WebSphere Commerce Security Bulletin List

The following table is provided to help you locate WebSphere Commerce security bulletins.

Important: For up-to-date bulletins you can bookmark or subscribe to the following services:
Date of last update CVE Vulnerability Affected Versions APAR number
November 28, 2022 CVE-2022-22389, CVE-2022-35637, CVE-2022-22483, CVE-2022-22390 Multiple vulnerabilities in IBM Db2 affect HCL Commerce N/A
September 20, 2022 CVE-2022-26377, CVE-2022-28615, CVE-2022-28614, CVE-2022-29404, CVE-2022-31813, CVE-2022-30556 Multiple vulnerabilities in IBM HTTP Server included with WebSphere Application Server affect HCL Commerce WebSphere Application Server and IBM HTTP Server

included in:

WebSphere Commerce Version 7
N/A
July 21, 2022 CVE-2022-22721, CVE-2022-22720, CVE-2022-22365, CVE-2022-22719 Multiple vulnerabilities in IBM HTTP Server and WebSphere Application Server affect HCL Commerce WebSphere Application Server and IBM HTTP Server

included in:

WebSphere Commerce Version 7
N/A
July 5, 2022 CVE-2022-25315, CVE-2021-35550, CVE-2022-25313, CVE-2022-21340, CVE-2022-25236, CVE-2021-35603, CVE-2022-25235 Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with WebSphere Application Server affect HCL Commerce IBM Java SDK and IBM HTTP Server

included in:

WebSphere Commerce Version 7
N/A
April 9, 2022 CVE-2021-23450, CVE-2022-23990, CVE-2022-23852, CVE-2022-22822, CVE-2022-22823, CVE-2022-22825, CVE-2021-46143, CVE-2022-22824, CVE-2022-22826, CVE-2022-22827, CVE-2021-45960 Multiple vulnerabilities in IBM HTTP Server and WebSphere Application Server affect HCL Commerce WebSphere Application Server and IBM HTTP Server

included in:

WebSphere Commerce Version 7
N/A
April 4, 2022 CVE-2021-40438, CVE-2021-45046, CVE-2021-4104, CVE-2021-36090, CVE-2021-38951, CVE-2021-34798, CVE-2021-35517, CVE-2021-35578, CVE-2021-35564, CVE-2021-2369, CVE-2021-39275, CVE-2021-29842 Multiple security vulnerabilities in WebSphere Application Server affect HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 7
N/A
March 24, 2022 CVE-2022-23307, CVE-2022-23302, CVE-2022-23305 Vulnerability in Apache Log4j 1.2 affects HCL Commerce WebSphere Commerce Version 7 N/A
December 16, 2021 CVE-2021-4104 Vulnerability in Apache Log4j 1.2 affects HCL Commerce WebSphere Commerce Version 7 N/A
December 12, 2021 CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 Multiple vulnerabilities in Apache Log4j 2 affect HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 7
N/A
October 14, 2021 CVE-2021-29736 Privilege Escalation vulnerability in WebSphere Application Server affects HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 7
N/A
September 2, 2021 CVE-2020-5258, CVE-2021-20453, CVE-2021-20454, CVE-2021-26296, CVE-2021-2161, CVE-2015-5262, CVE-2011-1498, CVE-2014-3577, CVE-2012-6153, CVE-2021-29754 Multiple vulnerabilities in WebSphere Application Server affect HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 7
N/A
June 4, 2021 CVE-2021-20480 Server-side Request Forgery in WebSphere Application Server affects HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 7
N/A
May 4, 2021 CVE-2020-14797, CVE-2020-4949, CVE-2021-20353, CVE-2021-20354, CVE-2020-2773, CVE-2020-14782, CVE-2020-27221, CVE-2020-14781 Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 7
N/A
May 4, 2021 CVE-2020-4782, CVE-2020-4576 Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 7
N/A
November 14, 2020 CVE-2020-2601, CVE-2020-14621, CVE-2020-14581, CVE-2020-14579, CVE-2020-14578, CVE-2020-14577, CVE-2020-2590 Security vulnerabilities in IBM® Java SDK included with WebSphere Application Server affect HCL Commerce IBM® Java SDK included with WebSphere Application Server

included in:

WebSphere Commerce Version 7
N/A
November 14, 2020 CVE-2020-4589, CVE-2020-4643, CVE-2020-4578 Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce WebSphere Application Server

included in:

