What is the severity of CVE-2017-1170?

CVE-2017-1170 has a moderate severity rating as it allows a local user to hijack a user's session.

How do I fix CVE-2017-1170?

To fix CVE-2017-1170, you should update IBM WebSphere Commerce to the latest patched version.

Which versions of IBM WebSphere Commerce are affected by CVE-2017-1170?

CVE-2017-1170 affects IBM WebSphere Commerce versions 8.0.0.0 through 8.0.3.3.

What type of vulnerability is CVE-2017-1170?

CVE-2017-1170 is a session hijacking vulnerability that can be exploited by local users.

Is there an exploit available for CVE-2017-1170?

While specific exploits are not detailed, the nature of session hijacking makes this vulnerability critical for security.

Vulnerability/
CVE-2017-1170

medium

5.3

26/4/2017

5/8/2024

CVE-2017-1170

First published: Wed Apr 26 2017(Updated: )

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 8.0 could allow a local user to hijack a user's session. IBM X-Force ID: 123230.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Commerce	=8.0.0.0
IBM WebSphere Commerce	=8.0.0.1
IBM WebSphere Commerce	=8.0.0.2
IBM WebSphere Commerce	=8.0.0.3
IBM WebSphere Commerce	=8.0.0.4
IBM WebSphere Commerce	=8.0.0.5
IBM WebSphere Commerce	=8.0.0.6
IBM WebSphere Commerce	=8.0.0.7
IBM WebSphere Commerce	=8.0.0.8
IBM WebSphere Commerce	=8.0.0.9
IBM WebSphere Commerce	=8.0.0.10
IBM WebSphere Commerce	=8.0.0.11
IBM WebSphere Commerce	=8.0.0.12
IBM WebSphere Commerce	=8.0.0.13
IBM WebSphere Commerce	=8.0.0.14
IBM WebSphere Commerce	=8.0.0.15
IBM WebSphere Commerce	=8.0.0.16
IBM WebSphere Commerce	=8.0.0.17
IBM WebSphere Commerce	=8.0.1.0
IBM WebSphere Commerce	=8.0.1.1
IBM WebSphere Commerce	=8.0.1.2
IBM WebSphere Commerce	=8.0.1.3
IBM WebSphere Commerce	=8.0.1.4
IBM WebSphere Commerce	=8.0.1.5
IBM WebSphere Commerce	=8.0.1.6
IBM WebSphere Commerce	=8.0.1.7
IBM WebSphere Commerce	=8.0.1.8
IBM WebSphere Commerce	=8.0.1.9
IBM WebSphere Commerce	=8.0.3.0
IBM WebSphere Commerce	=8.0.3.1
IBM WebSphere Commerce	=8.0.3.2
IBM WebSphere Commerce	=8.0.3.3

Remedy

http://www.ibm.com/support/docview.wss?uid=swg22001225

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1170?
CVE-2017-1170 has a moderate severity rating as it allows a local user to hijack a user's session.
How do I fix CVE-2017-1170?
To fix CVE-2017-1170, you should update IBM WebSphere Commerce to the latest patched version.
Which versions of IBM WebSphere Commerce are affected by CVE-2017-1170?
CVE-2017-1170 affects IBM WebSphere Commerce versions 8.0.0.0 through 8.0.3.3.
What type of vulnerability is CVE-2017-1170?
CVE-2017-1170 is a session hijacking vulnerability that can be exploited by local users.
Is there an exploit available for CVE-2017-1170?
While specific exploits are not detailed, the nature of session hijacking makes this vulnerability critical for security.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/references
agent/last-modified-date
agent/remedy
agent/severity
agent/first-publish-date
agent/event
agent/description
agent/tags
agent/source
vendor/ibm
canonical/ibm websphere commerce
version/ibm websphere commerce/8.0.0.0
version/ibm websphere commerce/8.0.0.1
version/ibm websphere commerce/8.0.0.2
version/ibm websphere commerce/8.0.0.3
version/ibm websphere commerce/8.0.0.4
version/ibm websphere commerce/8.0.0.5
version/ibm websphere commerce/8.0.0.6
version/ibm websphere commerce/8.0.0.7
version/ibm websphere commerce/8.0.0.8
version/ibm websphere commerce/8.0.0.9
version/ibm websphere commerce/8.0.0.10
version/ibm websphere commerce/8.0.0.11
version/ibm websphere commerce/8.0.0.12
version/ibm websphere commerce/8.0.0.13
version/ibm websphere commerce/8.0.0.14
version/ibm websphere commerce/8.0.0.15
version/ibm websphere commerce/8.0.0.16
version/ibm websphere commerce/8.0.0.17
version/ibm websphere commerce/8.0.1.0
version/ibm websphere commerce/8.0.1.1
version/ibm websphere commerce/8.0.1.2
version/ibm websphere commerce/8.0.1.3
version/ibm websphere commerce/8.0.1.4
version/ibm websphere commerce/8.0.1.5
version/ibm websphere commerce/8.0.1.6
version/ibm websphere commerce/8.0.1.7
version/ibm websphere commerce/8.0.1.8
version/ibm websphere commerce/8.0.1.9
version/ibm websphere commerce/8.0.3.0
version/ibm websphere commerce/8.0.3.1
version/ibm websphere commerce/8.0.3.2
version/ibm websphere commerce/8.0.3.3

Frequently Asked Questions

What is the severity of CVE-2017-1170?
CVE-2017-1170 has a moderate severity rating as it allows a local user to hijack a user's session.
How do I fix CVE-2017-1170?
To fix CVE-2017-1170, you should update IBM WebSphere Commerce to the latest patched version.
Which versions of IBM WebSphere Commerce are affected by CVE-2017-1170?
CVE-2017-1170 affects IBM WebSphere Commerce versions 8.0.0.0 through 8.0.3.3.
What type of vulnerability is CVE-2017-1170?
CVE-2017-1170 is a session hijacking vulnerability that can be exploited by local users.
Is there an exploit available for CVE-2017-1170?
While specific exploits are not detailed, the nature of session hijacking makes this vulnerability critical for security.

CVE-2017-1170

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1170?

How do I fix CVE-2017-1170?

Which versions of IBM WebSphere Commerce are affected by CVE-2017-1170?

What type of vulnerability is CVE-2017-1170?

Is there an exploit available for CVE-2017-1170?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2017-1170?

How do I fix CVE-2017-1170?

Which versions of IBM WebSphere Commerce are affected by CVE-2017-1170?

What type of vulnerability is CVE-2017-1170?

Is there an exploit available for CVE-2017-1170?