SQL Injection Vulnerability in IBM Net.Commerce 3.x
CVE-2001-0319

Currently unrated

Key Information:

Vendor

IBM
Status
Net.commerce
Net.commerce Hosting Server
Websphere Commerce Suite
Vendor
CVE Published:
3 May 2001

What is CVE-2001-0319?

The orderdspc.d2w macro in IBM Net.Commerce 3.x is susceptible to SQL Injection, enabling remote attackers to execute arbitrary SQL commands by manipulating the order_rn parameter in the report capability. This vulnerability could lead to unauthorized data access or modification, posing significant risks to affected systems. It is crucial for organizations using this product to apply the necessary security patches and implement safeguards against such attacks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www-4.ibm.com/software/webservers/commerce/netcoml...
x_refsource_CONFIRM
http://archives.neohapsis.com/archives/bugtraq/2001-02/00...
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/2350
vdb-entryx_refsource_BID

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.