Security bulletins
WebSphere Commerce releases security bulletins for APARs that address issues that are considered to be security vulnerabilities. These bulletins provide security risk assessment information to help you assess if a particular issue might impact your organization.
Important: For up-to-date bulletins you can bookmark or subscribe to the following
services:
- The HCL PSIRT blog for WebSphere Commerce security bulletins.
- IBM software support updates for IBM companion software security bulletins.
| Date of publication | CVE | Vulnerability | Affected software |
|---|---|---|---|
| November 27, 2023 | CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2022-31160 | Multiple vulnerabilities in jQuery-UI affect HCL Commerce | WebSphere Commerce versions 8.0.0.0 - 8.0.4.29 |
| November 7, 2023 | CVE-2016-3012, CVE-2020-11022, CVE-2012-6708, CVE-2019-11358, CVE-2015-9251, CVE-2020-11023, CVE-2018-1838, CVE-2015-5041 | Multiple vulnerabilities in IBM Security Directory Suite affect HCL Commerce | IBM Security Directory Suite included in: WebSphere Commerce Version 8 |
| June 23, 2023 | CVE-2023-26281 | Denial of service vulnerability in IBM HTTP Server affects HCL Commerce | IBM HTTP Server included in: WebSphere Commerce Version 8 |
| June 23, 2023 | CVE-2023-24998 | Multiple vulnerabilities in IBM WebSphere Application Server affect HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 8 |
| June 23, 2023 | CVE-2023-30441, CVE-2023-25690 | Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with IBM WebSphere Application Server affect HCL Commerce | IBM Java SDK and IBM HTTP Server included in: WebSphere Commerce Version 8 |
| June 5, 2023 | CVE-2023-23477, CVE-2022-22477, CVE-2022-38712, CVE-2022-34336, CVE-2022-40750, CVE-2022-34165, CVE-2022-35282, CVE-2022-22473 | Multiple vulnerabilities in WebSphere Application Server affect HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 8 |
| June 5, 2023 | CVE-2022-43680, CVE-2022-37436, CVE-2022-21541, CVE-2021-2163, CVE-2022-21540, CVE-2022-21626, CVE-2017-9233, CVE-2013-0340, CVE-2022-21624 | Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with WebSphere Application Server affect HCL Commerce | WebSphere Application Server and IBM HTTP Server included in: WebSphere Commerce Version 8 |
| April 19, 2023 | CVE-2022-40674, CVE-2022-43680, CVE-2022-43930, CVE-2022-43929, CVE-2022-43927 | Multiple vulnerabilities in IBM Db2 affect HCL Commerce | IBM Db2 Database |
| November 28, 2022 | CVE-2022-22389, CVE-2022-35637, CVE-2022-22483, CVE-2022-22390 | Multiple vulnerabilities in IBM Db2 affect HCL Commerce | IBM Db2 Database |
| September 20, 2022 | CVE-2022-26377, CVE-2022-28615, CVE-2022-28614, CVE-2022-29404, CVE-2022-31813, CVE-2022-30556 | Multiple vulnerabilities in IBM HTTP Server included with WebSphere Application Server affect HCL Commerce | WebSphere Application Server and IBM HTTP Server included in: WebSphere Commerce Version 8 |
| July 21, 2022 | CVE-2020-36518 | Jackson-databind vulnerability affects HCL Commerce | jackson-databind included in: WebSphere Commerce Version 8 |
| July 21, 2022 | CVE-2022-22721, CVE-2022-22720, CVE-2022-22365, CVE-2022-22719 | Multiple vulnerabilities in IBM HTTP Server and WebSphere Application Server affect HCL Commerce | WebSphere Application Server and IBM HTTP Server included in: WebSphere Commerce Version 8 |
| July 5, 2022 | CVE-2022-25315, CVE-2021-35550, CVE-2022-25313, CVE-2022-21340, CVE-2022-25236, CVE-2021-35603, CVE-2022-25235 | Multiple vulnerabilities in IBM Java SDK and IBM HTTP Server included with WebSphere Application Server affect HCL Commerce | IBM Java SDK and IBM HTTP Server included in: WebSphere Commerce Version 8 |
| June 2, 2022 | WS-2021-0616, CVE-2021-22096 | Multiple vulnerabilities in open source components affect HCL Commerce | jackson-databind, Spring Framework included in: WebSphere Commerce versions 8.0.0.0 - 8.0.4.28 |
| April 19, 2022 | CVE-2021-41035,CVE-2021-35560, CVE-2021-2388, CVE-2021-35578, CVE-2021-2369, CVE-2021-2432, CVE-2021-2341 | Multiple vulnerabilities in IBM Security Directory Suite affect HCL Commerce | IBM Security Directory Suite included in: WebSphere Commerce Version 8 |
