Lucene search

MitreCVE-2010-2635

HistoryNov 09, 2010 - 9:00 p.m.

CVE-2010-2635

2010-11-0921:00:02

CWE-89

mitre

web.nvd.nist.gov

cve-2010-2635

sql injection

ibm websphere commerce

nvd

security vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.001

Percentile

43.7%

JSON

SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to “Commerce Organization Admin Console JavaServer pages.”

Affected configurations

Nvd

Node

ibmwebsphere_commerceMatch6.0.0.1

ibmwebsphere_commerceMatch6.0.0.2

ibmwebsphere_commerceMatch6.0.0.3

ibmwebsphere_commerceMatch6.0.0.4

ibmwebsphere_commerceMatch6.0.0.5

ibmwebsphere_commerceMatch6.0.0.6

ibmwebsphere_commerceMatch6.0.0.7

ibmwebsphere_commerceMatch6.0.0.8

ibmwebsphere_commerceMatch6.0.0.9

VendorProductVersionCPE
ibmwebsphere_commerce6.0.0.1cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.2cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.3cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.4cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.5cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.6cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.7cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.8cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.9cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_commerce	6.0.0.1	cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:::::::*
ibm	websphere_commerce	6.0.0.2	cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:::::::*
ibm	websphere_commerce	6.0.0.3	cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:::::::*
ibm	websphere_commerce	6.0.0.4	cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:::::::*
ibm	websphere_commerce	6.0.0.5	cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:::::::*
ibm	websphere_commerce	6.0.0.6	cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:::::::*
ibm	websphere_commerce	6.0.0.7	cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:::::::*
ibm	websphere_commerce	6.0.0.8	cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:::::::*
ibm	websphere_commerce	6.0.0.9	cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg1IZ73130

exchange.xforce.ibmcloud.com/vulnerabilities/62951

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.001

Percentile

43.7%

JSON

Related for CVE-2010-2635