Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3577

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-3577
Last Modified 31 May 2012 12:00:00
Published 20 Sep 2011 06:55:08
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3577

Summary

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.

Vulnerable Systems

Application

  • Ibm Websphere Commerce 6.0

  • Ibm Websphere Commerce 6.0.0.1

  • Ibm Websphere Commerce 6.0.0.10

  • Ibm Websphere Commerce 6.0.0.11

  • Ibm Websphere Commerce 6.0.0.2

  • Ibm Websphere Commerce 6.0.0.3

  • Ibm Websphere Commerce 6.0.0.4

  • Ibm Websphere Commerce 6.0.0.5

  • Ibm Websphere Commerce 6.0.0.6

  • Ibm Websphere Commerce 6.0.0.7

  • Ibm Websphere Commerce 6.0.0.8

  • Ibm Websphere Commerce 6.0.0.9

  • Ibm Websphere Commerce 7.0

  • Ibm Websphere Commerce 7.0.0.1

  • Ibm Websphere Commerce 7.0.0.2

  • Ibm Websphere Commerce 7.0.0.3


References

XF - websphere-commerce-activity-unspecified(69838)

BID - 49643

OSVDB - 75428

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg24030908

AIXAPAR - JR40420

SECUNIA - 45999


Last Updated: 27 May 2016 10:57:44