CVE Vulnerabilities

CVE-2013-2993

Improper Authentication

Published: Aug 01, 2013 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary users active session via unknown vectors.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Websphere_commerce Ibm 6.0.0.1 (including) 6.0.0.1 (including)
Websphere_commerce Ibm 6.0.0.2 (including) 6.0.0.2 (including)
Websphere_commerce Ibm 6.0.0.3 (including) 6.0.0.3 (including)
Websphere_commerce Ibm 6.0.0.4 (including) 6.0.0.4 (including)
Websphere_commerce Ibm 6.0.0.5 (including) 6.0.0.5 (including)
Websphere_commerce Ibm 6.0.0.6 (including) 6.0.0.6 (including)
Websphere_commerce Ibm 6.0.0.7 (including) 6.0.0.7 (including)
Websphere_commerce Ibm 6.0.0.8 (including) 6.0.0.8 (including)
Websphere_commerce Ibm 6.0.0.9 (including) 6.0.0.9 (including)
Websphere_commerce Ibm 6.0.0.10 (including) 6.0.0.10 (including)
Websphere_commerce Ibm 6.0.0.11 (including) 6.0.0.11 (including)

Potential Mitigations

References