10

CVE-2011-3577

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Commerce Version6.0.0.0
IbmWebsphere Commerce Version6.0.0.1
IbmWebsphere Commerce Version6.0.0.2
IbmWebsphere Commerce Version6.0.0.3
IbmWebsphere Commerce Version6.0.0.4
IbmWebsphere Commerce Version6.0.0.5
IbmWebsphere Commerce Version6.0.0.6
IbmWebsphere Commerce Version6.0.0.7
IbmWebsphere Commerce Version6.0.0.8
IbmWebsphere Commerce Version6.0.0.9
IbmWebsphere Commerce Version6.0.0.10
IbmWebsphere Commerce Version6.0.0.11
IbmWebsphere Commerce Version7.0
IbmWebsphere Commerce Version7.0.0.1
IbmWebsphere Commerce Version7.0.0.2
IbmWebsphere Commerce Version7.0.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.04% 0.786
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://secunia.com/advisories/45999
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg1JR40420
http://www.ibm.com/support/docview.wss?uid=swg24030908
http://www.osvdb.org/75428
http://www.securityfocus.com/bid/49643
https://exchange.xforce.ibmcloud.com/vulnerabilities/69838