CVE-2010-2639

{"id": "CVE-2010-2639", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-12-06T20:12:58.013", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24028397", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR38114", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1024845", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63406", "source": "cve@mitre.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24028397", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR38114", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1024845", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63406", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and \"concurrency issues.\""}, {"lang": "es", "value": "IBM WebSphere Commerce Enterprise 7.0 anteriores 7.0.0.2 permite a atacantes remotos leer mensajes previstos para otros destinatarios a trav\u00e9s de vectores que involucran acceso por el sistema de mensajer\u00eda fuera de l\u00ednea a la clase RunTimeProfileCacheCmdImpl. Relacionado con el almacenamiento en cach\u00e9 de objetos cambiantes (\"mutable\") y temas de concurrencia."}], "lastModified": "2024-11-21T01:17:03.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B1C5DE8-08DD-47CE-B323-8ADC06EA1066"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "908A9A8C-81DA-4315-917E-12E33FAC6B9E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}