WebSphere Commerce Version 7
N/A
March 21, 2019 CVE-2019-4094 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM DB2 9.7, 10.1, 10.5, and 11.1 N/A
January 29, 2019 CVE-2018-1840 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 8.5, and 9.0 N/A
January 29, 2019 CVE-2018-1904 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 N/A
January 29, 2019 CVE-2018-1901 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 8.5, and 9.0 N/A
January 25, 2019 CVE-2018-1643 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 8.0, 8.5, and 9.0 N/A
January 25, 2019 CVE-2018-1857 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM DB2 11.1 N/A
January 24, 2019 CVE-2018-1799 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM DB2 9.7, 10.1, 10.5, and 11.1 N/A
January 24, 2019 CVE-2018-1780 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM DB2 9.7, 10.1, 10.5, and 11.1 N/A
January 24, 2019 CVE-2018-1781 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM DB2 9.7, 10.1, 10.5, and 11.1 N/A
January 24, 2019 CVE-2018-1834 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM DB2 9.7, 10.1, 10.5, and 11.1 N/A
January 15, 2019 CVE-2018-1851 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server Liberty N/A
January 14, 2019 CVE-2018-1767 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 N/A
December 29, 2018 CVE-2018-1777 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 N/A
December 28, 2018 CVE-2018-1770 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 N/A
December 28, 2018 CVE-2018-1794 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 N/A
December 28, 2018 CVE-2018-1567 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 N/A
December 28, 2018 CVE-2018-1793 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 N/A
December 28, 2018 CVE-2018-1926 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 N/A
December 28, 2018 CVE-2014-7810 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 N/A
December 12, 2018 CVE-2018-1977 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM DB2 11.1 N/A
November 27, 2018 CVE-2018-1897 A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce IBM DB2 9.7, 10.1, 10.5, and 11.1 N/A
October 19, 2018 CVE-2018-1811 IBM WebSphere Commerce could allow a remote attacker to obtain sensitive information WebSphere Commerce V8.0
  • Mod Pack 4: Fix Pack 8.0.4.17
October 19, 2018 CVE-2018-1541 A cross site scripting vulnerability affects IBM WebSphere Commerce Accelerator tool WebSphere Commerce V8.0
  • Mod Pack 4: Fix Pack 8.0.4.18
October 19, 2018 CVE-2018-1807 An authenticated open redirect vulnerability affects IBM WebSphere Commerce Accelerator Tool WebSphere Commerce V8.0
  • Mod Pack 4: Fix Pack 8.0.4.18
October 19, 2018 CVE-2018-1806 An Information Disclosure Vulnerability affects WebSphere Commerce WebSphere Commerce V8.0 N/A
October 18, 2018 CVE-2018-1656 A Security Vulnerability have been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 N/A
October 18, 2018 CVE-2018-12539 A Security Vulnerability have been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce Eclipse OpenJ9 version 0.8 N/A
October 17, 2018 CVE-2018-1719 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 8.5, and 9.0 N/A
September 26, 2018 CVE-2018-1695 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce WebSphere Commerce V8.0 N/A
August 23, 2018 CVE-2018-1644 An Information Disclosure Vulnerability When Using the RememberMe feature affects WebSphere Commerce WebSphere Commerce V8.0
  • Mod Pack 4: Fix Pack 8.0.4.15
August 21, 2018 CVE-2018-1614 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 N/A
August 21, 2018 CVE-2015-0899 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce Apache Struts 1 1.1 through 1.3.10 N/A
August 21, 2018 CVE-2018-1739 IBM WebSphere Commerce Aurora Storefront Could Allow an Open Redirect Attack WebSphere Commerce V8.0
  • Mod Pack 4: Fix Pack 8.0.4.16
August 20, 2018 CVE-2018-2783 A Security Vulnerability in IBM Java SDK affects WebSphere Application Server Java SE, Java SE Embedded, JRockit component of Oracle Java SE N/A
August 20, 2018 CVE-2018-2800 A Security Vulnerability in IBM Java SDK affects WebSphere Application Server Java SE, JRockit component of Oracle Java SE N/A
June 27, 2018 CVE-2012-5783 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce Apache Commons HttpClient 3.x N/A
May 24, 2018 CVE-2017-1743 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 N/A
May 17, 2018 CVE-2017-12613 A Security Vulnerability has been Identified in IBM HTTP Server Shipped with WebSphere Commerce Apache Portable Runtime APR 1.6.2 N/A
May 16, 2018 CVE-2017-1741 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 N/A
May 16, 2018 CVE-2017-15710 A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29 N/A
May 16, 2018 CVE-2017-15715 A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce Apache httpd 2.4.0 to 2.4.29 N/A
May 16, 2018 CVE-2018-1301 A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce Apache httpd prior to version 2.4.30 N/A
May 16, 2018 CVE-2017-1681 A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server Liberty N/A
May 16, 2018 CVE-2017-1731 A security vulnerability has been identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 N/A
March 5, 2018 CVE-2018-2633 A security vulnerability in IBM Java SDK affect WebSphere Application Server WebSphere Commerce Version 7 N/A
March 5, 2018 CVE-2018-2637 A security vulnerability in IBM Java SDK affect WebSphere Application Server WebSphere Commerce Version 7 N/A
March 5, 2018 CVE-2018-2634 A security vulnerability in IBM Java SDK affect WebSphere Application Server WebSphere Commerce Version 7 N/A
