CVE-2015-5007
published 2016-01-15CVE-2015-5007: Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote…
high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |
| ibm | websphere_commerce | — | — |