Server-Side Code Injection in IBM WebSphere Commerce
CVE-2018-1808

4.3MEDIUM

Key Information:

Vendor
IBM
Status
Websphere Commerce
Vendor
CVE Published:
13 November 2018

Summary

IBM WebSphere Commerce versions 9.0.0.0 through 9.0.0.6 are exposed to a vulnerability that allows for server-side code injection due to insufficient input sanitization. This flaw could be exploited to execute arbitrary code on the server, potentially compromising sensitive data and system integrity. It is crucial for organizations using affected versions to apply security patches and follow best practices to mitigate risks associated with this vulnerability. For more information, visit the IBM support documentation.

Affected Version(s)

WebSphere Commerce 9.0.0.0

WebSphere Commerce 9.0.0.4

WebSphere Commerce 9.0.0.1

References

http://www.securitytracker.com/id/1042034
vdb-entryx_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/149828
vdb-entryx_refsource_XF
https://www-01.ibm.com/support/docview.wss?uid=ibm10735905
x_refsource_CONFIRM

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.