Session Hijacking Vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5

Session Hijacking Vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5

CVE-2013-2994 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors.

Learn more about our Cis Benchmark Audit For Ibm Websphere.