CVE-2013-2993

EUVD-2013-2932
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_commerce
6.0.0.1
ibmwebsphere_commerce
6.0.0.2
ibmwebsphere_commerce
6.0.0.3
ibmwebsphere_commerce
6.0.0.4
ibmwebsphere_commerce
6.0.0.5
ibmwebsphere_commerce
6.0.0.6
ibmwebsphere_commerce
6.0.0.7
ibmwebsphere_commerce
6.0.0.8
ibmwebsphere_commerce
6.0.0.9
ibmwebsphere_commerce
6.0.0.10
ibmwebsphere_commerce
6.0.0.11
ibmwebsphere_commerce
7.0
ibmwebsphere_commerce
7.0.0.1
ibmwebsphere_commerce
7.0.0.2
ibmwebsphere_commerce
7.0.0.3
ibmwebsphere_commerce
7.0.0.4
ibmwebsphere_commerce
7.0.0.5
ibmwebsphere_commerce
7.0.0.6
ibmwebsphere_commerce
7.0.0.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1JR45302
http://www-01.ibm.com/support/docview.wss?uid=swg21644391
https://exchange.xforce.ibmcloud.com/vulnerabilities/84031
http://www-01.ibm.com/support/docview.wss?uid=swg1JR45302
http://www-01.ibm.com/support/docview.wss?uid=swg21644391
https://exchange.xforce.ibmcloud.com/vulnerabilities/84031