Unspecified Web Services Authentication Bypass in IBM WebSphere Commerce

Unspecified Web Services Authentication Bypass in IBM WebSphere Commerce

CVE-2013-2993 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:N

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.

Learn more about our Cis Benchmark Audit For Ibm Websphere.