Information Disclosure Vulnerability in IBM WebSphere Commerce
CVE-2015-7444

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Websphere Commerce
Vendor
CVE Published:
15 February 2016

Summary

The Update Installer within IBM WebSphere Commerce versions 7.0.0.8 and 7.0.0.9 has a flaw that fails to adequately replicate the search index. This inadequacy permits attackers to gain unauthorized access to sensitive information through yet-to-be-specified vectors, potentially exposing critical data and increasing the risk of security breaches.

References

http://www-01.ibm.com/support/docview.wss?uid=swg24041614
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1JR54563
vendor-advisoryx_refsource_AIXAPAR

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.