Security bulletins

WebSphere Commerce releases security bulletins for APARs that address issues that are considered to be security vulnerabilities. These bulletins provide security risk assessment information to help you assess if a particular issue might impact your organization.

Important: For up-to-date bulletins you can bookmark or subscribe to the following services:
Date of publication CVE Vulnerability Affected software
May 20, 2024 CVE-2018-25032, CVE-2002-0059, CVE-2022-37434, CVE-2023-27859, CVE-2023-38003, CVE-2023-38727, CVE-2023-43020, CVE-2023-45178, CVE-2023-47158, CVE-2023-47145, CVE-2023-47701, CVE-2023-47746, CVE-2023-40687, CVE-2023-40692, CVE-2023-47747, CVE-2023-22081, CVE-2023-5676, CVE-2024-20952, CVE-2023-33850, CVE-2023-29258, CVE-2023-46167, CVE-2023-47141, CVE-2023-45193, CVE-2023-45178, CVE-2023-50308, CVE-2023-47152, CVE-2023-38729, CVE-2024-27254, CVE-2012-2677, CVE-2024-25046, CVE-2024-25030, CVE-2024-22360, CVE-2023-52296 Multiple vulnerabilities in IBM Db2 affect HCL Commerce IBM Db2 Database
May 1, 2024 CVE-2023-32342, CVE-2023-27554, CVE-2023-24966, CVE-2022-39161 Multiple vulnerabilities in IBM WebSphere Application Server and IBM HTTP Server affect HCL Commerce WebSphere Application Server and IBM HTTP Server

included in:

WebSphere Commerce Version 8
May 1, 2024 CVE-2022-40609, CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938, CVE-2023-35890, CVE-2023-22, CVE-2023-22049045, CVE-2023-22049 Multiple vulnerabilities in IBM WebSphere Application Server and IBM Java SDK affect HCL Commerce WebSphere Application Server and IBM Java SDK

included in:

WebSphere Commerce Version 8
November 27, 2023 CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160 Multiple vulnerabilities in jQuery-UI affect HCL Commerce WebSphere Commerce versions 8.0.0.0 - 8.0.4.29
November 7, 2023 CVE-2016-3012, CVE-2020-11022, CVE-2012-6708, CVE-2019-11358, CVE-2015-9251, CVE-2020-11023, CVE-2018-1838, CVE-2015-5041 Multiple vulnerabilities in IBM Security Directory Suite affect HCL Commerce IBM Security Directory Suite

included in:

WebSphere Commerce Version 8
June 23, 2023 CVE-2023-26281 Denial of service vulnerability in IBM HTTP Server affects HCL Commerce IBM HTTP Server

included in:

WebSphere Commerce Version 8
June 23, 2023 CVE-2023-24998 Multiple vulnerabilities in IBM WebSphere Application Server affect HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 8
June 23, 2023 CVE-2023-30441, CVE-2023-25690 Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with IBM WebSphere Application Server affect HCL Commerce IBM Java SDK and IBM HTTP Server

included in:

WebSphere Commerce Version 8
June 5, 2023 CVE-2023-23477, CVE-2022-22477, CVE-2022-38712, CVE-2022-34336, CVE-2022-40750, CVE-2022-34165, CVE-2022-35282, CVE-2022-22473 Multiple vulnerabilities in WebSphere Application Server affect HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 8
June 5, 2023 CVE-2022-43680, CVE-2022-37436, CVE-2022-21541, CVE-2021-2163, CVE-2022-21540, CVE-2022-21626, CVE-2017-9233, CVE-2013-0340, CVE-2022-21624 Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with WebSphere Application Server affect HCL Commerce WebSphere Application Server and IBM HTTP Server

included in:

WebSphere Commerce Version 8
April 19, 2023 CVE-2022-40674, CVE-2022-43680, CVE-2022-43930, CVE-2022-43929, CVE-2022-43927 Multiple vulnerabilities in IBM Db2 affect HCL Commerce IBM Db2 Database
November 28, 2022 CVE-2022-22389, CVE-2022-35637, CVE-2022-22483, CVE-2022-22390 Multiple vulnerabilities in IBM Db2 affect HCL Commerce IBM Db2 Database
September 20, 2022 CVE-2022-26377, CVE-2022-28615, CVE-2022-28614, CVE-2022-29404, CVE-2022-31813, CVE-2022-30556 Multiple vulnerabilities in IBM HTTP Server included with WebSphere Application Server affect HCL Commerce WebSphere Application Server and IBM HTTP Server

included in:

