Aggregates CVE and security vulnerability intelligence across all itb-pim-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-36645 | SQL injection vulnerability in ITB-GmbH TradePro v9.5, allows remote attackers to run SQL queries via oordershow component in customer function. | [email protected] | 9.1 | 0.87% | 2024-04-04 | 2025-04-24 |
| CVE-2023-36644 | Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all order confirmations from the online shop via the printmail plugin. | [email protected] | 7.5 | 0.95% | 2024-04-04 | 2025-04-24 |
| CVE-2023-36643 | Incorrect Access Control in ITB-GmbH TradePro v9.5, allows remote attackers to receive all orders from the online shop via oordershow component in customer function. | [email protected] | 7.5 | 0.66% | 2024-04-04 | 2025-04-24 |