CVE-2018-1644

CWE-200Information Exposure3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 63.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Commerce
Timeline
PublishedAug 27
Latest updateMay 13

Description

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

NVDibm/websphere_commerce8.0.0.08.0.0.19+5
CVEListV5ibm/websphere_commerce62 versions+61

🔴Vulnerability Details

2
GHSA
GHSA-95rc-cm6x-rc44: IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 92022-05-13
CVEList
CVE-2018-1644: IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 92018-08-27
CVE-2018-1644 (MEDIUM CVSS 4.3) | IBM WebSphere Commerce Enterprise | cvebase.io