WebSphere Commerce Version 8
July 21, 2022 CVE-2020-36518 Jackson-databind vulnerability affects HCL Commerce jackson-databind

included in:

WebSphere Commerce Version 8
July 21, 2022 CVE-2022-22721, CVE-2022-22720, CVE-2022-22365, CVE-2022-22719 Multiple vulnerabilities in IBM HTTP Server and WebSphere Application Server affect HCL Commerce WebSphere Application Server and IBM HTTP Server

included in:

WebSphere Commerce Version 8
July 5, 2022 CVE-2022-25315, CVE-2021-35550, CVE-2022-25313, CVE-2022-21340, CVE-2022-25236, CVE-2021-35603, CVE-2022-25235 Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with WebSphere Application Server affect HCL Commerce IBM Java SDK and IBM HTTP Server

included in:

WebSphere Commerce Version 8
June 2, 2022 WS-2021-0616, CVE-2021-22096 Multiple vulnerabilities in open source components affect HCL Commerce jackson-databind, Spring Framework

included in:

WebSphere Commerce versions 8.0.0.0 - 8.0.4.28
April 19, 2022 CVE-2021-41035,CVE-2021-35560, CVE-2021-2388, CVE-2021-35578, CVE-2021-2369, CVE-2021-2432, CVE-2021-2341 Multiple vulnerabilities in IBM Security Directory Suite affect HCL Commerce IBM Security Directory Suite

included in:

WebSphere Commerce Version 8
April 9, 2022 CVE-2021-23450, CVE-2022-23990, CVE-2022-23852, CVE-2022-22822, CVE-2022-22823, CVE-2022-22825, CVE-2021-46143, CVE-2022-22824, CVE-2022-22826, CVE-2022-22827, CVE-2021-45960 Multiple vulnerabilities in IBM HTTP Server and WebSphere Application Server affect HCL Commerce WebSphere Application Server and IBM HTTP Server

included in:

