CVE-2011-3577

EUVD-2011-3540
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_commerce
6.0.0.0
ibmwebsphere_commerce
6.0.0.1
ibmwebsphere_commerce
6.0.0.2
ibmwebsphere_commerce
6.0.0.3
ibmwebsphere_commerce
6.0.0.4
ibmwebsphere_commerce
6.0.0.5
ibmwebsphere_commerce
6.0.0.6
ibmwebsphere_commerce
6.0.0.7
ibmwebsphere_commerce
6.0.0.8
ibmwebsphere_commerce
6.0.0.9
ibmwebsphere_commerce
6.0.0.10
ibmwebsphere_commerce
6.0.0.11
ibmwebsphere_commerce
7.0
ibmwebsphere_commerce
7.0.0.1
ibmwebsphere_commerce
7.0.0.2
ibmwebsphere_commerce
7.0.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/45999
http://www.ibm.com/support/docview.wss?uid=swg1JR40420
http://www.ibm.com/support/docview.wss?uid=swg24030908
http://www.osvdb.org/75428
http://www.securityfocus.com/bid/49643
https://exchange.xforce.ibmcloud.com/vulnerabilities/69838
http://secunia.com/advisories/45999
http://www.ibm.com/support/docview.wss?uid=swg1JR40420
http://www.ibm.com/support/docview.wss?uid=swg24030908
http://www.osvdb.org/75428
http://www.securityfocus.com/bid/49643
https://exchange.xforce.ibmcloud.com/vulnerabilities/69838