| April 9, 2022 | CVE-2021-23450, CVE-2022-23990, CVE-2022-23852, CVE-2022-22822, CVE-2022-22823, CVE-2022-22825, CVE-2021-46143, CVE-2022-22824, CVE-2022-22826, CVE-2022-22827, CVE-2021-45960 | Multiple vulnerabilities in IBM HTTP Server and WebSphere Application Server affect HCL Commerce | WebSphere Application Server and IBM HTTP Server included in: WebSphere Commerce Version 8 |
| April 5, 2022 | CVE-2021-27751 | HCL Commerce is affected by Insufficient Session Expiration vulnerability | WebSphere Commerce versions 8.0.0.0 - 8.0.4.27 |
| April 4, 2022 | CVE-2021-40438, CVE-2021-45046, CVE-2021-4104, CVE-2021-36090, CVE-2021-38951, CVE-2021-34798, CVE-2021-35517, CVE-2021-35578, CVE-2021-35564, CVE-2021-2369, CVE-2021-39275, CVE-2021-29842 | Multiple security vulnerabilities in WebSphere Application Server affect HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 8 |
| March 24, 2022 | CVE-2022-23307, CVE-2022-23302, CVE-2022-23305 | Vulnerability in Apache Log4j 1.2 affects HCL Commerce | WebSphere Commerce versions 8.0.0.0 - 8.0.4.27 |
| January 20, 2022 | CVE-2021-26272 | Vulnerability in CKeditor affects HCL Commerce | WebSphere Commerce versions 8.0.0.0 - 8.0.4.27 |
| January 14, 2022 | CVE-2021-27750 | Session termination vulnerability in HCL Commerce | WebSphere Commerce versions 8.0.0.0 - 8.0.4.26 |
| December 16, 2021 | CVE-2021-4104 | Vulnerability in Apache Log4j 1.2 affects HCL Commerce | WebSphere Commerce versions 8.0.0.0 - 8.0.4.27 |
| December 12, 2021 | CVE-2021-44228, CVE-2021-45046, CVE-2021-45105 | Multiple vulnerabilities in Apache Log4j 2 affect HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 8 |
| October 14, 2021 | CVE-2021-29736 | Privilege Escalation vulnerability in WebSphere Application Server affects HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 8 |
| September 2, 2021 | CVE-2020-5258, CVE-2021-20453, CVE-2021-20454, CVE-2021-26296, CVE-2021-2161, CVE-2015-5262, CVE-2011-1498, CVE-2014-3577, CVE-2012-6153, CVE-2021-29754 | Multiple vulnerabilities in WebSphere Application Server affect HCL Commerce | WebSphere Application Server included in: WebSphere Commerce Version 8 |
| September 1, 2021 | CVE-2021-31811, CVE-2021-31812 | Multiple security vulnerabilities in Apache PDFBox affect HCL Commerce | WebSphere Commerce versions 8.0.0.0 - 8.0.4.26 |
| August 11, 2021 | CVE-2021-20517 | A vulnerability in WebSphere Application Server affects HCL Commerce | WebSphere Application Server
included in: WebSphere Commerce Version 8 |
| July 19, 2021 | CVE-2021-27741 | XML external entity (XXE) injection vulnerability in HCL Commerce | WebSphere Commerce versions 8.0.0.0 - 8.0.4.26 |
| June 4, 2021 | CVE-2021-20480 | Server-side Request Forgery in WebSphere Application Server affects HCL Commerce | WebSphere Application Server
included in: WebSphere Commerce Version 8 |
| May 11, 2021 | CVE-2021-23926 | Vulnerability in XMLBeans affects HCL Commerce | WebSphere Commerce versions 8.0.0.0 - 8.0.4.25 |
| May 4, 2021 | CVE-2020-14797, CVE-2020-4949, CVE-2021-20353, CVE-2021-20354, CVE-2020-2773, CVE-2020-14782, CVE-2020-27221, CVE-2020-14781 | Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce | WebSphere Application Server
included in: WebSphere Commerce Version 8 |
| May 4, 2021 | CVE-2020-4782, CVE-2020-4576 | Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce | WebSphere Application Server
included in: WebSphere Commerce Version 8 |
| May 3, 2021 | CVE-2020-25649 | Multiple vulnerabilities in Jackson Databind affects HCL Commerce | WebSphere Commerce versions 8.0.0.0 - 8.0.4.25 |
| May 3, 2021 | CVE-2020-9281, CVE-2018-17960 | Cross-site scripting (XSS) vulnerabilities in CKEditor shipped with HCL Commerce | WebSphere Commerce versions 8.0.0.0 - 8.0.4.25 |
| February 18, 2021 | CVE-2017-12626, CVE-2014-9527, CVE-2017-12626, WS-2016-7061, CVE-2019-12415, CVE-2017-5644, CVE-2016-4434, CVE-2018-11761, CVE-2018-11796 | Multiple vulnerabilities in Apache POI and Apache Tika affects HCL Commerce | WebSphere Commerce versions 8.0.4.0 - 8.0.4.25 |
