CVE-2013-2993
https://notcve.org/view.php?id=CVE-2013-2993
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. IBM WebSphere Commerce 6.x a la 6.0.0.11 y 7.x a la 7.0.0.7, no realiza una autenticación adecuada para servicios web sin especificar, lo que permite a atacantes remotos emitir peticiones en el contexto de sesiones activas de usuarios a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR45302 http://www-01.ibm.com/support/docview.wss?uid=swg21644391 https://exchange.xforce.ibmcloud.com/vulnerabilities/84031 • CWE-287: Improper Authentication •
CVE-2013-0523
https://notcve.org/view.php?id=CVE-2013-0523
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access. IBM WebSphere Commerce Enterprise v5.6.x hasta v5.6.1.5,v6.0.x hasta v6.0.0.11, y v7.0.x hasta v7.0.0.7 no utiliza un algoritmo de cifrado adecuado para las solicitudes web storefront, permitiendo a atacantes remotos obtener información sensible a través de un ataque "padding oracle" que se dirige a ciertos procesamientos UTF-8 del parámetro Krypto, y aprovecha el acceso no especificado del navegador o el acceso al log de tráfico (traffic-log) • http://www-01.ibm.com/support/docview.wss?uid=swg1JR46386 http://www.vsecurity.com/advisory/20130619-1.txt http://www.vsecurity.com/resources/advisory/20130619-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/82541 https://www-01.ibm.com/support/docview.wss?uid=swg21640597 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-4855
https://notcve.org/view.php?id=CVE-2012-4855
Unspecified vulnerability in the web services framework in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to cause a denial of service (login outage) via unknown vectors. Vulnerabilidad no especificada en el framework de servicios web de IBM WebSphere Commerce v6.0 a la v6.0.0.11 y v7.0 a la v7.0.0.6 permite a atacantes remotos causar una denegación de servicio (parada de login) a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR44528 http://www-01.ibm.com/support/docview.wss?uid=swg1JR45471 http://www.ibm.com/support/docview.wss?uid=swg21618720 https://exchange.xforce.ibmcloud.com/vulnerabilities/79735 •
CVE-2012-4830
https://notcve.org/view.php?id=CVE-2012-4830
Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain users' personal data via unknown vectors. Vulnerabilidad no especificada en IBM WebSphere Commerce v6.0 hasta v6.0.0.11 y 7.0 hasta v7.0.0.6, permite a atacantes remotos obtener datos personales de los usuarios a través de vectores desconocidos • http://osvdb.org/85868 http://www-01.ibm.com/support/docview.wss?uid=swg1SE53160 http://www-01.ibm.com/support/docview.wss?uid=swg21612484 https://exchange.xforce.ibmcloud.com/vulnerabilities/78867 •
CVE-2011-3577
https://notcve.org/view.php?id=CVE-2011-3577
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors. IBM WebSphere Commerce v6.x a través de v6.0.0.11 y v7.0.0.3 7.x no aplica correctamente la autenticación Activity Token para Web Services, que tienen un impacto no especificado y vectores de ataque. • http://secunia.com/advisories/45999 http://www.ibm.com/support/docview.wss?uid=swg1JR40420 http://www.ibm.com/support/docview.wss?uid=swg24030908 http://www.osvdb.org/75428 http://www.securityfocus.com/bid/49643 https://exchange.xforce.ibmcloud.com/vulnerabilities/69838 • CWE-287: Improper Authentication •