CVE-2013-2993

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1JR45302
http://www-01.ibm.com/support/docview.wss?uid=swg21644391	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/84031

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:::::::*
	cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:::::::*
	cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:::::::*
	cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:::::::*
	cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:::::::*
	cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:::::::*
	cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:::::::*
	cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:::::::*
	cpe:2.3:a:ibm:websphere_commerce:6.0.0.10:::::::*
	cpe:2.3:a:ibm:websphere_commerce:6.0.0.11:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ibm:websphere_commerce:7.0:::::::*
	cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_commerce:7.0.0.2:::::::*
	cpe:2.3:a:ibm:websphere_commerce:7.0.0.3:::::::*
	cpe:2.3:a:ibm:websphere_commerce:7.0.0.4:::::::*
	cpe:2.3:a:ibm:websphere_commerce:7.0.0.5:::::::*
	cpe:2.3:a:ibm:websphere_commerce:7.0.0.6:::::::*
	cpe:2.3:a:ibm:websphere_commerce:7.0.0.7:::::::*

History

No history.

Information

Published : 2013-08-01 13:32

Updated : 2024-02-28 12:00

NVD link : CVE-2013-2993

Mitre link : CVE-2013-2993

CVE.ORG link : CVE-2013-2993

JSON object : View

Products Affected

ibm

websphere_commerce

CWE

CWE-287

Improper Authentication

{"id": "CVE-2013-2993", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-08-01T13:32:16.400", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR45302", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644391", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84031", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors."}, {"lang": "es", "value": "IBM WebSphere Commerce 6.x a la 6.0.0.11 y 7.x a la 7.0.0.7, no realiza una autenticaci\u00f3n adecuada para servicios web sin especificar, lo que permite a atacantes remotos emitir peticiones en el contexto de sesiones activas de usuarios a trav\u00e9s de vectores desconocidos."}], "lastModified": "2017-08-29T01:33:19.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C21677D0-CF4E-4958-83A7-EF8C3AF4B1D1"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAF24659-1284-4762-925C-4879B56AC386"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "162FF755-CFF5-4AF2-B5D4-AEBA107DD93D"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4783F5D2-0709-4E5B-B6B7-DF7823E928CB"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EB6E277-36B8-483E-8F9E-34D350BBB0EE"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40A7EA48-BCC0-41BD-975D-0C01B6066BE7"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA2AE738-BC94-4731-B6C3-54F808756ABC"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE23443C-6FB5-43AC-9822-1267AE61D14E"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5952ADD8-4D62-401A-A5D3-1A63706D2F36"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BA04184-B648-48CB-8664-D53AE07196BE"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:6.0.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77F7D656-CFD1-4447-97CE-1D183CB41571"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "775206CE-A901-4653-BD17-DE1BFBA076FD"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "213C52C9-C5B5-4F26-BBB7-EE0824A995AD"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CC937CD-1BE1-4827-9145-E2EA7F3AA792"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A6189A9-E083-41D3-9D36-7B41D82EC197"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE6F4DC0-41E3-4F73-9F62-3D415F8949C9"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ACFED34-9B1E-4950-9D03-756942EF32F0"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "202F791B-697B-4D9C-BF5D-84F7C657C790"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "012405FA-CE85-47B6-B368-2EAEBD06A15E"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}