| January 29, 2021 | WS-2017-0225 | Vulnerability in Swagger UI affects WebSphere Commerce | WebSphere Commerce Version 8 |
| November 14, 2020 | CVE-2020-2601, CVE-2020-14621, CVE-2020-14581, CVE-2020-14579, CVE-2020-14578, CVE-2020-14577, CVE-2020-2590 | Security vulnerabilities in IBM® Java SDK included with WebSphere Application Server affect HCL Commerce | IBM® Java SDK included with WebSphere Application
Server included in: WebSphere Commerce V8.0.4.x |
| November 14, 2020 | CVE-2020-4589, CVE-2020-4643, CVE-2020-4578 | Multiple vulnerabilities in WebSphere Application Server affects HCL Commerce | WebSphere Application Server included in: WebSphere Commerce V8.0.4.x |
| October 22, 2020 | Multiple | A number of software vulnerability fixes in companion software have been included. | WebSphere Commerce V8.0.4.0 - 8.0.4.24 |
| March 21, 2019 | CVE-2019-4094 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM Db2 Database 9.7, 10.1, 10.5, and 11.1 |
| January 29, 2019 | CVE-2018-1840 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 8.5, and 9.0 |
| January 29, 2019 | CVE-2018-1904 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0 |
| January 29, 2019 | CVE-2018-1901 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server Liberty, 9.0, and 8.5 |
| January 25, 2019 | CVE-2018-1643 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, 8.5, and 8.0 |
| January 25, 2019 | CVE-2018-1857 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM Db2 Database 11.1 |
| January 24, 2019 | CVE-2018-1799 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM Db2 Database 9.7, 10.1, 10.5, and 11.1 |
| January 24, 2019 | CVE-2018-1780 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM Db2 Database 9.7, 10.1, 10.5, and 11.1 |
| January 24, 2019 | CVE-2018-1781 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM Db2 Database 9.7, 10.1, 10.5, and 11.1 |
| January 24, 2019 | CVE-2018-1834 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM Db2 Database 9.7, 10.1, 10.5, and 11.1 |
| January 15, 2019 | CVE-2018-1851 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server Liberty |
| January 14, 2019 | CVE-2018-1767 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0 |
| December 29, 2018 | CVE-2018-1777 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0 |
| December 28, 2018 | CVE-2018-1770 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0 |
| December 28, 2018 | CVE-2018-1794 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0 |
| December 28, 2018 | CVE-2018-1567 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0 |
| December 28, 2018 | CVE-2018-1793 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0 |
| December 28, 2018 | CVE-2018-1926 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0 |
| December 28, 2018 | CVE-2014-7810 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 |
| December 12, 2018 | CVE-2018-1977 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM Db2 Database 11.1 |
| November 27, 2018 | CVE-2018-1897 | A Security Vulnerability has been Identified in IBM DB2 Shipped with IBM WebSphere Commerce | IBM Db2 Database 9.7, 10.1, 10.5, and 11.1 |
| October 29, 2018 | CVE-2016-0702 | A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce | OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g |
| October 29, 2018 | CVE-2016-0705 | A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce | OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g |
| October 29, 2018 | CVE-2017-3732 | Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce | OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d |
| October 29, 2018 | CVE-2017-3736 | A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce | OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g |
| October 29, 2018 | CVE-2018-1427 | A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce | IBM Db2 Database 9.7, 10.1, 10.5, and 11.1 |
| October 29, 2018 | CVE-2018-1426 | A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce | IBM Db2 Database 9.7, 10.1, 10.5, and 11.1 |
| October 29, 2018 | CVE-2018-1447 | A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce | GSKit component of IBM Spectrum Protect 7.1 and 7.2, and IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6 |
