CVE-2010-2635:websphere_commerce: SQL injection vulnerability in IBM WebSphere Commer...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-2635

websphere_commerce: SQL injection vulnerability in IBM WebSphere Commer...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2635

Original

SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages."

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-11-09

Source Information Category:

Advisory, Alert

Last Updated:

2010-11-10

Affected Product Tags

cpe:/a:ibm:websphere_commerce:6.0.0.1

cpe:/a:ibm:websphere_commerce:6.0.0.2

cpe:/a:ibm:websphere_commerce:6.0.0.3

cpe:/a:ibm:websphere_commerce:6.0.0.4

cpe:/a:ibm:websphere_commerce:6.0.0.5

cpe:/a:ibm:websphere_commerce:6.0.0.6

cpe:/a:ibm:websphere_commerce:6.0.0.7

cpe:/a:ibm:websphere_commerce:6.0.0.8

cpe:/a:ibm:websphere_commerce:6.0.0.9

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

Vulnerability Type SQL Injection (CWE-89)

XF wsc-oacjsp-info-disclosure(62951)