IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Websphere_commerce | Ibm | 6.0.0.0 (including) | 6.0.0.0 (including) |
| Websphere_commerce | Ibm | 6.0.0.1 (including) | 6.0.0.1 (including) |
| Websphere_commerce | Ibm | 6.0.0.2 (including) | 6.0.0.2 (including) |
| Websphere_commerce | Ibm | 6.0.0.3 (including) | 6.0.0.3 (including) |
| Websphere_commerce | Ibm | 6.0.0.4 (including) | 6.0.0.4 (including) |
| Websphere_commerce | Ibm | 6.0.0.5 (including) | 6.0.0.5 (including) |
| Websphere_commerce | Ibm | 6.0.0.6 (including) | 6.0.0.6 (including) |
| Websphere_commerce | Ibm | 6.0.0.7 (including) | 6.0.0.7 (including) |
| Websphere_commerce | Ibm | 6.0.0.8 (including) | 6.0.0.8 (including) |
| Websphere_commerce | Ibm | 6.0.0.9 (including) | 6.0.0.9 (including) |
| Websphere_commerce | Ibm | 6.0.0.10 (including) | 6.0.0.10 (including) |
| Websphere_commerce | Ibm | 6.0.0.11 (including) | 6.0.0.11 (including) |