| October 19, 2018 | CVE-2018-1811 | IBM WebSphere Commerce could allow a remote attacker to obtain sensitive information | WebSphere Commerce V8.0 |
| October 19, 2018 | CVE-2018-1541 | A cross site scripting vulnerability affects IBM WebSphere Commerce Accelerator tool | WebSphere Commerce V8.0 |
| October 19, 2018 | CVE-2018-1807 | A authenticated open redirect vulnerability affects IBM WebSphere Commerce Accelerator Tool | WebSphere Commerce V8.0 |
| October 19, 2018 | CVE-2018-1806 | An Information Disclosure Vulnerability affects WebSphere Commerce | WebSphere Commerce V8.0 |
| October 18, 2018 | CVE-2018-1656 | A Security Vulnerability have been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0 |
| October 18, 2018 | CVE-2018-12539 | A Security Vulnerability have been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | Eclipse OpenJ9 version 0.8 |
| October 17, 2018 | CVE-2018-1719 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, and 8.5 |
| September 26, 2018 | CVE-2018-1695 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | WebSphere Commerce V8.0 |
| August 23, 2018 | CVE-2018-1644 | An Information Disclosure Vulnerability When Using the RememberMe feature affects WebSphere Commerce | WebSphere Commerce V8.0 |
| August 21, 2018 | CVE-2018-1614 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0 |
| August 21, 2018 | CVE-2015-0899 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | Apache Struts 1 1.1 through 1.3.10 |
| August 21, 2018 | CVE-2018-1739 | IBM WebSphere Commerce Aurora Storefront Could Allow an Open Redirect Attack | WebSphere Commerce V8.0 |
| August 20, 2018 | CVE-2018-2783 | A Vulnerability in IBM Java SDK affects WebSphere Application Server | Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
| August 20, 2018 | CVE-2018-2800 | A Vulnerability in IBM Java SDK affects WebSphere Application Server | Java SE, JRockit component of Oracle Java SE |
| June 27, 2018 | CVE-2012-5783 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | Apache Commons HttpClient 3.x |
| May 24, 2018 | CVE-2017-1743 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0 |
| May 17, 2018 | CVE-2017-12613 | A Security Vulnerability has been Identified in IBM HTTP Server Shipped with WebSphere Commerce | Apache Portable Runtime APR 1.6.2 |
| May 16, 2018 | CVE-2017-1741 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0 |
| May 16, 2018 | CVE-2017-15710 | A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce | Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29 |
| May 16, 2018 | CVE-2017-15715 | A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce | Apache httpd 2.4.0 to 2.4.29 |
| May 16, 2018 | CVE-2018-1301 | A Security Vulnerability have been Identified in IBM HTTP Server Shipped with WebSphere Commerce | Apache httpd prior to version 2.4.30 |
| May 16, 2018 | CVE-2017-1681 | A Security Vulnerability has been Identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server Liberty |
| May 16, 2018 | CVE-2017-1731 | A security vulnerability has been identified in IBM WebSphere Application Server Shipped with IBM WebSphere Commerce | IBM WebSphere Application Server 9.0, 8.5, 8.0, and 7.0 |
| March 5, 2018 | CVE-2018-2633 | A Vulnerability in IBM Java SDK affect WebSphere Application Server | Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
| March 5, 2018 | CVE-2018-2637 | A Vulnerability in IBM Java SDK affect WebSphere Application Server | Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
| March 5, 2018 | CVE-2018-2634 | A Vulnerability in IBM Java SDK affect WebSphere Application Server | Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
| March 5, 2018 | CVE-2018-2603 | A Vulnerability in IBM Java SDK affect WebSphere Application Server | Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
| March 5, 2018 | CVE-2018-2602 | A Vulnerability in IBM Java SDK affect WebSphere Application Server | Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
| March 5, 2018 | CVE-2018-2579 | A Vulnerability in IBM Java SDK affect WebSphere Application Server | Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
