Ibm call center for commerce

This hub aggregates every CVE we track for Ibm call center for commerce, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Ibm call center for commerce.

• CVE-2015-2992Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.6.1Feb 27, 2020
• CVE-2015-5169Cross-site scripting (XSS) vulnerability in Apache Struts before 2.3.20.6.1Sep 25, 2017
• CVE-2017-12611In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using an unintentional expression in a Freemarker tag instead of string literals can lead to a RCE attack.9.8Sep 20, 2017
• CVE-2015-5209Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object.7.5Aug 29, 2017
• CVE-2016-4436Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.9.8Oct 3, 2016
• CVE-2016-3081Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related t...8.1Apr 26, 2016
• CVE-2016-3082XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and 2.3.28.x before 2.3.28.1 allows remote attackers to execute arbitrary code via the stylesheet location parameter.9.8Apr 26, 2016
• CVE-2016-4003Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to...6.1Apr 12, 2016
• CVE-2014-7809Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable <s:token/> values, which allows remote attackers to bypass the CSRF protection mechanism.6.8Dec 10, 2014
• CVE-2014-0116CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipula...5.8May 8, 2014
• CVE-2014-0113CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" ...7.5Apr 29, 2014
• CVE-2014-0094The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.5.0Mar 10, 2014
• CVE-2013-4310Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.5.8Sep 30, 2013
• CVE-2013-4316Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.10.0Sep 30, 2013
• CVE-2013-2251Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.KEV9.8Jul 18, 2013