Lucene search

[email protected]CVE-2011-3577

HistorySep 20, 2011 - 10:55 a.m.

CVE-2011-3577

2011-09-2010:55:08

CWE-287

[email protected]

web.nvd.nist.gov

ibm

websphere commerce

6.x

7.x

7.0.0.3

activity token

authentication

vulnerability

nvd

cve-2011-3577

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.2%

JSON

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.

Affected configurations

NVD

Node

ibmwebsphere_commerceMatch6.0.0.0

ibmwebsphere_commerceMatch6.0.0.1

ibmwebsphere_commerceMatch6.0.0.2

ibmwebsphere_commerceMatch6.0.0.3

ibmwebsphere_commerceMatch6.0.0.4

ibmwebsphere_commerceMatch6.0.0.5

ibmwebsphere_commerceMatch6.0.0.6

ibmwebsphere_commerceMatch6.0.0.7

ibmwebsphere_commerceMatch6.0.0.8

ibmwebsphere_commerceMatch6.0.0.9

ibmwebsphere_commerceMatch6.0.0.10

ibmwebsphere_commerceMatch6.0.0.11

Node

ibmwebsphere_commerceMatch7.0

ibmwebsphere_commerceMatch7.0.0.1

ibmwebsphere_commerceMatch7.0.0.2

ibmwebsphere_commerceMatch7.0.0.3

CPENameOperatorVersion
ibm:websphere_commerceibm websphere commerceeq6.0.0.0
ibm:websphere_commerceibm websphere commerceeq6.0.0.1
ibm:websphere_commerceibm websphere commerceeq6.0.0.2
ibm:websphere_commerceibm websphere commerceeq6.0.0.3
ibm:websphere_commerceibm websphere commerceeq6.0.0.4
ibm:websphere_commerceibm websphere commerceeq6.0.0.5
ibm:websphere_commerceibm websphere commerceeq6.0.0.6
ibm:websphere_commerceibm websphere commerceeq6.0.0.7
ibm:websphere_commerceibm websphere commerceeq6.0.0.8
ibm:websphere_commerceibm websphere commerceeq6.0.0.9

CPE	Name	Operator	Version
ibm:websphere_commerce	ibm websphere commerce	eq	6.0.0.0
ibm:websphere_commerce	ibm websphere commerce	eq	6.0.0.1
ibm:websphere_commerce	ibm websphere commerce	eq	6.0.0.2
ibm:websphere_commerce	ibm websphere commerce	eq	6.0.0.3
ibm:websphere_commerce	ibm websphere commerce	eq	6.0.0.4
ibm:websphere_commerce	ibm websphere commerce	eq	6.0.0.5
ibm:websphere_commerce	ibm websphere commerce	eq	6.0.0.6
ibm:websphere_commerce	ibm websphere commerce	eq	6.0.0.7
ibm:websphere_commerce	ibm websphere commerce	eq	6.0.0.8
ibm:websphere_commerce	ibm websphere commerce	eq	6.0.0.9

Rows per page:

1-10 of 121

References

secunia.com/advisories/45999

www.ibm.com/support/docview.wss?uid=swg1JR40420

www.ibm.com/support/docview.wss?uid=swg24030908

www.osvdb.org/75428

www.securityfocus.com/bid/49643

exchange.xforce.ibmcloud.com/vulnerabilities/69838

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.2%

JSON

Related for CVE-2011-3577

cvelist1 prion1 nvd1