Lucene search

MitreCVE-2011-3577

HistorySep 20, 2011 - 10:55 a.m.

CVE-2011-3577

2011-09-2010:55:08

CWE-287

mitre

web.nvd.nist.gov

ibm

websphere commerce

6.x

7.x

7.0.0.3

activity token

authentication

vulnerability

nvd

cve-2011-3577

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.2%

JSON

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.

Affected configurations

Nvd

Node

ibmwebsphere_commerceMatch6.0.0.0

ibmwebsphere_commerceMatch6.0.0.1

ibmwebsphere_commerceMatch6.0.0.2

ibmwebsphere_commerceMatch6.0.0.3

ibmwebsphere_commerceMatch6.0.0.4

ibmwebsphere_commerceMatch6.0.0.5

ibmwebsphere_commerceMatch6.0.0.6

ibmwebsphere_commerceMatch6.0.0.7

ibmwebsphere_commerceMatch6.0.0.8

ibmwebsphere_commerceMatch6.0.0.9

ibmwebsphere_commerceMatch6.0.0.10

ibmwebsphere_commerceMatch6.0.0.11

Node

ibmwebsphere_commerceMatch7.0

ibmwebsphere_commerceMatch7.0.0.1

ibmwebsphere_commerceMatch7.0.0.2

ibmwebsphere_commerceMatch7.0.0.3

VendorProductVersionCPE
ibmwebsphere_commerce6.0.0.0cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.1cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.2cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.3cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.4cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.5cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.6cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.7cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.8cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.9cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_commerce	6.0.0.0	cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:::::::*
ibm	websphere_commerce	6.0.0.1	cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:::::::*
ibm	websphere_commerce	6.0.0.2	cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:::::::*
ibm	websphere_commerce	6.0.0.3	cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:::::::*
ibm	websphere_commerce	6.0.0.4	cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:::::::*
ibm	websphere_commerce	6.0.0.5	cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:::::::*
ibm	websphere_commerce	6.0.0.6	cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:::::::*
ibm	websphere_commerce	6.0.0.7	cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:::::::*
ibm	websphere_commerce	6.0.0.8	cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:::::::*
ibm	websphere_commerce	6.0.0.9	cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:::::::*

Rows per page:

1-10 of 161

References

secunia.com/advisories/45999

www.ibm.com/support/docview.wss?uid=swg1JR40420

www.ibm.com/support/docview.wss?uid=swg24030908

www.osvdb.org/75428

www.securityfocus.com/bid/49643

exchange.xforce.ibmcloud.com/vulnerabilities/69838

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

72.2%

JSON

Related for CVE-2011-3577