WebSphere Commerce Security Bulletin List
The following table is provided to help you locate WebSphere Commerce security bulletins.
Important: For up-to-date bulletins you can bookmark or subscribe
to the following services:
- The HCL PSIRT blog for WebSphere Commerce security bulletins.
- IBM software support updates for IBM companion software security bulletins.
| Date of last update | CVE | Vulnerability | Affected Versions | APAR number |
|---|---|---|---|---|
| June 5, 2023 | CVE-2023-23477, CVE-2022-22477, CVE-2022-38712, CVE-2022-34336, CVE-2022-40750, CVE-2022-34165, CVE-2022-35282, CVE-2022-22473 | Multiple vulnerabilities in WebSphere Application Server affect HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 7 |
N/A |
| June 5, 2023 | CVE-2022-43680, CVE-2022-37436, CVE-2022-21541, CVE-2021-2163, CVE-2022-21540, CVE-2022-21626, CVE-2017-9233, CVE-2013-0340, CVE-2022-21624 | Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with WebSphere Application Server affect HCL Commerce | WebSphere Application Server and IBM HTTP Server included in: WebSphere Commerce Version 7 |
N/A |
| April 19, 2023 | CVE-2022-40674, CVE-2022-43680, CVE-2022-43930, CVE-2022-43929, CVE-2022-43927 | Multiple vulnerabilities in IBM Db2 affect HCL Commerce | N/A | |
| November 28, 2022 | CVE-2022-22389, CVE-2022-35637, CVE-2022-22483, CVE-2022-22390 | Multiple vulnerabilities in IBM Db2 affect HCL Commerce | N/A | |
| September 20, 2022 | CVE-2022-26377, CVE-2022-28615, CVE-2022-28614, CVE-2022-29404, CVE-2022-31813, CVE-2022-30556 | Multiple vulnerabilities in IBM HTTP Server included with WebSphere Application Server affect HCL Commerce | WebSphere Application Server and IBM HTTP Server included in: WebSphere Commerce Version 7 |
N/A |
| July 21, 2022 | CVE-2022-22721, CVE-2022-22720, CVE-2022-22365, CVE-2022-22719 | Multiple vulnerabilities in IBM HTTP Server and WebSphere Application Server affect HCL Commerce | WebSphere Application Server and IBM HTTP Server included in: WebSphere Commerce Version 7 |
N/A |
| July 5, 2022 | CVE-2022-25315, CVE-2021-35550, CVE-2022-25313, CVE-2022-21340, CVE-2022-25236, CVE-2021-35603, CVE-2022-25235 | Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with WebSphere Application Server affect HCL Commerce | IBM Java SDK and IBM HTTP Server included in: WebSphere Commerce Version 7 |
N/A |
| April 9, 2022 | CVE-2021-23450, CVE-2022-23990, CVE-2022-23852, CVE-2022-22822, CVE-2022-22823, CVE-2022-22825, CVE-2021-46143, CVE-2022-22824, CVE-2022-22826, CVE-2022-22827, CVE-2021-45960 | Multiple vulnerabilities in IBM HTTP Server and WebSphere Application Server affect HCL Commerce | WebSphere Application Server and IBM HTTP Server included in: WebSphere Commerce Version 7 |
N/A |
| April 4, 2022 | CVE-2021-40438, CVE-2021-45046, CVE-2021-4104, CVE-2021-36090, CVE-2021-38951, CVE-2021-34798, CVE-2021-35517, CVE-2021-35578, CVE-2021-35564, CVE-2021-2369, CVE-2021-39275, CVE-2021-29842 | Multiple security vulnerabilities in WebSphere Application Server affect HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 7 |
N/A |
| March 24, 2022 | CVE-2022-23307, CVE-2022-23302, CVE-2022-23305 | Vulnerability in Apache Log4j 1.2 affects HCL Commerce | WebSphere Commerce Version 7 | N/A |
| December 16, 2021 | CVE-2021-4104 | Vulnerability in Apache Log4j 1.2 affects HCL Commerce | WebSphere Commerce Version 7 | N/A |
| December 12, 2021 | CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 | Multiple vulnerabilities in Apache Log4j 2 affect HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 7 |
N/A |
