CVE-2018-1644

Name of the Vulnerable Software and Affected Versions IBM WebSphere Commerce Enterprise, Professional, Express, and Developer versions 9.0.0.0 through 9.0.0.4 IBM WebSphere Commerce Enterprise, Professional, Express, and Developer versions 8.0.0.0 through 8.0.0.19 IBM WebSphere Commerce Enterprise, Professional, Express, and Developer versions 8.0.1.0 through 8.0.1.13 IBM WebSphere Commerce Enterprise, Professional, Express, and Developer versions 8.0.3.0 through 8.0.3.6 IBM WebSphere Commerce Enterprise, Professional, Express, and Developer versions 8.0.4.0 through 8.0.4.14 IBM WebSphere Commerce Enterprise, Professional, Express, and Developer version 7.0.0.0 Feature Pack 8

Description The issue allows an authenticated user to obtain sensitive information about another user.

Recommendations For versions 9.0.0.0 through 9.0.0.4, update to a fixed version to resolve the issue. For versions 8.0.0.0 through 8.0.0.19, update to a fixed version to resolve the issue. For versions 8.0.1.0 through 8.0.1.13, update to a fixed version to resolve the issue. For versions 8.0.3.0 through 8.0.3.6, update to a fixed version to resolve the issue. For versions 8.0.4.0 through 8.0.4.14, update to a fixed version to resolve the issue. For version 7.0.0.0 Feature Pack 8, update to a fixed version to resolve the issue.