CVE-2011-3577

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
ibmwebsphere_commerce
6.0.0.0
ibmwebsphere_commerce
6.0.0.1
ibmwebsphere_commerce
6.0.0.2
ibmwebsphere_commerce
6.0.0.3
ibmwebsphere_commerce
6.0.0.4
ibmwebsphere_commerce
6.0.0.5
ibmwebsphere_commerce
6.0.0.6
ibmwebsphere_commerce
6.0.0.7
ibmwebsphere_commerce
6.0.0.8
ibmwebsphere_commerce
6.0.0.9
ibmwebsphere_commerce
6.0.0.10
ibmwebsphere_commerce
6.0.0.11
ibmwebsphere_commerce
7.0
ibmwebsphere_commerce
7.0.0.1
ibmwebsphere_commerce
7.0.0.2
ibmwebsphere_commerce
7.0.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/45999
http://www.ibm.com/support/docview.wss?uid=swg1JR40420
http://www.ibm.com/support/docview.wss?uid=swg24030908
http://www.osvdb.org/75428
http://www.securityfocus.com/bid/49643
https://exchange.xforce.ibmcloud.com/vulnerabilities/69838
http://secunia.com/advisories/45999
http://www.ibm.com/support/docview.wss?uid=swg1JR40420
http://www.ibm.com/support/docview.wss?uid=swg24030908
http://www.osvdb.org/75428
http://www.securityfocus.com/bid/49643
https://exchange.xforce.ibmcloud.com/vulnerabilities/69838