WebSphere Commerce Version 8
April 5, 2022 CVE-2021-27751 HCL Commerce is affected by Insufficient Session Expiration vulnerability WebSphere Commerce versions 8.0.0.0 - 8.0.4.27
April 4, 2022 CVE-2021-40438, CVE-2021-45046, CVE-2021-4104, CVE-2021-36090, CVE-2021-38951, CVE-2021-34798, CVE-2021-35517, CVE-2021-35578, CVE-2021-35564, CVE-2021-2369, CVE-2021-39275, CVE-2021-29842 Multiple security vulnerabilities in WebSphere Application Server affect HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 8
March 24, 2022 CVE-2022-23307, CVE-2022-23302, CVE-2022-23305 Vulnerability in Apache Log4j 1.2 affects HCL Commerce WebSphere Commerce versions 8.0.0.0 - 8.0.4.27
January 20, 2022 CVE-2021-26272 Vulnerability in CKeditor affects HCL Commerce WebSphere Commerce versions 8.0.0.0 - 8.0.4.27
January 14, 2022 CVE-2021-27750 Session termination vulnerability in HCL Commerce WebSphere Commerce versions 8.0.0.0 - 8.0.4.26
December 16, 2021 CVE-2021-4104 Vulnerability in Apache Log4j 1.2 affects HCL Commerce WebSphere Commerce versions 8.0.0.0 - 8.0.4.27
December 12, 2021 CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 Multiple vulnerabilities in Apache Log4j 2 affect HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 8
October 14, 2021 CVE-2021-29736 Privilege Escalation vulnerability in WebSphere Application Server affects HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 8
September 2, 2021 CVE-2020-5258, CVE-2021-20453, CVE-2021-20454, CVE-2021-26296, CVE-2021-2161, CVE-2015-5262, CVE-2011-1498, CVE-2014-3577, CVE-2012-6153, CVE-2021-29754 Multiple vulnerabilities in WebSphere Application Server affect HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 8
September 1, 2021 CVE-2021-31811, CVE-2021-31812 Multiple security vulnerabilities in Apache PDFBox affect HCL Commerce WebSphere Commerce versions 8.0.0.0 - 8.0.4.26
August 11, 2021 CVE-2021-20517 A vulnerability in WebSphere Application Server affects HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 8
July 19, 2021 CVE-2021-27741 XML external entity (XXE) injection vulnerability in HCL Commerce WebSphere Commerce versions 8.0.0.0 - 8.0.4.26
June 4, 2021 CVE-2021-20480 Server-side Request Forgery in WebSphere Application Server affects HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 8
May 11, 2021 CVE-2021-23926 Vulnerability in XMLBeans affects HCL Commerce WebSphere Commerce versions 8.0.0.0 - 8.0.4.25
May 4, 2021 CVE-2020-14797, CVE-2020-4949, CVE-2021-20353, CVE-2021-20354, CVE-2020-2773, CVE-2020-14782, CVE-2020-27221, CVE-2020-14781 Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 8
May 4, 2021 CVE-2020-4782, CVE-2020-4576 Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 8
May 3, 2021 CVE-2020-25649 Multiple vulnerabilities in Jackson Databind affects HCL Commerce WebSphere Commerce versions 8.0.0.0 - 8.0.4.25
May 3, 2021 CVE-2020-9281, CVE-2018-17960 Cross-site scripting (XSS) vulnerabilities in CKEditor shipped with HCL Commerce WebSphere Commerce versions 8.0.0.0 - 8.0.4.25
February 18, 2021 CVE-2017-12626, CVE-2014-9527, CVE-2017-12626, WS-2016-7061, CVE-2019-12415, CVE-2017-5644, CVE-2016-4434, CVE-2018-11761, CVE-2018-11796 Multiple vulnerabilities in Apache POI and Apache Tika affects HCL Commerce WebSphere Commerce versions 8.0.4.0 - 8.0.4.25
January 29, 2021 WS-2017-0225 Vulnerability in Swagger UI affects WebSphere Commerce WebSphere Commerce Version 8
November 14, 2020 CVE-2020-2601, CVE-2020-14621, CVE-2020-14581, CVE-2020-14579, CVE-2020-14578, CVE-2020-14577, CVE-2020-2590 Security vulnerabilities in IBM® Java SDK included with WebSphere Application Server affect HCL Commerce IBM® Java SDK included with WebSphere Application Server

included in:

