10
CVE-2011-3577
- EPSS 2.04%
- Veröffentlicht 20.09.2011 10:55:08
- Zuletzt bearbeitet 16.06.2026 23:33:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Websphere Commerce Version6.0.0.0
Ibm ≫ Websphere Commerce Version6.0.0.1
Ibm ≫ Websphere Commerce Version6.0.0.2
Ibm ≫ Websphere Commerce Version6.0.0.3
Ibm ≫ Websphere Commerce Version6.0.0.4
Ibm ≫ Websphere Commerce Version6.0.0.5
Ibm ≫ Websphere Commerce Version6.0.0.6
Ibm ≫ Websphere Commerce Version6.0.0.7
Ibm ≫ Websphere Commerce Version6.0.0.8
Ibm ≫ Websphere Commerce Version6.0.0.9
Ibm ≫ Websphere Commerce Version6.0.0.10
Ibm ≫ Websphere Commerce Version6.0.0.11
Ibm ≫ Websphere Commerce Version7.0
Ibm ≫ Websphere Commerce Version7.0.0.1
Ibm ≫ Websphere Commerce Version7.0.0.2
Ibm ≫ Websphere Commerce Version7.0.0.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.04% | 0.786 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://secunia.com/advisories/45999
http://www.ibm.com/support/docview.wss?uid=swg1JR40420
http://www.ibm.com/support/docview.wss?uid=swg24030908
http://www.osvdb.org/75428
http://www.securityfocus.com/bid/49643
https://exchange.xforce.ibmcloud.com/vulnerabilities/69838