March 5, 2018 CVE-2018-2603 A security vulnerability in IBM Java SDK affect WebSphere Application Server WebSphere Commerce Version 7 N/A
March 5, 2018 CVE-2018-2602 A security vulnerability in IBM Java SDK affect WebSphere Application Server WebSphere Commerce Version 7 N/A
December 19, 2017 CVE-2017-10388 A Security Vulnerability in IBM Java SDK Affect WebSphere Application Server October 2017 CPU Java SE, Java SE Embedded, JRockit component of Oracle Java SE N/A
December 19, 2017 CVE-2017-10356 A Security Vulnerability in IBM Java SDK Affect WebSphere Application Server October 2017 CPU Java SE, Java SE Embedded, JRockit component of Oracle Java SE N/A
December 19, 2017 CVE-2017-9798 A Security Vulnerability has been Identified in IBM HTTP Server Shipped with WebSphere Commerce (IBM HTTP Server) Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27 N/A
December 19, 2017 CVE-2017-12618 A Security Vulnerability has been Identified in IBM HTTP Server Shipped with WebSphere Commerce Apache Portable Runtime Utility (APR-util) 1.6.0 and prior N/A
November 14, 2017 CVE-2017-1484 IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data WebSphere Commerce V8.0
  • Mod Pack 0: Fix Packs 8.0.0.0 - 8.0.0.19
  • Mod Pack 1: Fix Packs 8.0.1.0 - 8.0.1.13
  • Mod Pack 3: Fix Packs 8.0.3.0 - 8.0.3.4
  • Mod Pack 4: Fix Packs 8.0.4.0 - 8.0.4.8
  • Mod Pack 4: Fix Pack 8.0.4.9
September 28, 2017 CVE-2017-1569 IBM WebSphere Commerce contains an vulnerability in Marketing ESpot's that could cause a denial of service WebSphere Commerce V8.0
  • Mod Pack 0: Fix Packs 8.0.0.0 - 8.0.0.19
  • Mod Pack 1: Fix Packs 8.0.1.0 - 8.0.1.13
  • Mod Pack 3: Fix Packs 8.0.3.0 - 8.0.3.4
  • Mod Pack 4: Fix Packs 8.0.4.0 - 8.0.4.5
  • Mod Pack 1: Fix Pack 8.0.1.14
  • Mod Pack 3: Fix Pack 8.0.3.5
  • Mod Pack 4: Fix Pack 8.0.4.6
August 18, 2017 CVE-2017-1382 A security vulnerability has been identified in IBM WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.13 N/A
August 17, 2017 CVE-2017-1381 A security vulnerability has been identified in IBM WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.12 N/A
August 14, 2017 CVE-2017-7679 A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce IBM HTTP Server Version 8.5.5 N/A
August 14, 2017 CVE-2017-7668 A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce IBM HTTP Server Version 8.5.5 N/A
August 14, 2017 CVE-2017-3167 A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce IBM HTTP Server Version 8.5.5 N/A
May 19, 2017 CVE-2017-1194 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 N/A
May 8, 2017 Multiple Multiple security vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2017 CPU shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 N/A
March 14, 2017 CVE-2016-0360 A potential security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 N/A
March 3, 2017 CVE-2016-5894 IBM WebSphere Commerce admin utilities could lead to disclosure of user personal data WebSphere Commerce V8
  • Mod Pack 0: Fix Packs 8.0.0.0 - 8.0.0.x
  • Mod Pack 1: Fix Packs 8.0.1.0 - 8.0.1.x
  • Fix included in: Mod Pack 3 (8.0.3.0) or higher
February 24, 2017 CVE-2016-8919 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 N/A
February 24, 2017 CVE-2016-8743 A potential security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 N/A
February 24, 2017 CVE-2017-1121 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 N/A
December 23, 2016 CVE-2016-8934 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 N/A
November 18, 2016 CVE-2016-5573 A Security vulnerability in IBM Java SDK affect WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 N/A
November 18, 2016 CVE-2016-5597 A Security vulnerability in IBM Java SDK affect WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 N/A
October 24, 2016 CVE-2016-6090 WebSphere Commerce information disclosure and denial of service security vulnerability WebSphere Commerce V8.0
  • Mod Pack 0: Fix Packs 8.0.0.0 - 8.0.0.16
  • Mod Pack 1: Fix Packs 8.0.1.0 - 8.0.1.8
  • Mod Pack 3 (8.0.3.0)
JR56832
September 22, 2016 CVE-2016-5983 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 N/A
September 15, 2016 CVE-2016-5986 Potential security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 N/A
September 15, 2016 CVE-2012-0876 A security vulnerability were identified in IBM HTTP Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 N/A
September 15, 2016 CVE-2012-1148 A security vulnerability were identified in IBM HTTP Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 N/A
September 15, 2016 CVE-2016-4472 A security vulnerability were identified in IBM HTTP Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 N/A
September 15, 2016 CVE-2016-0718 A security vulnerability were identified in IBM HTTP Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 N/A
September 15, 2016 CVE-2016-3092 A security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 N/A
September 15, 2016 CVE-2016-2960 Potential security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 N/A
September 13, 2016 CVE-2016-0385 Potential security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 N/A
September 13, 2016 CVE-2016-0377 A security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 N/A
September 9, 2016 CVE-2016-3485 Potential security vulnerability was identified in IBM WebSphere Application Server included with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 N/A
August 10, 2016 CVE-2016-5387 A potential security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce WebSphere Commerce V8.0 N/A
July 21, 2016 CVE-2016-0225 IBM WebSphere Commerce is vulnerable to an information disclosure vulnerability in the WebSphere Commerce Accelerator tool WebSphere Commerce V8.0

