CVE-2013-2994Improper Input Validation in IBM Websphere Commerce

CWE-20Improper Input Validation3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.2%
top 54.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Commerce
Timeline
PublishedAug 1
Latest updateMay 17

Description

IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-hvgj-vxf3-92xr: IBM WebSphere Commerce 72022-05-17
CVEList
CVE-2013-2994: IBM WebSphere Commerce 72013-07-31
CVE-2013-2994 — Improper Input Validation in IBM | cvebase