WebSphere Commerce V8.0.4.x
November 14, 2020 CVE-2020-4589, CVE-2020-4643, CVE-2020-4578 Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce V8.0.4.x
October 22, 2020 Multiple A number of software vulnerability fixes in companion software have been included. WebSphere Commerce V8.0.4.0 - 8.0.4.24
March 21, 2019 CVE-2019-4094 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM Db2 Database 9.7, 10.1, 10.5, and 11.1
January 29, 2019 CVE-2018-1840 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 8.5, and 9.0
January 29, 2019 CVE-2018-1904 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0
January 29, 2019 CVE-2018-1901 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server Liberty, 9.0, and 8.5
January 25, 2019 CVE-2018-1643 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, 8.5, and 8.0
January 25, 2019 CVE-2018-1857 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM Db2 Database 11.1
January 24, 2019 CVE-2018-1799 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM Db2 Database 9.7, 10.1, 10.5, and 11.1
January 24, 2019 CVE-2018-1780 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM Db2 Database 9.7, 10.1, 10.5, and 11.1
January 24, 2019 CVE-2018-1781 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM Db2 Database 9.7, 10.1, 10.5, and 11.1
January 24, 2019 CVE-2018-1834 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM Db2 Database 9.7, 10.1, 10.5, and 11.1
January 15, 2019 CVE-2018-1851 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server Liberty
January 14, 2019 CVE-2018-1767 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0
December 29, 2018 CVE-2018-1777 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0
December 28, 2018 CVE-2018-1770 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0
December 28, 2018 CVE-2018-1794 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0
December 28, 2018 CVE-2018-1567 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0
December 28, 2018 CVE-2018-1793 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0
December 28, 2018 CVE-2018-1926 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0
December 28, 2018 CVE-2014-7810 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16
December 12, 2018 CVE-2018-1977 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM Db2 Database 11.1
November 27, 2018 CVE-2018-1897 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM Db2 Database 9.7, 10.1, 10.5, and 11.1
October 29, 2018 CVE-2016-0702 A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g
October 29, 2018 CVE-2016-0705 A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g
October 29, 2018 CVE-2017-3732 Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d
October 29, 2018 CVE-2017-3736 A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g
October 29, 2018 CVE-2018-1427 A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce IBM Db2 Database 9.7, 10.1, 10.5, and 11.1
October 29, 2018 CVE-2018-1426 A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce IBM Db2 Database 9.7, 10.1, 10.5, and 11.1
October 29, 2018 CVE-2018-1447 A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce GSKit component of IBM Spectrum Protect 7.1 and 7.2, and IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6
October 19, 2018 CVE-2018-1811 IBM WebSphere Commerce could allow a remote attacker to obtain sensitive information WebSphere Commerce V8.0
October 19, 2018 CVE-2018-1541 A cross site scripting vulnerability affects IBM WebSphere Commerce Accelerator tool WebSphere Commerce V8.0
October 19, 2018 CVE-2018-1807 A authenticated open redirect vulnerability affects IBM WebSphere Commerce Accelerator Tool WebSphere Commerce V8.0
October 19, 2018 CVE-2018-1806 An Information Disclosure Vulnerability affects WebSphere Commerce WebSphere Commerce V8.0
October 18, 2018 CVE-2018-1656 A Security Vulnerability have been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0
October 18, 2018 CVE-2018-12539 A Security Vulnerability have been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce Eclipse OpenJ9 version 0.8
October 17, 2018 CVE-2018-1719 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, and 8.5
September 26, 2018 CVE-2018-1695 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce WebSphere Commerce V8.0
August 23, 2018 CVE-2018-1644 An Information Disclosure Vulnerability When Using the RememberMe feature affects WebSphere Commerce WebSphere Commerce V8.0
August 21, 2018 CVE-2018-1614 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0
August 21, 2018 CVE-2015-0899 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce Apache Struts 1 1.1 through 1.3.10
August 21, 2018 CVE-2018-1739 IBM WebSphere Commerce Aurora Storefront Could Allow an Open Redirect Attack WebSphere Commerce V8.0
August 20, 2018 CVE-2018-2783 A Vulnerability in IBM Java SDK affects WebSphere Application Server Java SE, Java SE Embedded, JRockit component of Oracle Java SE
August 20, 2018 CVE-2018-2800 A Vulnerability in IBM Java SDK affects WebSphere Application Server Java SE, JRockit component of Oracle Java SE
June 27, 2018 CVE-2012-5783 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce Apache Commons HttpClient 3.x
May 24, 2018 CVE-2017-1743 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0
May 17, 2018 CVE-2017-12613 A Security Vulnerability has been Identified in IBM HTTP Server Shipped with WebSphere Commerce Apache Portable Runtime APR 1.6.2
May 16, 2018 CVE-2017-1741 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0
May 16, 2018 CVE-2017-15710 A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29
May 16, 2018 CVE-2017-15715 A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce Apache httpd 2.4.0 to 2.4.29
May 16, 2018 CVE-2018-1301 A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce Apache httpd prior to version 2.4.30
May 16, 2018 CVE-2017-1681 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server Liberty
May 16, 2018 CVE-2017-1731 A security vulnerability has been identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0
March 5, 2018 CVE-2018-2633 A Vulnerability in IBM Java SDK affect WebSphere Application Server Java SE, Java SE Embedded, JRockit component of Oracle Java SE
March 5, 2018 CVE-2018-2637 A Vulnerability in IBM Java SDK affect WebSphere Application Server Java SE, Java SE Embedded, JRockit component of Oracle Java SE
