Lucene search

[email protected]NVD:CVE-2013-2994

HistoryAug 01, 2013 - 1:32 p.m.

CVE-2013-2994

2013-08-0113:32:25

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

69.1%

JSON

IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user’s active session via unknown vectors.

Affected configurations

Nvd

Node

ibmwebsphere_commerceMatch7.0feature_pack4

ibmwebsphere_commerceMatch7.0feature_pack5

VendorProductVersionCPE
ibmwebsphere_commerce7.0cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack4:*:*:*:*:*:*
ibmwebsphere_commerce7.0cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack5:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_commerce	7.0	cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack4::::::
ibm	websphere_commerce	7.0	cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack5::::::

References

www-01.ibm.com/support/docview.wss?uid=swg1JR45420

www-01.ibm.com/support/docview.wss?uid=swg21644393

exchange.xforce.ibmcloud.com/vulnerabilities/84033

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

69.1%

JSON

Related for NVD:CVE-2013-2994

prion1 cve1 cvelist1