CVE Vulnerabilities

CVE-2011-3577

Improper Authentication

Published: Sep 20, 2011 | Modified: Sep 30, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Websphere_commerce Ibm 6.0.0.0 (including) 6.0.0.0 (including)
Websphere_commerce Ibm 6.0.0.1 (including) 6.0.0.1 (including)
Websphere_commerce Ibm 6.0.0.2 (including) 6.0.0.2 (including)
Websphere_commerce Ibm 6.0.0.3 (including) 6.0.0.3 (including)
Websphere_commerce Ibm 6.0.0.4 (including) 6.0.0.4 (including)
Websphere_commerce Ibm 6.0.0.5 (including) 6.0.0.5 (including)
Websphere_commerce Ibm 6.0.0.6 (including) 6.0.0.6 (including)
Websphere_commerce Ibm 6.0.0.7 (including) 6.0.0.7 (including)
Websphere_commerce Ibm 6.0.0.8 (including) 6.0.0.8 (including)
Websphere_commerce Ibm 6.0.0.9 (including) 6.0.0.9 (including)
Websphere_commerce Ibm 6.0.0.10 (including) 6.0.0.10 (including)
Websphere_commerce Ibm 6.0.0.11 (including) 6.0.0.11 (including)

Potential Mitigations

References