CVE-2013-2993

IBM WebSphere Commerce <6.0.0.11 & <7.0.0.7 - Auth Bypass

Title source: llm

Description

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.

References (3)

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg1JR45302

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21644391

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/84031

Scores

EPSS 0.0020

EPSS Percentile 41.4%

Classification

CWE

CWE-287

Status draft

Affected Products (19)

ibm/websphere_commerce

... and 4 more

Timeline

Published Aug 01, 2013

Tracked Since Feb 18, 2026