SQL Injection Vulnerability in IBM Net.Commerce 3.x
CVE-2001-0319

Currently unrated

Key Information:

Vendor: IBM
Status: Net.commerce; Net.commerce Hosting Server; Websphere Commerce Suite
Vendor: CVE Published:; 3 May 2001

What is CVE-2001-0319?

The orderdspc.d2w macro in IBM Net.Commerce 3.x is susceptible to SQL Injection, enabling remote attackers to execute arbitrary SQL commands by manipulating the order_rn parameter in the report capability. This vulnerability could lead to unauthorized data access or modification, posing significant risks to affected systems. It is crucial for organizations using this product to apply the necessary security patches and implement safeguards against such attacks.

References

http://www-4.ibm.com/software/webservers/commerce/netcoml...

x_refsource_CONFIRM

http://archives.neohapsis.com/archives/bugtraq/2001-02/00...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/2350

vdb-entryx_refsource_BID

EPSS Score

16% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2001
Vulnerability Reserved
Apr 4, 2001