| October 14, 2021 | CVE-2021-29736 | Privilege Escalation vulnerability in WebSphere Application Server affects HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 7 |
N/A |
| September 2, 2021 | CVE-2020-5258, CVE-2021-20453, CVE-2021-20454, CVE-2021-26296, CVE-2021-2161, CVE-2015-5262, CVE-2011-1498, CVE-2014-3577, CVE-2012-6153, CVE-2021-29754 | Multiple vulnerabilities in WebSphere Application Server affect HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 7 |
N/A |
| June 4, 2021 | CVE-2021-20480 | Server-side Request Forgery in WebSphere Application Server affects HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 7 |
N/A |
| May 4, 2021 | CVE-2020-14797, CVE-2020-4949, CVE-2021-20353, CVE-2021-20354, CVE-2020-2773, CVE-2020-14782, CVE-2020-27221, CVE-2020-14781 | Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 7 |
N/A |
| May 4, 2021 | CVE-2020-4782, CVE-2020-4576 | Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 7 |
N/A |
| November 14, 2020 | CVE-2020-2601, CVE-2020-14621, CVE-2020-14581, CVE-2020-14579, CVE-2020-14578, CVE-2020-14577, CVE-2020-2590 | Security vulnerabilities in IBM® Java SDK included with WebSphere Application Server affect HCL Commerce | IBM® Java SDK included with WebSphere Application Server included in: WebSphere Commerce Version 7 |
N/A |
| November 14, 2020 | CVE-2020-4589, CVE-2020-4643, CVE-2020-4578 | Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 7 |
N/A |
| March 21, 2019 | CVE-2019-4094 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM DB2 9.7, 10.1, 10.5, and 11.1 | N/A |
| January 29, 2019 | CVE-2018-1840 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 8.5, and 9.0 | N/A |
| January 29, 2019 | CVE-2018-1904 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 | N/A |
| January 29, 2019 | CVE-2018-1901 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 8.5, and 9.0 | N/A |
| January 25, 2019 | CVE-2018-1643 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 8.0, 8.5, and 9.0 | N/A |
| January 25, 2019 | CVE-2018-1857 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM DB2 11.1 | N/A |
| January 24, 2019 | CVE-2018-1799 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM DB2 9.7, 10.1, 10.5, and 11.1 | N/A |
| January 24, 2019 | CVE-2018-1780 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM DB2 9.7, 10.1, 10.5, and 11.1 | N/A |
| January 24, 2019 | CVE-2018-1781 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM DB2 9.7, 10.1, 10.5, and 11.1 | N/A |
| January 24, 2019 | CVE-2018-1834 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM DB2 9.7, 10.1, 10.5, and 11.1 | N/A |
| January 15, 2019 | CVE-2018-1851 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server Liberty | N/A |
| January 14, 2019 | CVE-2018-1767 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 | N/A |
| December 29, 2018 | CVE-2018-1777 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 | N/A |
| December 28, 2018 | CVE-2018-1770 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 | N/A |
| December 28, 2018 | CVE-2018-1794 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 | N/A |
| December 28, 2018 | CVE-2018-1567 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 | N/A |
| December 28, 2018 | CVE-2018-1793 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 | N/A |
| December 28, 2018 | CVE-2018-1926 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 | N/A |
| December 28, 2018 | CVE-2014-7810 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 | N/A |
| December 12, 2018 | CVE-2018-1977 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM DB2 11.1 | N/A |
| November 27, 2018 | CVE-2018-1897 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM DB2 9.7, 10.1, 10.5, and 11.1 | N/A |
