IBM WebSphere Commerce Information Disclosure Vulnerability

Last Update Date: 21 Jun 2013 10:01 Release Date: 21 Jun 2013 3471 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

A vulnerability has been identified in IBM WebSphere Commerce, which can be exploited by a remote user to obtain potentially sensitive information.

 

A remote user with the ability to monitor network communications can conduct an oracle padding attack against the 'krypto' parameter to decrypt user data and forge new tokens with arbitrary embedded parameters.

Impact

  • Information Disclosure

System / Technologies affected

  • IBM WebSphere Commerce versions 5.6.x, 6.0.x, 7.0.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Symantec Endpoint Protection Manager Buffer Overflow Vulnerability

20 Jun 2013 3325 Views

Next

VLC Media Player Unspecified Vulnerabilities

21 Jun 2013 3504 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY