CVE-2009-2752 — IBM Websphere Commerce vulnerability

CWE-3103 documents3 sources

Severity

1.5LOWNVD

EPSS

0.1%

top 81.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Commerce

Timeline

PublishedFeb 5

Latest updateMay 2

Description

IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 2.7 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_commerce7.0

🔴Vulnerability Details

GHSA

GHSA-ghm7-4qj5-mxj2: IBM WebSphere Commerce 7↗2022-05-02

▶

CVEList

CVE-2009-2752: IBM WebSphere Commerce 7↗2010-02-05

▶