterling Selling And Fulfillment Foundation
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-0932 LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sterling Order Management Sterling Selling And Fulfillment Foundation
NVD VulDB
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-6322 LOW Monitor

Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sterling Selling And Fulfillment Foundation
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-0578 LOW Monitor

The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Sterling Multi Channel Fulfillment Solution Sterling Selling And Fulfillment Foundation
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-0506 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sterling Multi Channel Fulfillment Solution Sterling Selling And Fulfillment Foundation
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0505 MEDIUM This Month

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection IBM Sterling Multi Channel Fulfillment Solution Sterling Selling And Fulfillment Foundation
NVD
CVSS 2.0
5.5
EPSS
0.2%
EPSS 0% CVSS 8.0
HIGH PATCH This Week

IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling Selling And Fulfillment Foundation
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling Selling And Fulfillment Foundation
NVD
EPSS 0% CVSS 3.7
LOW PATCH Monitor

IBM Sterling Order Management transmits the session identifier within the URL. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Sterling Selling And Fulfillment Foundation
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Sterling Field Sales +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Sterling Selling And Fulfillment Foundation
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sterling Order Management +1
NVD VulDB
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sterling Selling And Fulfillment Foundation
NVD
EPSS 0% CVSS 3.5
LOW Monitor

The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Authentication Bypass Sterling Multi Channel Fulfillment Solution +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Sterling Multi Channel Fulfillment Solution +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection IBM Sterling Multi Channel Fulfillment Solution +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy