Session Hijacking Vulnerability in IBM WebSphere Commerce Products
CVE-2017-1170

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Websphere Commerce Enterprise
Vendor
CVE Published:
26 April 2017

Summary

A session hijacking vulnerability exists in IBM WebSphere Commerce, affecting the Enterprise, Professional, Express, and Developer versions. This flaw allows a local user to potentially take control of another user's session, enabling unauthorized actions and access to sensitive information. Organizations using these versions should apply security patches and review their security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

WebSphere Commerce Enterprise 8.0, 8.0.1.0, 8.0.3.0, 8.0.4.0

References

http://www.ibm.com/support/docview.wss?uid=swg22001225
x_refsource_CONFIRM
http://www.securityfocus.com/bid/98027
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038359
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.