CVE-2015-7444

MEDIUM

IBM WebSphere Commerce Enterprise <7.0.0.9 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg24041614
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1JR54563

Scores

CVSS v3 5.3
EPSS 0.0086
EPSS Percentile 54.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
ibm/websphere_commerce 7.0.0.8
ibm/websphere_commerce 7.0.0.9
Published Feb 15, 2016
Tracked Since Feb 18, 2026