| October 19, 2018 | CVE-2018-1811 | IBM WebSphere Commerce could allow a remote attacker to obtain sensitive information | WebSphere Commerce V8.0 |
|
| October 19, 2018 | CVE-2018-1541 | A cross site scripting vulnerability affects IBM WebSphere Commerce Accelerator tool | WebSphere Commerce V8.0 |
|
| October 19, 2018 | CVE-2018-1807 | An authenticated open redirect vulnerability affects IBM WebSphere Commerce Accelerator Tool | WebSphere Commerce V8.0 |
|
| October 19, 2018 | CVE-2018-1806 | An Information Disclosure Vulnerability affects WebSphere Commerce | WebSphere Commerce V8.0 | N/A |
| October 18, 2018 | CVE-2018-1656 | A Security Vulnerability have been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 | N/A |
| October 18, 2018 | CVE-2018-12539 | A Security Vulnerability have been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | Eclipse OpenJ9 version 0.8 | N/A |
| October 17, 2018 | CVE-2018-1719 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 8.5, and 9.0 | N/A |
| September 26, 2018 | CVE-2018-1695 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | WebSphere Commerce V8.0 | N/A |
| August 23, 2018 | CVE-2018-1644 | An Information Disclosure Vulnerability When Using the RememberMe feature affects WebSphere Commerce | WebSphere Commerce V8.0 |
|
| August 21, 2018 | CVE-2018-1614 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 | N/A |
| August 21, 2018 | CVE-2015-0899 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | Apache Struts 1 1.1 through 1.3.10 | N/A |
| August 21, 2018 | CVE-2018-1739 | IBM WebSphere Commerce Aurora Storefront Could Allow an Open Redirect Attack | WebSphere Commerce V8.0 |
|
| August 20, 2018 | CVE-2018-2783 | A Security Vulnerability in IBM Java SDK affects WebSphere Application Server | Java SE, Java SE Embedded, JRockit component of Oracle Java SE | N/A |
| August 20, 2018 | CVE-2018-2800 | A Security Vulnerability in IBM Java SDK affects WebSphere Application Server | Java SE, JRockit component of Oracle Java SE | N/A |
| June 27, 2018 | CVE-2012-5783 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | Apache Commons HttpClient 3.x | N/A |
| May 24, 2018 | CVE-2017-1743 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 | N/A |
| May 17, 2018 | CVE-2017-12613 | A Security Vulnerability has been Identified in IBM HTTP Server Shipped with WebSphere Commerce | Apache Portable Runtime APR 1.6.2 | N/A |
| May 16, 2018 | CVE-2017-1741 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 | N/A |
| May 16, 2018 | CVE-2017-15710 | A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce | Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29 | N/A |
| May 16, 2018 | CVE-2017-15715 | A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce | Apache httpd 2.4.0 to 2.4.29 | N/A |
| May 16, 2018 | CVE-2018-1301 | A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce | Apache httpd prior to version 2.4.30 | N/A |
| May 16, 2018 | CVE-2017-1681 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server Liberty | N/A |
| May 16, 2018 | CVE-2017-1731 | A security vulnerability has been identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 | N/A |
| March 5, 2018 | CVE-2018-2633 | A security vulnerability in IBM Java SDK affect WebSphere Application Server | WebSphere Commerce Version 7 | N/A |
| March 5, 2018 | CVE-2018-2637 | A security vulnerability in IBM Java SDK affect WebSphere Application Server | WebSphere Commerce Version 7 | N/A |
| March 5, 2018 | CVE-2018-2634 | A security vulnerability in IBM Java SDK affect WebSphere Application Server | WebSphere Commerce Version 7 | N/A |
