Information Disclosure Vulnerability in IBM WebSphere Commerce
CVE-2018-1644

3.1LOW

Key Information:

Vendor: IBM
Status: Websphere Commerce
Vendor: CVE Published:; 27 August 2018

Summary

An information disclosure vulnerability in IBM WebSphere Commerce could allow an authenticated user to access sensitive information about another user, potentially compromising user privacy and security. This flaw impacts multiple versions of the product and requires immediate attention to mitigate risks.

Affected Version(s)

WebSphere Commerce 7.0.0.0

WebSphere Commerce 8.0.4.0

WebSphere Commerce 8.0.4.14

References

http://www.ibm.com/support/docview.wss?uid=ibm10728829

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/144589

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 27, 2018
Vulnerability Reserved
Dec 13, 2017