Check CVE Id
Check CWE Id
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
Websphere commerce suite
Net.commerce hosting server
CVSS Base Score
IBM PureApplication System 220.127.116.11 through 18.104.22.168 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.
IBM PureApplication System 22.214.171.124 through 126.96.36.199 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.
IBM PureApplication System 188.8.131.52 through 184.108.40.206 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force...
IBM PureApplication System 220.127.116.11 through 18.104.22.168 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.
IBM PureApplication System 22.214.171.124 through 126.96.36.199 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM ...
IBM API Connect 188.8.131.52 through 184.108.40.206 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162.
IBM Sterling B2B Integrator 220.127.116.11 and 18.104.22.168 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803.
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct which can lead to the exposure of resources or functionality to unintended actors. IBM X-Force ID: 158574.
Back to Top