Fix Pack

8.0.0.0 - 8.0.0.8

Mod Pack

8.0.1.0

JR55493
July 6, 2016 CVE-2016-0359 HTTP Response Splitting in WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 N/A
June 29, 2016 CVE-2016-1181 A Security Vulnerability in Apache Struts affects IBM WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 N/A
June 29, 2016 CVE-2016-1182 A Security Vulnerability in Apache Struts affects IBM WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 N/A
June 28, 2016 CVE-2016-2863 Cross-site Request Forgery (CSRF) security vulnerability in IBM WebSphere Commerce WebSphere Commerce V8.0

Fix / Mod Pack

8.0.0.0 - 8.0.1.1

  • Fix / Mod Pack
  • 8.0.0.10 - 8.0.1.2
June 28, 2016 CVE-2016-2862 Cross Site Scripting (XSS) security vulnerability in IBM WebSphere Commerce WebSphere Commerce V8.0

Fix Pack

8.0.0.0 - 8.0.0.4

  • Fix Pack
  • 8.0.0.5
June 9, 2016 CVE-2015-0254 Vulnerability in Apache Standard Taglibs affects IBM WebSphere Application Server WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 N/A
May 18, 2016 CVE-2016-3426 A Security vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 7.0.0.0 - 7.0.0.41 N/A
May 18, 2016 CVE-2016-3427 A Security vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 7.0.0.0 - 7.0.0.41 N/A
April 13, 2016 CVE-2016-0306 A potential security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 N/A
March 3, 2016 CVE-2016-0208 WebSphere Commerce vulnerable to denial of service (DoS) attack WebSphere Commerce V8.0

Fix Pack

8.0.0.0 - 8.0.0.2

JR54988
February 22, 2016 CVE-2016-0475 A Security Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.8 N/A
February 22, 2016 CVE-2016-0466 A Security Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.8 N/A
February 22, 2016 CVE-2015-7575 A Security Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.8 N/A
February 22, 2016 CVE-2016-0448 A Security Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server Version 8.5.0.0 - 8.5.5.8 N/A
February 12, 2016 CVE-2016-0225 IBM WebSphere Commerce is vulnerable to an information disclosure vulnerability in the WebSphere Commerce Accelerator tool WebSphere Commerce V8.0

