CVE-2018-1644
Last modified
CVE-2018-1644 is a vulnerability of currently unknown severity. IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.. EPSS estimates a 0.90% chance of exploitation in the next 30 days.
Description
IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 9.0.0.0 - 9.0.0.4, 8.0.0.0 - 8.0.0.19, 8.0.1.0 - 8.0.1.13, 8.0.3.0 - 8.0.3.6, 8.0.4.0 - 8.0.4.14, and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Ibm | Websphere Commerce | >= 8.0.0.0, <= 8.0.0.19 | — |
| Ibm | Websphere Commerce | >= 8.0.1.0, <= 8.0.1.13 | — |
| Ibm | Websphere Commerce | >= 8.0.3.0, <= 8.0.3.6 | — |
| Ibm | Websphere Commerce | >= 8.0.4.0, <= 8.0.4.14 | — |
| Ibm | Websphere Commerce | >= 9.0.0.0, <= 9.0.0.4 | — |
| Ibm | Websphere Commerce | 7.0 | Feature Pack 8 |
References
- http://www.ibm.com/support/docview.wss?uid=ibm10728829Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/144589VDB Entry, Vendor Advisory
- http://www.ibm.com/support/docview.wss?uid=ibm10728829Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/144589VDB Entry, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1644?
How severe is CVE-2018-1644?
How do I fix CVE-2018-1644?
Are you affected by CVE-2018-1644?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST