Server-Side Code Injection in IBM WebSphere Commerce
CVE-2018-1808
4.3MEDIUM
Summary
IBM WebSphere Commerce versions 9.0.0.0 through 9.0.0.6 are exposed to a vulnerability that allows for server-side code injection due to insufficient input sanitization. This flaw could be exploited to execute arbitrary code on the server, potentially compromising sensitive data and system integrity. It is crucial for organizations using affected versions to apply security patches and follow best practices to mitigate risks associated with this vulnerability. For more information, visit the IBM support documentation.
Affected Version(s)
WebSphere Commerce 9.0.0.0
WebSphere Commerce 9.0.0.4
WebSphere Commerce 9.0.0.1
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved