Authentication flaw

2011-09-2010:55:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.2%

JSON

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.

CPENameOperatorVersion
websphere_commerceeq6.0.0.7
websphere_commerceeq6.0.0.5
websphere_commerceeq6.0.0.10
websphere_commerceeq6.0.0.11
websphere_commerceeq6.0.0.2
websphere_commerceeq6.0.0.1
websphere_commerceeq6.0.0.8
websphere_commerceeq6.0.0.3
websphere_commerceeq6.0.0.4
websphere_commerceeq6.0.0.9

Name	Operator	Version
websphere_commerce	eq	6.0.0.7
websphere_commerce	eq	6.0.0.5
websphere_commerce	eq	6.0.0.10
websphere_commerce	eq	6.0.0.11
websphere_commerce	eq	6.0.0.2
websphere_commerce	eq	6.0.0.1
websphere_commerce	eq	6.0.0.8
websphere_commerce	eq	6.0.0.3
websphere_commerce	eq	6.0.0.4
websphere_commerce	eq	6.0.0.9

Rows per page:

1-10 of 161

References

secunia.com/advisories/45999

www.ibm.com/support/docview.wss?uid=swg1JR40420

www.ibm.com/support/docview.wss?uid=swg24030908

www.osvdb.org/75428

www.securityfocus.com/bid/49643

exchange.xforce.ibmcloud.com/vulnerabilities/69838