CVE-2017-1170

4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 76.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Corporation Websphere Commerce EnterpriseIBM Websphere Commerce
Timeline
PublishedApr 26
Latest updateMay 13

Description

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

CVEListV5ibm_corporation/websphere_commerce_enterprise8.0, 8.0.1.0, 8.0.3.0, 8.0.4.0
NVDibm/websphere_commerce32 versions+31

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-pwvm-f5p2-pmhp: IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 82022-05-13
CVEList
CVE-2017-1170: IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 82017-04-26

💥Exploits & PoCs

1
Exploit-DB
Apple macOS/iOS - NSUnarchiver Heap Corruption Due to Lack of Bounds Checking in [NSBuiltinCharacterSet initWithCoder:]2017-05-23
CVE-2017-1170 (MEDIUM CVSS 5.3) | IBM WebSphere Commerce Enterprise | cvebase.io