CVE-2013-2994

EUVD-2013-2933
IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_commerce
7.0:feature_pack4
ibmwebsphere_commerce
7.0:feature_pack5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg1JR45420
http://www-01.ibm.com/support/docview.wss?uid=swg21644393
https://exchange.xforce.ibmcloud.com/vulnerabilities/84033
http://www-01.ibm.com/support/docview.wss?uid=swg1JR45420
http://www-01.ibm.com/support/docview.wss?uid=swg21644393
https://exchange.xforce.ibmcloud.com/vulnerabilities/84033