What is the severity of CVE-2013-2993?

CVE-2013-2993 is considered a critical vulnerability due to improper authentication allowing remote attackers to exploit active user sessions.

How do I fix CVE-2013-2993?

To resolve CVE-2013-2993, update IBM WebSphere Commerce to version 6.0.0.12 or higher, or 7.0.0.8 or higher.

What versions of IBM WebSphere Commerce are affected by CVE-2013-2993?

CVE-2013-2993 affects IBM WebSphere Commerce versions 6.x through 6.0.0.11 and 7.x through 7.0.0.7.

What type of attack can be executed using the vulnerability identified in CVE-2013-2993?

CVE-2013-2993 allows attackers to issue requests impersonating an arbitrary user's active session, leading to unauthorized actions.

Is there a risk of data exposure with CVE-2013-2993?

Yes, CVE-2013-2993 poses a risk of data exposure as it can allow attackers to manipulate or access sensitive information through unauthorized requests.

Vulnerability/
CVE-2013-2993

medium

5.8

CWE

287

1/8/2013

29/8/2017

CVE-2013-2993

First published: Thu Aug 01 2013(Updated: )

IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Commerce	=6.0.0.1
IBM WebSphere Commerce	=6.0.0.2
IBM WebSphere Commerce	=6.0.0.3
IBM WebSphere Commerce	=6.0.0.4
IBM WebSphere Commerce	=6.0.0.5
IBM WebSphere Commerce	=6.0.0.6
IBM WebSphere Commerce	=6.0.0.7
IBM WebSphere Commerce	=6.0.0.8
IBM WebSphere Commerce	=6.0.0.9
IBM WebSphere Commerce	=6.0.0.10
IBM WebSphere Commerce	=6.0.0.11
IBM WebSphere Commerce	=7.0
IBM WebSphere Commerce	=7.0.0.1
IBM WebSphere Commerce	=7.0.0.2
IBM WebSphere Commerce	=7.0.0.3
IBM WebSphere Commerce	=7.0.0.4
IBM WebSphere Commerce	=7.0.0.5
IBM WebSphere Commerce	=7.0.0.6
IBM WebSphere Commerce	=7.0.0.7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2993?
CVE-2013-2993 is considered a critical vulnerability due to improper authentication allowing remote attackers to exploit active user sessions.
How do I fix CVE-2013-2993?
To resolve CVE-2013-2993, update IBM WebSphere Commerce to version 6.0.0.12 or higher, or 7.0.0.8 or higher.
What versions of IBM WebSphere Commerce are affected by CVE-2013-2993?
CVE-2013-2993 affects IBM WebSphere Commerce versions 6.x through 6.0.0.11 and 7.x through 7.0.0.7.
What type of attack can be executed using the vulnerability identified in CVE-2013-2993?
CVE-2013-2993 allows attackers to issue requests impersonating an arbitrary user's active session, leading to unauthorized actions.
Is there a risk of data exposure with CVE-2013-2993?
Yes, CVE-2013-2993 poses a risk of data exposure as it can allow attackers to manipulate or access sensitive information through unauthorized requests.

collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/author
agent/tags
agent/type
agent/description
agent/event
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
vendor/ibm
canonical/ibm websphere commerce
version/ibm websphere commerce/6.0.0.1
version/ibm websphere commerce/6.0.0.2
version/ibm websphere commerce/6.0.0.3
version/ibm websphere commerce/6.0.0.4
version/ibm websphere commerce/6.0.0.5
version/ibm websphere commerce/6.0.0.6
version/ibm websphere commerce/6.0.0.7
version/ibm websphere commerce/6.0.0.8
version/ibm websphere commerce/6.0.0.9
version/ibm websphere commerce/6.0.0.10
version/ibm websphere commerce/6.0.0.11
version/ibm websphere commerce/7.0
version/ibm websphere commerce/7.0.0.1
version/ibm websphere commerce/7.0.0.2
version/ibm websphere commerce/7.0.0.3
version/ibm websphere commerce/7.0.0.4
version/ibm websphere commerce/7.0.0.5
version/ibm websphere commerce/7.0.0.6
version/ibm websphere commerce/7.0.0.7

Frequently Asked Questions

What is the severity of CVE-2013-2993?
CVE-2013-2993 is considered a critical vulnerability due to improper authentication allowing remote attackers to exploit active user sessions.
How do I fix CVE-2013-2993?
To resolve CVE-2013-2993, update IBM WebSphere Commerce to version 6.0.0.12 or higher, or 7.0.0.8 or higher.
What versions of IBM WebSphere Commerce are affected by CVE-2013-2993?
CVE-2013-2993 affects IBM WebSphere Commerce versions 6.x through 6.0.0.11 and 7.x through 7.0.0.7.
What type of attack can be executed using the vulnerability identified in CVE-2013-2993?
CVE-2013-2993 allows attackers to issue requests impersonating an arbitrary user's active session, leading to unauthorized actions.
Is there a risk of data exposure with CVE-2013-2993?
Yes, CVE-2013-2993 poses a risk of data exposure as it can allow attackers to manipulate or access sensitive information through unauthorized requests.

CVE-2013-2993

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2993?

How do I fix CVE-2013-2993?

What versions of IBM WebSphere Commerce are affected by CVE-2013-2993?

What type of attack can be executed using the vulnerability identified in CVE-2013-2993?

Is there a risk of data exposure with CVE-2013-2993?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2013-2993?

How do I fix CVE-2013-2993?

What versions of IBM WebSphere Commerce are affected by CVE-2013-2993?

What type of attack can be executed using the vulnerability identified in CVE-2013-2993?

Is there a risk of data exposure with CVE-2013-2993?