| March 5, 2018 | CVE-2018-2603 | A security vulnerability in IBM Java SDK affect WebSphere Application Server | WebSphere Commerce Version 7 | N/A |
| March 5, 2018 | CVE-2018-2602 | A security vulnerability in IBM Java SDK affect WebSphere Application Server | WebSphere Commerce Version 7 | N/A |
| December 19, 2017 | CVE-2017-10388 | A Security Vulnerability in IBM Java SDK Affect WebSphere Application Server October 2017 CPU | Java SE, Java SE Embedded, JRockit component of Oracle Java SE | N/A |
| December 19, 2017 | CVE-2017-10356 | A Security Vulnerability in IBM Java SDK Affect WebSphere Application Server October 2017 CPU | Java SE, Java SE Embedded, JRockit component of Oracle Java SE | N/A |
| December 19, 2017 | CVE-2017-9798 | A Security Vulnerability has been Identified in IBM HTTP Server Shipped with WebSphere Commerce | (IBM HTTP Server) Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27 | N/A |
| December 19, 2017 | CVE-2017-12618 | A Security Vulnerability has been Identified in IBM HTTP Server Shipped with WebSphere Commerce | Apache Portable Runtime Utility (APR-util) 1.6.0 and prior | N/A |
| November 14, 2017 | CVE-2017-1484 | IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data | WebSphere Commerce V8.0
|
|
| September 28, 2017 | CVE-2017-1569 | IBM WebSphere Commerce contains an vulnerability in Marketing ESpot's that could cause a denial of service | WebSphere Commerce V8.0
|
|
| August 18, 2017 | CVE-2017-1382 | A security vulnerability has been identified in IBM WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.13 | N/A |
| August 17, 2017 | CVE-2017-1381 | A security vulnerability has been identified in IBM WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.12 | N/A |
| August 14, 2017 | CVE-2017-7679 | A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce | IBM HTTP Server Version 8.5.5 | N/A |
| August 14, 2017 | CVE-2017-7668 | A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce | IBM HTTP Server Version 8.5.5 | N/A |
| August 14, 2017 | CVE-2017-3167 | A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce | IBM HTTP Server Version 8.5.5 | N/A |
| May 19, 2017 | CVE-2017-1194 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 | N/A |
| May 8, 2017 | Multiple | Multiple security vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2017 CPU shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 | N/A |
| March 14, 2017 | CVE-2016-0360 | A potential security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 | N/A |
| March 3, 2017 | CVE-2016-5894 | IBM WebSphere Commerce admin utilities could lead to disclosure of user personal data | WebSphere Commerce V8
|
|
| February 24, 2017 | CVE-2016-8919 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 | N/A |
| February 24, 2017 | CVE-2016-8743 | A potential security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 | N/A |
| February 24, 2017 | CVE-2017-1121 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 | N/A |
| December 23, 2016 | CVE-2016-8934 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 | N/A |
| November 18, 2016 | CVE-2016-5573 | A Security vulnerability in IBM Java SDK affect WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 | N/A |
| November 18, 2016 | CVE-2016-5597 | A Security vulnerability in IBM Java SDK affect WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 | N/A |
| October 24, 2016 | CVE-2016-6090 | WebSphere Commerce information disclosure and denial of service security vulnerability | WebSphere Commerce V8.0
|
JR56832 |
| September 22, 2016 | CVE-2016-5983 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 | N/A |
| September 15, 2016 | CVE-2016-5986 | Potential security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 | N/A |
