CVE-2011-3577Improper Authentication in IBM Websphere Commerce

CWE-287Improper Authentication3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
1.2%
top 20.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Commerce
Timeline
PublishedSep 20
Latest updateMay 13

Description

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDibm/websphere_commerce16 versions+15

🔴Vulnerability Details

2
GHSA
GHSA-8438-q433-6cp5: IBM WebSphere Commerce 62022-05-13
CVEList
CVE-2011-3577: IBM WebSphere Commerce 62011-09-20