CVE-2018-1644 Information

Description

IBM WebSphere Commerce Enterprise Professional Express and Developer 9.0.0.0 - 9.0.0.4 8.0.0.0 - 8.0.0.19 8.0.1.0 - 8.0.1.13 8.0.3.0 - 8.0.3.6 8.0.4.0 - 8.0.4.14 and 7.0.0.0 Feature Pack 8 could allow an authenticated user to obtain sensitive information about another user.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

http://www.ibm.com/support/docview.wss?uid=ibm10728829 https://exchange.xforce.ibmcloud.com/vulnerabilities/144589

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3