CVE-2015-7444

CWE-200 — Information Exposure4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 56.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Commerce

Timeline

PublishedFeb 15

Latest updateMay 17

Description

The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDibm/websphere_commerce7.0.0.8, 7.0.0.9+1

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-hrvm-cmxh-65xr: The Update Installer in IBM WebSphere Commerce Enterprise 7↗2022-05-17

▶

CVEList

CVE-2015-7444: The Update Installer in IBM WebSphere Commerce Enterprise 7↗2016-02-15

▶

💬Community

Bugzilla

CVE-2013-7444 CVE-2015-6737 CVE-2015-6736 CVE-2015-6727 CVE-2015-6733 CVE-2015-6732 CVE-2015-6731 CVE-2015-6730 CVE-2015-6728 CVE-2015-6729 CVE-2015-6735 CVE-2015-6734 mediawiki: multiple security fix↗2015-08-13

▶