| September 15, 2016 | CVE-2012-0876 | A security vulnerability were identified in IBM HTTP Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 | N/A |
| September 15, 2016 | CVE-2012-1148 | A security vulnerability were identified in IBM HTTP Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 | N/A |
| September 15, 2016 | CVE-2016-4472 | A security vulnerability were identified in IBM HTTP Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 | N/A |
| September 15, 2016 | CVE-2016-0718 | A security vulnerability were identified in IBM HTTP Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 | N/A |
| September 15, 2016 | CVE-2016-3092 | A security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 | N/A |
| September 15, 2016 | CVE-2016-2960 | Potential security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 | N/A |
| September 13, 2016 | CVE-2016-0385 | Potential security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 | N/A |
| September 13, 2016 | CVE-2016-0377 | A security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 | N/A |
| September 9, 2016 | CVE-2016-3485 | Potential security vulnerability was identified in IBM WebSphere Application Server included with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 | N/A |
| August 10, 2016 | CVE-2016-5387 | A potential security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce | WebSphere Commerce V8.0 | N/A |
| July 21, 2016 | CVE-2016-0225 | IBM WebSphere Commerce is vulnerable to an information disclosure vulnerability in the WebSphere Commerce Accelerator tool | WebSphere Commerce V8.0 Fix Pack 8.0.0.0 - 8.0.0.8 Mod Pack 8.0.1.0 |
JR55493 |
| July 6, 2016 | CVE-2016-0359 | HTTP Response Splitting in WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 | N/A |
| June 29, 2016 | CVE-2016-1181 | A Security Vulnerability in Apache Struts affects IBM WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 | N/A |
| June 29, 2016 | CVE-2016-1182 | A Security Vulnerability in Apache Struts affects IBM WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 | N/A |
| June 28, 2016 | CVE-2016-2863 | Cross-site Request Forgery (CSRF) security vulnerability in IBM WebSphere Commerce | WebSphere Commerce V8.0 Fix / Mod Pack 8.0.0.0 - 8.0.1.1 |
|
| June 28, 2016 | CVE-2016-2862 | Cross Site Scripting (XSS) security vulnerability in IBM WebSphere Commerce | WebSphere Commerce V8.0 Fix Pack 8.0.0.0 - 8.0.0.4 |
|
| June 9, 2016 | CVE-2015-0254 | Vulnerability in Apache Standard Taglibs affects IBM WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 | N/A |
| May 18, 2016 | CVE-2016-3426 | A Security vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 7.0.0.0 - 7.0.0.41 | N/A |
| May 18, 2016 | CVE-2016-3427 | A Security vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 7.0.0.0 - 7.0.0.41 | N/A |
| April 13, 2016 | CVE-2016-0306 | A potential security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 | N/A |
| March 3, 2016 | CVE-2016-0208 | WebSphere Commerce vulnerable to denial of service (DoS) attack | WebSphere Commerce V8.0 Fix Pack 8.0.0.0 - 8.0.0.2 |
JR54988 |
| February 22, 2016 | CVE-2016-0475 | A Security Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.8 | N/A |
| February 22, 2016 | CVE-2016-0466 | A Security Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.8 | N/A |
| February 22, 2016 | CVE-2015-7575 | A Security Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.8 | N/A |
| February 22, 2016 | CVE-2016-0448 | A Security Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.8 | N/A |