Fix Pack

8.0.0.0 - 8.0.0.8

Mod Pack

8.0.1.0

JR55493
February 4, 2016 CVE-2015-7444 Information disclosure vulnerability found in IBM WebSphere Commerce WebSphere Commerce Version 7

Feature Pack

7-8

JR54563
January 19, 2016 CVE-2015-7417 Cross-site scripting vulnerability in IBM WebSphere Application Server WebSphere Application Server 8.5.5.x N/A
January 11, 2016 CVE-2015-5008 Reflected and Persistent cross-site scripting vulnerability found in WebSphere Commerce WebSphere Commerce Version 7

Fix Pack

7.0.0.0 – 7.0.0.9

Feature Pack

1-8

JR54824, JR54825, JR54899, JR54264, JR54432
January 11, 2016 CVE-2015-5009 Reflected and Persistent cross-site scripting vulnerability found in WebSphere Commerce WebSphere Commerce Version 7

Fix Pack

7.0.0.0 – 7.0.0.9

Feature Pack

1-8

JR54824, JR54825, JR54899, JR54264, JR54432
January 6, 2016 CVE-2015-7397 Open Redirect issue in Aurora starter store in IBM WebSphere Commerce WebSphere Commerce Version 7

Feature Pack

5-8

JR54295
January 5, 2016 CVE-2015-5007 Cross-site Request Forgery (CSRF) security vulnerability in IBM WebSphere Commerce WebSphere Commerce Version 7

Fix Pack

7.0.0.6 - 7.0.0.11

Feature Pack

8

JR54267, JR54268
November 18, 2015 CVE-2015-7450 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server 7.0.0.x N/A
November 17, 2015 CVE-2015-2017 A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce WebSphere Application Server 7.0.0.x N/A
October 21, 2015 CVE-2015-5015 Potential Information Disclosure vulnerability could expose user personal data WebSphere Commerce Version 7

Feature Pack

8

Feature Pack 8

JR53970

August 28, 2015 CVE-2015-4980 Potential Information Disclosure vulnerability could expose user personal data in WebSphere Commerce WebSphere Commerce Version 7

Fix Pack

7.0.0.6 - 7.0.0.9

7.0.0.6 - 7.0.0.9

JR54107

June 18, 2015 CVE-2015-0196 WebSphere Commerce is vulnerable to a HTTP Response Splitting attack WebSphere Commerce Version 7

Fix Pack

7.0.0.0 - 7.0.0.8

7.0.0.0 - 7.0.0.7

JR51324

7.0.0.8

JR52306

May 27, 2015 CVE-2014-0943 WebSphere Commerce vulnerable to denial of service (DoS) attack WebSphere Commerce Version 7

Fix Pack

7.0.0.0 – 7.0.0.7

Feature Pack

1-7

7.0.0.0-7.0.0.7

JR49881

Feature Pack 1-7

JR49996

May 14, 2015 CVE-2015-0200 WebSphere Commerce is affected by an information disclosure vulnerability WebSphere Commerce Version 7

Fix Pack

7.0.0.0 – 7.0.0.8

7.0.0.0-7.0.0.7

JR50683

7.0.0.8

JR52306

April 30, 2015 CVE-2014-6211 WebSphere Commerce command-line scripts with debugging enabled could lead to disclosure of user personal data WebSphere Commerce Version 7

Fix Pack

7.0.0.0 – 7.0.0.9

Feature Pack 2-8

7.0.0.0-7.0.0.7

JR52117

Feature Pack 2-8

JR52117

7.0.0.0-7.0.0.9

JR52983

April 29, 2015 CVE-2013-0566 Potential cross-site scripting vulnerability related to WebSphere Commerce Tools pages WebSphere Commerce Version 7

7.0.0.0 – 7.0.0.7

7.0.0.0-7.0.0.7

JR46776

April 10, 2015 CVE-2013-2992 Potential DoS vulnerability related to WebSphere Commerce Search functionality WebSphere Commerce Version 7

Fix Pack

7.0.0.4 – 7.0.0.6

Feature Pack 6

JR47420

JR47425

7.0.0.6 & Feature Pack 5

JR47273

JR47295

Development environments also require JR47313

7.0.0.7 & Feature Pack 5

JR47273

JR48214

Development environments also require JR47313

Feature Pack 4

If JR42578 is installed, then JR47313 should be installed

February 10, 2015 CVE-2015-0133 Vulnerability with WebSphere Commerce XML External Entity (XXE) Processing WebSphere Commerce Version 7

