Vulnerability Name:
CVE-2011-3577 (CCN-69838)
Assigned:
2011-09-14
Published:
2011-09-14
Updated:
2019-09-30
Summary:
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Low
Availibility (A):
None
CVSS v2 Severity:
10.0 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
)
7.4 High
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
4.3 Medium
(CCN CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
)
3.2 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
Partial
Availibility (A):
None
Vulnerability Type:
CWE-287
Vulnerability Consequences:
Other
References:
Source: MITRE
Type: CNA
CVE-2011-3577
Source: CCN
Type: SA45999
IBM WebSphere Commerce Web Service Activity Token Unspecified Vulnerability
Source: SECUNIA
Type: Vendor Advisory
45999
Source: AIXAPAR
Type: UNKNOWN
JR40420
Source: CONFIRM
Type: UNKNOWN
http://www.ibm.com/support/docview.wss?uid=swg24030908
Source: OSVDB
Type: UNKNOWN
75428
Source: CCN
Type: OSVDB ID: 75428
IBM WebSphere Commerce Web Service Activity Token Unspecified Issue
Source: BID
Type: UNKNOWN
49643
Source: CCN
Type: BID-49643
IBM WebSphere Commerce Activity Token Authentication Unspecified Security Vulnerability
Source: XF
Type: UNKNOWN
websphere-commerce-activity-unspecified(69838)
Source: XF
Type: UNKNOWN
websphere-commerce-activity-unspecified(69838)
Source: CCN
Type: IBM APAR JR40420
Potential security vulnerability with Web Services using Activity Token
Vulnerable Configuration:
Configuration 1
:
cpe:/a:ibm:websphere_commerce:6.0.0.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:6.0.0.4:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:6.0.0.5:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:6.0.0.6:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:6.0.0.7:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:6.0.0.8:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:6.0.0.9:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:6.0.0.10:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:6.0.0.11:*:*:*:*:*:*:*
Configuration 2
:
cpe:/a:ibm:websphere_commerce:7.0.0.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:7.0.0.1:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:7.0.0.2:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:7.0.0.3:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:ibm:websphere_commerce:7.0.0.3:*:*:*:*:*:*:*
OR
cpe:/a:ibm:websphere_commerce:6.0.0.11:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
ibm
websphere commerce 6.0.0.0
ibm
websphere commerce 6.0.0.1
ibm
websphere commerce 6.0.0.2
ibm
websphere commerce 6.0.0.3
ibm
websphere commerce 6.0.0.4
ibm
websphere commerce 6.0.0.5
ibm
websphere commerce 6.0.0.6
ibm
websphere commerce 6.0.0.7
ibm
websphere commerce 6.0.0.8
ibm
websphere commerce 6.0.0.9
ibm
websphere commerce 6.0.0.10
ibm
websphere commerce 6.0.0.11
ibm
websphere commerce 7.0
ibm
websphere commerce 7.0.0.1
ibm
websphere commerce 7.0.0.2
ibm
websphere commerce 7.0.0.3
ibm
websphere commerce 7.0.0.3
ibm
websphere commerce 6.0.0.11
Denotes that component is vulnerable