CVE-2013-2993Improper Authentication in IBM Websphere Commerce

CWE-287Improper Authentication3 documents3 sources
Severity
5.8MEDIUMNVD
EPSS
0.2%
top 58.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Commerce
Timeline
PublishedAug 1
Latest updateMay 17

Description

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDibm/websphere_commerce19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-39f9-33vw-m4qr: IBM WebSphere Commerce 62022-05-17
CVEList
CVE-2013-2993: IBM WebSphere Commerce 62013-07-31
CVE-2013-2993 — Improper Authentication in IBM | cvebase