CVE-2012-4855
https://notcve.org/view.php?id=CVE-2012-4855
Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors. Vulnerabilidad no especificada en el framework de servicios web de IBM WebSphere Commerce v6.0 a la v6.0.0.11 y v7.0 a la v7.0.0.6 permite a atacantes remotos causar una denegación de servicio (parada de login) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR44528 http://www-01.ibm.com/support/docview.wss?uid=swg1JR45471 http://www.ibm.com/support/docview.wss?uid=swg21618720 https://exchange.xforce.ibmcloud.com/vulnerabilities/79735 •
CVE-2011-3577
https://notcve.org/view.php?id=CVE-2011-3577
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors. IBM WebSphere Commerce v6.x a través de v6.0.0.11 y v7.0.0.3 7.x no aplica correctamente la autenticación Activity Token para Web Services, que tienen un impacto no especificado y vectores de ataque. • http://secunia.com/advisories/45999 http://www.ibm.com/support/docview.wss?uid=swg1JR40420 http://www.ibm.com/support/docview.wss?uid=swg24030908 http://www.osvdb.org/75428 http://www.securityfocus.com/bid/49643 https://exchange.xforce.ibmcloud.com/vulnerabilities/69838 • CWE-287: Improper Authentication •