CVE-2010-2635SQL Injection in IBM Websphere Commerce

CWE-89SQL Injection3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 55.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Commerce
Timeline
PublishedNov 9
Latest updateMay 17

Description

SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

NVDibm/websphere_commerce9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-p4wf-p7fg-ghq6: SQL injection vulnerability in IBM WebSphere Commerce 62022-05-17
CVEList
CVE-2010-2635: SQL injection vulnerability in IBM WebSphere Commerce 62010-11-09
CVE-2010-2635 — SQL Injection in IBM Websphere Commerce | cvebase