CVE-2014-0943Improper Input Validation in IBM Websphere Commerce

CWE-20Improper Input Validation3 documents3 sources
Severity
7.1HIGHNVD
EPSS
1.2%
top 21.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Commerce
Timeline
PublishedMay 25
Latest updateMay 13

Description

IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, 7.0.0.0 through 7.0.0.8, and 7.0 Feature Pack 1 through Feature Pack 7 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a malformed id parameter in a request.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDibm/websphere_commerce10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-65p8-g27h-v5h2: IBM WebSphere Commerce 62022-05-13
CVEList
CVE-2014-0943: IBM WebSphere Commerce 62014-05-25
CVE-2014-0943 — Improper Input Validation in IBM | cvebase