← Back

Sterling Order Management

sterling_order_management

Vendor: Ibm • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-33959
1Ibm
1Sterling Order Management
Nov 21, 2024
Apr 7, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320.
CVE-2022-34333
1Ibm
1Sterling Order Management
Nov 21, 2024
Apr 7, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.
CVE-2021-20554
1Ibm
1Sterling Order Management
Nov 21, 2024
Sep 30, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall...Show more
IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179.Show less
CVE-2015-1911
1Ibm
3Sterling Field Sales
Sterling Order ManagementSterling Selling And Fulfillment Foundation
May 6, 2026
May 25, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling...Show more
Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling and Fulfillment Suite allows remote attackers to inject arbitrary web script or HTML via a crafted URL.Show less
CVE-2014-0932
1Ibm
2Sterling Order Management
Sterling Selling And Fulfillment Foundation
May 6, 2026
Apr 21, 2014
N/A· v4
N/A· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script...Show more
Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.5 before HF105 and Sterling Selling and Fulfillment Foundation 9.0 before HF85 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.Show less