| December 19, 2017 | CVE-2017-10388 | A Vulnerability in IBM Java SDK Affect WebSphere Application Server October 2017 CPU | Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
| December 19, 2017 | CVE-2017-10356 | A Vulnerability in IBM Java SDK Affect WebSphere Application Server 12 2017 CPU | Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
| December 19, 2017 | CVE-2017-9798 | A Security Vulnerability has been Identified in IBM HTTP Server Shipped with WebSphere Commerce | (IBM HTTP Server) Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27 |
| December 19, 2017 | CVE-2017-12618 | A Security Vulnerability has been Identified in IBM HTTP Server Shipped with WebSphere Commerce | Apache Portable Runtime Utility (APR-util) 1.6.0 and prior |
| November 14, 2017 | CVE-2017-1583 | IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data | IBM WebSphere Application Server Liberty |
| November 14, 2017 | CVE-2011-4343 | IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data | Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 |
| November 14, 2017 | CVE-2017-1484 | IBM WebSphere Commerce could allow an authenticated attacker to obtain information such as user personal data | WebSphere Commerce V8.0
|
| September 28, 2017 | CVE-2017-1569 | IBM WebSphere Commerce contains an vulnerability in Marketing ESpot's that could cause a denial of service | WebSphere Commerce V8
|
| August 18, 2017 | CVE-2017-1382 | A security vulnerability has been identified in IBM WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.13 |
| August 17, 2017 | CVE-2017-1381 | A security vulnerability has been identified in IBM WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.12 |
| August 15, 2017 | CVE-2017-1501 | Potential security vulnerability in the WebSphere Application Server Admin Console | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 |
| August 14, 2017 | CVE-2017-7679 | A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce | IBM HTTP Server Version 8.5.5 |
| August 14, 2017 | CVE-2017-7668 | A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce | IBM HTTP Server Version 8.5.5 |
| August 14, 2017 | CVE-2017-3167 | A security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce | IBM HTTP Server Version 8.5.5 |
| July 6, 2017 | CVE-2017-1398 | IBM WebSphere Commerce is vulnerable to an open redirect issue | WebSphere Commerce V8 |
| May 19, 2017 | CVE-2017-1194 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 |
| May 8, 2017 | Multiple | Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2017 CPU shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 |
| March 14, 2017 | CVE-2016-0360 | A potential security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 |
| March 3, 2017 | CVE-2016-5894 | IBM WebSphere Commerce admin utilities could lead to disclosure of user personal data | WebSphere Commerce V8
|
| February 24, 2017 | CVE-2016-8919 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 |
| February 24, 2017 | CVE-2016-8743 | A potential security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 |
| February 24, 2017 | CVE-2017-1121 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 |
| December 23, 2016 | CVE-2016-9736 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 |
| December 23, 2016 | CVE-2016-8934 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.11 |
| November 18, 2016 | CVE-2016-5573 | A Vulnerability in IBM Java SDK affect WebSphere Application Server (CVE-2016-5573) | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 |
| November 18, 2016 | CVE-2016-5597 | A Vulnerability in IBM Java SDK affect WebSphere Application Server (CVE-2016-5597) | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 |
| October 24, 2016 | CVE-2016-6090 | WebSphere Commerce information disclosure and denial of service security vulnerability (CVE-2016-6090) | WebSphere Commerce V8.0
|
| September 22, 2016 | CVE-2016-5983 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 |
| September 15, 2016 | CVE-2016-5986 | Potential security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 |
