Lucene search

[email protected]CVE-2009-2751

HistoryFeb 05, 2010 - 10:30 p.m.

CVE-2009-2751

2010-02-0522:30:02

CWE-310

[email protected]

web.nvd.nist.gov

ibm

websphere commerce

7.0

cryptographic key

session attributes

merchant data encryption

nvd

cve-2009-2751

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.2%

JSON

IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors.

Affected configurations

NVD

Node

ibmwebsphere_commerceMatch7.0

CPENameOperatorVersion
ibm:websphere_commerceibm websphere commerceeq7.0

CPE	Name	Operator	Version
ibm:websphere_commerce	ibm websphere commerce	eq	7.0

References

www-01.ibm.com/support/docview.wss?uid=swg21418443

www-1.ibm.com/support/docview.wss?uid=swg1JR35136

exchange.xforce.ibmcloud.com/vulnerabilities/56089

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.2%

JSON

Related for CVE-2009-2751

nvd1 prion1 cvelist1