IBM WebSphere Commerce Enterprise, Professional, Express, and Developer is vulnerable to a information disclosure vulnerability when using the RememberMe feature.
CVE(s): CVE-2018-1644
Affected product(s) and affected version(s):
WebSphere Commerce versions 9.0.0.0 – 9.0.0.4
WebSphere Commerce versions 8.0.0.0 – 8.0.0.19
WebSphere Commerce versions 8.0.1.0 – 8.0.1.13
WebSphere Commerce versions 8.0.3.0 – 8.0.3.6
WebSphere Commerce versions 8.0.4.0 – 8.0.4.14
WebSphere Commerce version 7.0.0.0 Feature Pack 8
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10728829
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144589
The post IBM Security Bulletin: An Information Disclosure Vulnerability When Using the RememberMe feature affects WebSphere Commerce appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2o4csRU
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.