Skip to main content

IBM WebSphere Commerce Information Disclosure Vulnerability

Last Update Date: 21 Jun 2013 10:01 Release Date: 21 Jun 2013 4153 Views

RISK: Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

A vulnerability has been identified in IBM WebSphere Commerce, which can be exploited by a remote user to obtain potentially sensitive information.

 

A remote user with the ability to monitor network communications can conduct an oracle padding attack against the 'krypto' parameter to decrypt user data and forge new tokens with arbitrary embedded parameters.


Impact

  • Information Disclosure

System / Technologies affected

  • IBM WebSphere Commerce versions 5.6.x, 6.0.x, 7.0.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link