Feature Pack 4-8

Feature Pack 4-8

JR52499

October 30, 2014 CVE-2014-4834 A Security vulnerability found in WebSphere Commerce XML External Entity (XXE) Processing WebSphere Commerce Version 7

Fix Pack

7.0.0.0 – 7.0.0.8

7.0.0.0 - 7.0.0.7

JR49897

7.0.0.8

JR50553

October 30, 2014 CVE-2014-4769 A Security vulnerability found in WebSphere Commerce XML External Entity (XXE) Processing WebSphere Commerce Version 7

Fix Pack

7.0.0.0 – 7.0.0.8

7.0.0.0 - 7.0.0.7

JR49897

7.0.0.8

JR50553

July 30, 2013 CVE-2013-2993 WebSphere Commerce authentication vulnerability WebSphere Commerce Version 7

Fix Pack

7.0.0.0 – 7.0.0.6

7.0.0.0 - 7.0.0.6

JR45302

July 26, 2014 CVE-2013-2994 Vulnerability in WebSphere Commerce REST services WebSphere Commerce Version 7

Feature Pack 4-5

Feature Pack 4-5

JR45420

June 14, 2013 CVE-2013-0523 WebSphere Commerce vulnerability could allow disclosure of user personal data WebSphere Commerce Version 7

Fix Pack

7.0.0.0 – 7.0.0.7

7.0.0.0 - 7.0.0.6

APAR JR46386

May 30, 2013 CVE-2008-7271 A security vulnerability in IBM Sales Center for WebSphere Commerce IBM Sales Center for WebSphere Commerce V7.0 For WebSphere Commerce V7.0 Apply; Lotus Expeditor Security Interim Fix for Sales Center for WebSphere Commerce V7
May 30, 2013 CVE-2010-4647 A security vulnerability in IBM Sales Center for WebSphere Commerce IBM Sales Center for WebSphere Commerce V7.0 For WebSphere Commerce V7.0 Apply; Lotus Expeditor Security Interim Fix for Sales Center for WebSphere Commerce V7
May 30, 2013 CVE-2012-0186 A security vulnerability in IBM Sales Center for WebSphere Commerce IBM Sales Center for WebSphere Commerce V7.0 For WebSphere Commerce V7.0 Apply; Lotus Expeditor Security Interim Fix for Sales Center for WebSphere Commerce V7
May 30, 2013 CVE-2012-0191 A security vulnerability in IBM Sales Center for WebSphere Commerce IBM Sales Center for WebSphere Commerce V7.0 For WebSphere Commerce V7.0 Apply; Lotus Expeditor Security Interim Fix for Sales Center for WebSphere Commerce V7
May 30, 2013 CVE-2012-2159 A security vulnerability in IBM Sales Center for WebSphere Commerce IBM Sales Center for WebSphere Commerce V7.0 For WebSphere Commerce V7.0 Apply; Lotus Expeditor Security Interim Fix for Sales Center for WebSphere Commerce V7
May 30, 2013 CVE-2012-2161 A security vulnerability in IBM Sales Center for WebSphere Commerce IBM Sales Center for WebSphere Commerce V7.0 For WebSphere Commerce V7.0 Apply; Lotus Expeditor Security Interim Fix for Sales Center for WebSphere Commerce V7
March 19, 2013 CVE-2012-5764 WebSphere Commerce V7.0 configuration file contains plain text passwords WebSphere Commerce Version 7

Feature Pack 5

Feature Pack 5

JR45900

February 27, 2013 CVE-2012-4855 Potential DoS vulnerability in WebSphere Commerce related to web services WebSphere Commerce Version 7

Fix Pack

7.0.0.0 – 7.0.0.6

7.0.0.0 – 7.0.0.6

JR44528

November 28, 2012 CVE-2012-3298 Vulnerability in WebSphere Commerce REST services WebSphere Commerce Version 7

Feature Pack 4

Feature Pack 4

JR42770

September 28, 2012 CVE-2012-4830 Vulnerability in WebSphere Commerce could allow disclosure of user personal data WebSphere Commerce Version 7

Fix Pack

7.0.0.0 – 7.0.0.6

7.0.0.0 – 7.0.0.6

SE53160

September 20, 2012 CVE-2012-3300 Vulnerability in WebSphere Commerce related to persistent sessions and personalization IDs. WebSphere Commerce Version 7

Fix Pack

7.0.0.0 – 7.0.0.5

7.0.0.0 – 7.0.0.5

JR42771