Session Hijacking Vulnerability in IBM WebSphere Commerce Products
CVE-2017-1170
5.3MEDIUM
Summary
A session hijacking vulnerability exists in IBM WebSphere Commerce, affecting the Enterprise, Professional, Express, and Developer versions. This flaw allows a local user to potentially take control of another user's session, enabling unauthorized actions and access to sensitive information. Organizations using these versions should apply security patches and review their security measures to mitigate risks associated with this vulnerability.
Affected Version(s)
WebSphere Commerce Enterprise 8.0, 8.0.1.0, 8.0.3.0, 8.0.4.0
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved