5.8
CVE-2013-2993
- EPSS 0.2%
- Veröffentlicht 01.08.2013 13:32:16
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Websphere Commerce Version6.0.0.1
Ibm ≫ Websphere Commerce Version6.0.0.2
Ibm ≫ Websphere Commerce Version6.0.0.3
Ibm ≫ Websphere Commerce Version6.0.0.4
Ibm ≫ Websphere Commerce Version6.0.0.5
Ibm ≫ Websphere Commerce Version6.0.0.6
Ibm ≫ Websphere Commerce Version6.0.0.7
Ibm ≫ Websphere Commerce Version6.0.0.8
Ibm ≫ Websphere Commerce Version6.0.0.9
Ibm ≫ Websphere Commerce Version6.0.0.10
Ibm ≫ Websphere Commerce Version6.0.0.11
Ibm ≫ Websphere Commerce Version7.0
Ibm ≫ Websphere Commerce Version7.0.0.1
Ibm ≫ Websphere Commerce Version7.0.0.2
Ibm ≫ Websphere Commerce Version7.0.0.3
Ibm ≫ Websphere Commerce Version7.0.0.4
Ibm ≫ Websphere Commerce Version7.0.0.5
Ibm ≫ Websphere Commerce Version7.0.0.6
Ibm ≫ Websphere Commerce Version7.0.0.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.387 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.