March 5, 2018 CVE-2018-2634 A Vulnerability in IBM Java SDK affect WebSphere Application Server Java SE, Java SE Embedded, JRockit component of Oracle Java SE
March 5, 2018 CVE-2018-2603 A Vulnerability in IBM Java SDK affect WebSphere Application Server Java SE, Java SE Embedded, JRockit component of Oracle Java SE
March 5, 2018 CVE-2018-2602 A Vulnerability in IBM Java SDK affect WebSphere Application Server Java SE, Java SE Embedded, JRockit component of Oracle Java SE
March 5, 2018 CVE-2018-2579 A Vulnerability in IBM Java SDK affect WebSphere Application Server Java SE, Java SE Embedded, JRockit component of Oracle Java SE
December 19, 2017 CVE-2017-10388 A Vulnerability in IBM Java SDK Affect WebSphere Application Server October 2017 CPU Java SE, Java SE Embedded, JRockit component of Oracle Java SE
December 19, 2017 CVE-2017-10356 A Vulnerability in IBM Java SDK Affect WebSphere Application Server 12 2017 CPU Java SE, Java SE Embedded, JRockit component of Oracle Java SE
December 19, 2017 CVE-2017-9798 A Security Vulnerability has been Identified in IBM HTTP Server Shipped with WebSphere Commerce (IBM HTTP Server) Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27
December 19, 2017 CVE-2017-12618 A Security Vulnerability has been Identified in IBM HTTP Server Shipped with WebSphere Commerce Apache Portable Runtime Utility (APR-util) 1.6.0 and prior
November 14, 2017 CVE-2017-1583 IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data IBM WebSphere Application Server Liberty
November 14, 2017 CVE-2011-4343 IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4
November 14, 2017 CVE-2017-1484 IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data WebSphere Commerce V8.0
  • Mod Pack 0: Fix Packs 8.0.0.0 - 8.0.0.19
  • Mod Pack 1: Fix Packs 8.0.1.0 - 8.0.1.13
  • Mod Pack 3: Fix Packs 8.0.3.0 - 8.0.3.4
  • Mod Pack 4: Fix Packs 8.0.4.0 - 8.0.4.8
September 28, 2017 CVE-2017-1569 IBM WebSphere Commerce contains an vulnerability in Marketing ESpot's that could cause a denial of service WebSphere Commerce V8
  • Mod Pack 0: Fix Packs 8.0.0.0 - 8.0.0.19
  • Mod Pack 1: Fix Packs 8.0.1.0 - 8.0.1.13
  • Mod Pack 3: Fix Packs 8.0.3.0 - 8.0.3.4
  • Mod Pack 4: Fix Packs 8.0.4.0 - 8.0.4.5
August 18, 2017 CVE-2017-1382 A security vulnerability has been identified in IBM WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.13
August 17, 2017 CVE-2017-1381 A security vulnerability has been identified in IBM WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.12
August 15, 2017 CVE-2017-1501 Potential security vulnerability in the WebSphere Application Server Admin Console WebSphere Application Server Version 8.5.0.0 - 8.5.5.11
August 14, 2017 CVE-2017-7679 A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce IBM HTTP Server Version 8.5.5
August 14, 2017 CVE-2017-7668 A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce IBM HTTP Server Version 8.5.5
August 14, 2017 CVE-2017-3167 A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce IBM HTTP Server Version 8.5.5
July 6, 2017 CVE-2017-1398 IBM WebSphere Commerce is vulnerable to an open redirect issue WebSphere Commerce V8
May 19, 2017 CVE-2017-1194 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11
May 8, 2017 Multiple Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2017 CPU shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11
March 14, 2017 CVE-2016-0360 A potential security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11
March 3, 2017 CVE-2016-5894 IBM WebSphere Commerce admin utilities could lead to disclosure of user personal data WebSphere Commerce V8
  • Mod Pack 0: Fix Packs 8.0.0.0 - 8.0.0.x
  • Mod Pack 1: Fix Packs 8.0.1.0 - 8.0.1.x
February 24, 2017 CVE-2016-8919 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11
February 24, 2017 CVE-2016-8743 A potential security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11
February 24, 2017 CVE-2017-1121 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11
December 23, 2016 CVE-2016-9736 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10
December 23, 2016 CVE-2016-8934 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11
November 18, 2016 CVE-2016-5573 A Vulnerability in IBM Java SDK affect WebSphere Application Server (CVE-2016-5573) WebSphere Application Server Version 8.5.0.0 - 8.5.5.10
November 18, 2016 CVE-2016-5597 A Vulnerability in IBM Java SDK affect WebSphere Application Server (CVE-2016-5597) WebSphere Application Server Version 8.5.0.0 - 8.5.5.10
October 24, 2016 CVE-2016-6090 WebSphere Commerce information disclosure and denial of service security vulnerability (CVE-2016-6090) WebSphere Commerce V8.0
  • Mod Pack 0: Fix Packs 8.0.0.0 - 8.0.0.16
  • Mod Pack 1: Fix Packs 8.0.1.0 - 8.0.1.8
  • Mod Pack 3 (8.0.3.0)
September 22, 2016 CVE-2016-5983 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10
September 15, 2016 CVE-2016-5986 Potential security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10
September 15, 2016 CVE-2012-0876 A Vulnerability was identified in IBM HTTP Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10
September 15, 2016 CVE-2012-1148 A Vulnerability was identified in IBM HTTP Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10
September 15, 2016 CVE-2016-4472 A Vulnerability was identified in IBM HTTP Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10
September 15, 2016 CVE-2016-0718 A Vulnerability was identified in IBM HTTP Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10
September 15, 2016 CVE-2016-3092 A security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10
September 15, 2016 CVE-2016-2960 Potential security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.9
September 13, 2016 CVE-2016-0385 Potential security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.9
September 13, 2016 CVE-2016-0377 A security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.9
September 9, 2016 CVE-2016-3485 Potential security vulnerability were identified in IBM WebSphere Application Server included with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.9
August 10, 2016 CVE-2016-5387 A potential security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce WebSphere Commerce V8.0
July 21, 2016 CVE-2016-0225 IBM WebSphere Commerce is vulnerable to an information disclosure vulnerability in the WebSphere Commerce Accelerator tool WebSphere Commerce V8.0