| September 15, 2016 | CVE-2012-0876 | A Vulnerability was identified in IBM HTTP Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 |
| September 15, 2016 | CVE-2012-1148 | A Vulnerability was identified in IBM HTTP Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 |
| September 15, 2016 | CVE-2016-4472 | A Vulnerability was identified in IBM HTTP Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 |
| September 15, 2016 | CVE-2016-0718 | A Vulnerability was identified in IBM HTTP Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 |
| September 15, 2016 | CVE-2016-3092 | A security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.10 |
| September 15, 2016 | CVE-2016-2960 | Potential security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 |
| September 13, 2016 | CVE-2016-0385 | Potential security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 |
| September 13, 2016 | CVE-2016-0377 | A security vulnerability was identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 |
| September 9, 2016 | CVE-2016-3485 | Potential security vulnerability were identified in IBM WebSphere Application Server included with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 |
| August 10, 2016 | CVE-2016-5387 | A potential security vulnerability has been identified in IBM HTTP Server shipped with WebSphere Commerce | WebSphere Commerce V8.0 |
| July 21, 2016 | CVE-2016-0225 | IBM WebSphere Commerce is vulnerable to an information disclosure vulnerability in the WebSphere Commerce Accelerator tool | WebSphere Commerce V8.0 Fix Pack 8.0.0.0 - 8.0.0.8 Mod Pack 8.0.1.0 |
| July 6, 2016 | CVE-2016-0359 | HTTP Response Splitting in WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 |
| June 29, 2016 | CVE-2016-1181 | A Vulnerability in Apache Struts affects IBM WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 |
| June 29, 2016 | CVE-2016-1182 | A Vulnerability in Apache Struts affects IBM WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 |
| June 28, 2016 | CVE-2016-2863 | Cross-site Request Forgery (CSRF) security vulnerability in IBM WebSphere Commerce | WebSphere Commerce V8.0 Fix / Mod Pack 8.0.0.0 - 8.0.1.1 |
| June 28, 2016 | CVE-2016-2862 | Cross Site Scripting (XSS) security vulnerability in IBM WebSphere Commerce | WebSphere Commerce V8.0 Fix Pack 8.0.0.0 - 8.0.0.4 |
| June 9, 2016 | CVE-2015-0254 | A Vulnerability in Apache Standard Taglibs affects IBM WebSphere Application Server | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 |
| May 18, 2016 | CVE-2016-3426 | A Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 |
| May 18, 2016 | CVE-2016-3427 | A Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 |
| April 13, 2016 | CVE-2016-0306 | A potential security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.9 |
| March 3, 2016 | CVE-2016-0208 | WebSphere Commerce vulnerable to denial of service (DoS) attack | WebSphere Commerce V8.0 Fix Pack 8.0.0.0 - 8.0.0.2 |
| February 22, 2016 | CVE-2016-0475 | A Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.8 |
| February 22, 2016 | CVE-2016-0466 | A Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.8 |
| February 22, 2016 | CVE-2015-7575 | A Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.8 |
| February 22, 2016 | CVE-2016-0448 | A Vulnerability in IBM Java SDK affect WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server Version 8.5.0.0 - 8.5.5.8 |
| January 19, 2016 | CVE-2015-7417 | Cross-site scripting vulnerability in IBM WebSphere Application Server | WebSphere Application Server 8.5.5.x |
| January 11, 2016 | CVE-2015-5008 | Reflected and Persistent cross-site scripting vulnerability found in WebSphere Commerce | WebSphere Commerce V8.0.0 |
| January 11, 2016 | CVE-2015-5009 | Reflected and Persistent cross-site scripting vulnerability found in WebSphere Commerce | WebSphere Commerce V8.0.0 |
| November 18, 2015 | CVE-2015-7450 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server 8.5.5.x |
| November 17, 2015 | CVE-2015-2017 | A security vulnerability has been identified in IBM WebSphere Application Server shipped with WebSphere Commerce | WebSphere Application Server 8.5.5.x |