PT-2001-1544 · Ibm · Ibm Net.Commerce

Published

2001-05-03

Updated

2017-10-10

CVE-2001-0319

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM Net.Commerce versions 3.x

Description The issue allows remote attackers to execute arbitrary SQL queries by inserting them into the order rn option of the report capability. This is made possible through the orderdspc.d2w macro.

Recommendations For IBM Net.Commerce versions 3.x, consider restricting access to the report capability to minimize the risk of exploitation. As a temporary workaround, avoid using the order rn option in the report capability until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0319

Affected Products

Ibm Net.Commerce

PT-2001-1544 · Ibm · Ibm Net.Commerce

CVE-2001-0319

Related Identifiers

Affected Products

References · 6