| February 12, 2016 | CVE-2016-0225 | IBM WebSphere Commerce is vulnerable to an information disclosure vulnerability in the WebSphere Commerce Accelerator tool | WebSphere Commerce V8.0 Fix Pack 8.0.0.0 - 8.0.0.8 Mod Pack 8.0.1.0 |
JR55493 |
| February 4, 2016 | CVE-2015-7444 | Information disclosure vulnerability found in IBM WebSphere Commerce | WebSphere Commerce Version 7 Feature Pack 7-8 |
JR54563 |
| January 19, 2016 | CVE-2015-7417 | Cross-site scripting vulnerability in IBM WebSphere Application Server | WebSphere Application Server 8.5.5.x | N/A |
| January 11, 2016 | CVE-2015-5008 | Reflected and Persistent cross-site scripting vulnerability found in WebSphere Commerce | WebSphere Commerce Version 7 Fix Pack 7.0.0.0 – 7.0.0.9 Feature Pack 1-8 |
JR54824, JR54825, JR54899, JR54264, JR54432 |
| January 11, 2016 | CVE-2015-5009 | Reflected and Persistent cross-site scripting vulnerability found in WebSphere Commerce | WebSphere Commerce Version 7 Fix Pack 7.0.0.0 – 7.0.0.9 Feature Pack 1-8 |
JR54824, JR54825, JR54899, JR54264, JR54432 |
| January 6, 2016 | CVE-2015-7397 | Open Redirect issue in Aurora starter store in IBM WebSphere Commerce | WebSphere Commerce Version 7 Feature Pack 5-8 |
JR54295 |
| January 5, 2016 | CVE-2015-5007 | Cross-site Request Forgery (CSRF) security vulnerability in IBM WebSphere Commerce | WebSphere Commerce Version 7 Fix Pack 7.0.0.6 - 7.0.0.11 Feature Pack 8 |
JR54267, JR54268 |
| November 18, 2015 | CVE-2015-7450 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server 7.0.0.x | N/A |
| November 17, 2015 | CVE-2015-2017 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server 7.0.0.x | N/A |
| October 21, 2015 | CVE-2015-5015 | Potential Information Disclosure vulnerability could expose user personal data | WebSphere Commerce Version 7 Feature Pack 8 |
Feature Pack 8 JR53970 |
| August 28, 2015 | CVE-2015-4980 | Potential Information Disclosure vulnerability could expose user personal data in WebSphere Commerce | WebSphere Commerce Version 7 Fix Pack 7.0.0.6 - 7.0.0.9 |
7.0.0.6 - 7.0.0.9 JR54107 |
| June 18, 2015 | CVE-2015-0196 | WebSphere Commerce is vulnerable to a HTTP Response Splitting attack | WebSphere Commerce Version 7 Fix Pack 7.0.0.0 - 7.0.0.8 |
7.0.0.0 - 7.0.0.7 JR51324 7.0.0.8JR52306 |
| May 27, 2015 | CVE-2014-0943 | WebSphere Commerce vulnerable to denial of service (DoS) attack | WebSphere Commerce Version 7 Fix Pack 7.0.0.0 – 7.0.0.7 Feature Pack 1-7 |
7.0.0.0-7.0.0.7 JR49881 Feature Pack 1-7JR49996 |
| May 14, 2015 | CVE-2015-0200 | WebSphere Commerce is affected by an information disclosure vulnerability | WebSphere Commerce Version 7 Fix Pack 7.0.0.0 – 7.0.0.8 |
7.0.0.0-7.0.0.7 JR50683 7.0.0.8JR52306 |
| April 30, 2015 | CVE-2014-6211 | WebSphere Commerce command-line scripts with debugging enabled could lead to disclosure of user personal data | WebSphere Commerce Version 7 Fix Pack 7.0.0.0 – 7.0.0.9 Feature Pack 2-8 |
7.0.0.0-7.0.0.7 JR52117 Feature Pack 2-8JR52117 7.0.0.0-7.0.0.9JR52983 |
| April 29, 2015 | CVE-2013-0566 | Potential cross-site scripting vulnerability related to WebSphere Commerce Tools pages | WebSphere Commerce Version 7 7.0.0.0 – 7.0.0.7 |
7.0.0.0-7.0.0.7 JR46776 |
| April 10, 2015 | CVE-2013-2992 | Potential DoS vulnerability related to WebSphere Commerce Search functionality | WebSphere Commerce Version 7 Fix Pack 7.0.0.4 – 7.0.0.6 |
Feature Pack 6 JR47420 JR47425 7.0.0.6 & Feature Pack 5JR47273 JR47295 Development environments also require JR47313 7.0.0.7 & Feature Pack 5JR47273 JR48214 Development environments also require JR47313 Feature Pack 4If JR42578 is installed, then JR47313 should be installed |
| February 10, 2015 | CVE-2015-0133 | Vulnerability with WebSphere Commerce XML External Entity (XXE) Processing | WebSphere Commerce Version 7 Feature Pack 4-8 |
