IBM WebSphere Commerce Information Disclosure Vulnerability
Last Update Date:
21 Jun 2013 10:01
Release Date:
21 Jun 2013
4153
Views
RISK: Medium Risk
TYPE: Servers - Internet App Servers
A vulnerability has been identified in IBM WebSphere Commerce, which can be exploited by a remote user to obtain potentially sensitive information.
A remote user with the ability to monitor network communications can conduct an oracle padding attack against the 'krypto' parameter to decrypt user data and forge new tokens with arbitrary embedded parameters.
Impact
- Information Disclosure
System / Technologies affected
- IBM WebSphere Commerce versions 5.6.x, 6.0.x, 7.0.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Vulnerability Identifier
Source
Related Link
Share with