Lucene search

IbmCVE-2013-2993

HistoryAug 01, 2013 - 1:32 p.m.

CVE-2013-2993

2013-08-0113:32:16

CWE-287

ibm

web.nvd.nist.gov

cve-2013-2993

ibm websphere commerce

authentication

vulnerability

remote attackers

web services

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

Confidence

Low

EPSS

0.003

Percentile

70.4%

JSON

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user’s active session via unknown vectors.

Affected configurations

Nvd

Node

ibmwebsphere_commerceMatch6.0.0.1

ibmwebsphere_commerceMatch6.0.0.2

ibmwebsphere_commerceMatch6.0.0.3

ibmwebsphere_commerceMatch6.0.0.4

ibmwebsphere_commerceMatch6.0.0.5

ibmwebsphere_commerceMatch6.0.0.6

ibmwebsphere_commerceMatch6.0.0.7

ibmwebsphere_commerceMatch6.0.0.8

ibmwebsphere_commerceMatch6.0.0.9

ibmwebsphere_commerceMatch6.0.0.10

ibmwebsphere_commerceMatch6.0.0.11

Node

ibmwebsphere_commerceMatch7.0

ibmwebsphere_commerceMatch7.0.0.1

ibmwebsphere_commerceMatch7.0.0.2

ibmwebsphere_commerceMatch7.0.0.3

ibmwebsphere_commerceMatch7.0.0.4

ibmwebsphere_commerceMatch7.0.0.5

ibmwebsphere_commerceMatch7.0.0.6

ibmwebsphere_commerceMatch7.0.0.7

VendorProductVersionCPE
ibmwebsphere_commerce6.0.0.1cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.2cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.3cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.4cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.5cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.6cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.7cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.8cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.9cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:*:*:*:*:*:*:*
ibmwebsphere_commerce6.0.0.10cpe:2.3:a:ibm:websphere_commerce:6.0.0.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_commerce	6.0.0.1	cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:::::::*
ibm	websphere_commerce	6.0.0.2	cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:::::::*
ibm	websphere_commerce	6.0.0.3	cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:::::::*
ibm	websphere_commerce	6.0.0.4	cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:::::::*
ibm	websphere_commerce	6.0.0.5	cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:::::::*
ibm	websphere_commerce	6.0.0.6	cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:::::::*
ibm	websphere_commerce	6.0.0.7	cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:::::::*
ibm	websphere_commerce	6.0.0.8	cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:::::::*
ibm	websphere_commerce	6.0.0.9	cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:::::::*
ibm	websphere_commerce	6.0.0.10	cpe:2.3:a:ibm:websphere_commerce:6.0.0.10:::::::*

Rows per page:

1-10 of 191

References

www-01.ibm.com/support/docview.wss?uid=swg1JR45302

www-01.ibm.com/support/docview.wss?uid=swg21644391

exchange.xforce.ibmcloud.com/vulnerabilities/84031

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

Confidence

Low

EPSS

0.003

Percentile

70.4%

JSON

Related for CVE-2013-2993