Fix Pack

8.0.0.0 - 8.0.0.8

Mod Pack

8.0.1.0

July 6, 2016 CVE-2016-0359 HTTP Response Splitting in WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.9
June 29, 2016 CVE-2016-1181 A Vulnerability in Apache Struts affects IBM WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.9
June 29, 2016 CVE-2016-1182 A Vulnerability in Apache Struts affects IBM WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.9
June 28, 2016 CVE-2016-2863 Cross-site Request Forgery (CSRF) security vulnerability in IBM WebSphere Commerce WebSphere Commerce V8.0

Fix / Mod Pack

8.0.0.0 - 8.0.1.1

June 28, 2016 CVE-2016-2862 Cross Site Scripting (XSS) security vulnerability in IBM WebSphere Commerce WebSphere Commerce V8.0

Fix Pack

8.0.0.0 - 8.0.0.4

June 9, 2016 CVE-2015-0254 A Vulnerability in Apache Standard Taglibs affects IBM WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.9
May 18, 2016 CVE-2016-3426 A Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.9
May 18, 2016 CVE-2016-3427 A Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.9
April 13, 2016 CVE-2016-0306 A potential security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.9
March 3, 2016 CVE-2016-0208 WebSphere Commerce vulnerable to denial of service (DoS) attack WebSphere Commerce V8.0

Fix Pack

8.0.0.0 - 8.0.0.2

February 22, 2016 CVE-2016-0475 A Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.8
February 22, 2016 CVE-2016-0466 A Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.8
February 22, 2016 CVE-2015-7575 A Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.8
February 22, 2016 CVE-2016-0448 A Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.8
January 19, 2016 CVE-2015-7417 Cross-site scripting vulnerability in IBM WebSphere Application Server WebSphere Application Server 8.5.5.x
January 11, 2016 CVE-2015-5008 Reflected and Persistent cross-site scripting vulnerability found in WebSphere Commerce WebSphere Commerce V8.0.0
January 11, 2016 CVE-2015-5009 Reflected and Persistent cross-site scripting vulnerability found in WebSphere Commerce WebSphere Commerce V8.0.0
November 18, 2015 CVE-2015-7450 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server 8.5.5.x
November 17, 2015 CVE-2015-2017 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server 8.5.5.x