Server-Side Code Injection in IBM WebSphere Commerce
CVE-2018-1808

4.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
13 November 2018

Summary

IBM WebSphere Commerce versions 9.0.0.0 through 9.0.0.6 are exposed to a vulnerability that allows for server-side code injection due to insufficient input sanitization. This flaw could be exploited to execute arbitrary code on the server, potentially compromising sensitive data and system integrity. It is crucial for organizations using affected versions to apply security patches and follow best practices to mitigate risks associated with this vulnerability. For more information, visit the IBM support documentation.

Affected Version(s)

WebSphere Commerce 9.0.0.0

WebSphere Commerce 9.0.0.4

WebSphere Commerce 9.0.0.1

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.