CVE-2011-3577

IBM WebSphere Commerce <6.0.0.11 & <7.0.0.3 - Info Disclosure

Title source: llm

Description

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.

References (6)

[Vendor Advisory] http://secunia.com/advisories/45999

[Various Sources] http://www.ibm.com/support/docview.wss?uid=swg1JR40420

[Various Sources] http://www.ibm.com/support/docview.wss?uid=swg24030908

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/69838

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/49643

[Third Party Advisory, VDB Entry] http://www.osvdb.org/75428

Scores

EPSS 0.0122

EPSS Percentile 78.9%

Classification

CWE

CWE-287

Status draft

Affected Products (16)

ibm/websphere_commerce

... and 1 more

Timeline

Published Sep 20, 2011

Tracked Since Feb 18, 2026