CVE-2018-1644

3.1LOW

Key Information:

Vendor: IBM
Status: Websphere Commerce
Vendor: CVE Published:; 27 August 2018

Summary

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.

Affected Version(s)

WebSphere Commerce 7.0.0.0

WebSphere Commerce 8.0.4.0

WebSphere Commerce 8.0.4.14

References

http://www.ibm.com/support/docview.wss?uid=ibm10728829

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/144589

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 27, 2018
Vulnerability Reserved
Dec 13, 2017