Feature Pack 4-8 JR52499 |
| October 30, 2014 | CVE-2014-4834 | A Security vulnerability found in WebSphere Commerce XML External Entity (XXE) Processing | WebSphere Commerce Version 7 Fix Pack 7.0.0.0 – 7.0.0.8 |
7.0.0.0 - 7.0.0.7 JR49897 7.0.0.8JR50553 |
| October 30, 2014 | CVE-2014-4769 | A Security vulnerability found in WebSphere Commerce XML External Entity (XXE) Processing | WebSphere Commerce Version 7 Fix Pack 7.0.0.0 – 7.0.0.8 |
7.0.0.0 - 7.0.0.7 JR49897 7.0.0.8JR50553 |
| July 30, 2013 | CVE-2013-2993 | WebSphere Commerce authentication vulnerability | WebSphere Commerce Version 7 Fix Pack 7.0.0.0 – 7.0.0.6 |
7.0.0.0 - 7.0.0.6 JR45302 |
| July 26, 2014 | CVE-2013-2994 | Vulnerability in WebSphere Commerce REST services | WebSphere Commerce Version 7 Feature Pack 4-5 |
Feature Pack 4-5 JR45420 |
| June 14, 2013 | CVE-2013-0523 | WebSphere Commerce vulnerability could allow disclosure of user personal data | WebSphere Commerce Version 7 Fix Pack 7.0.0.0 – 7.0.0.7 |
7.0.0.0 - 7.0.0.6 APAR JR46386 |
| May 30, 2013 | CVE-2008-7271 | A security vulnerability in IBM Sales Center for WebSphere Commerce | IBM Sales Center for WebSphere Commerce V7.0 | For WebSphere Commerce V7.0 Apply; Lotus Expeditor Security Interim Fix for Sales Center for WebSphere Commerce V7 |
| May 30, 2013 | CVE-2010-4647 | A security vulnerability in IBM Sales Center for WebSphere Commerce | IBM Sales Center for WebSphere Commerce V7.0 | For WebSphere Commerce V7.0 Apply; Lotus Expeditor Security Interim Fix for Sales Center for WebSphere Commerce V7 |
| May 30, 2013 | CVE-2012-0186 | A security vulnerability in IBM Sales Center for WebSphere Commerce | IBM Sales Center for WebSphere Commerce V7.0 | For WebSphere Commerce V7.0 Apply; Lotus Expeditor Security Interim Fix for Sales Center for WebSphere Commerce V7 |
| May 30, 2013 | CVE-2012-0191 | A security vulnerability in IBM Sales Center for WebSphere Commerce | IBM Sales Center for WebSphere Commerce V7.0 | For WebSphere Commerce V7.0 Apply; Lotus Expeditor Security Interim Fix for Sales Center for WebSphere Commerce V7 |
| May 30, 2013 | CVE-2012-2159 | A security vulnerability in IBM Sales Center for WebSphere Commerce | IBM Sales Center for WebSphere Commerce V7.0 | For WebSphere Commerce V7.0 Apply; Lotus Expeditor Security Interim Fix for Sales Center for WebSphere Commerce V7 |
| May 30, 2013 | CVE-2012-2161 | A security vulnerability in IBM Sales Center for WebSphere Commerce | IBM Sales Center for WebSphere Commerce V7.0 | For WebSphere Commerce V7.0 Apply; Lotus Expeditor Security Interim Fix for Sales Center for WebSphere Commerce V7 |
| March 19, 2013 | CVE-2012-5764 | WebSphere Commerce V7.0 configuration file contains plain text passwords | WebSphere Commerce Version 7 Feature Pack 5 |
Feature Pack 5 JR45900 |
| February 27, 2013 | CVE-2012-4855 | Potential DoS vulnerability in WebSphere Commerce related to web services | WebSphere Commerce Version 7 Fix Pack 7.0.0.0 – 7.0.0.6 |
7.0.0.0 – 7.0.0.6 JR44528 |
| November 28, 2012 | CVE-2012-3298 | Vulnerability in WebSphere Commerce REST services | WebSphere Commerce Version 7 Feature Pack 4 |
Feature Pack 4 JR42770 |
| September 28, 2012 | CVE-2012-4830 | Vulnerability in WebSphere Commerce could allow disclosure of user personal data | WebSphere Commerce Version 7 Fix Pack 7.0.0.0 – 7.0.0.6 |
7.0.0.0 – 7.0.0.6 SE53160 |
| September 20, 2012 | CVE-2012-3300 | Vulnerability in WebSphere Commerce related to persistent sessions and personalization IDs. | WebSphere Commerce Version 7 Fix Pack 7.0.0.0 – 7.0.0.5 |
7.0.0.0 – 7.0.0.5 JR42771 |