CVE-2013-0523

Name of the Vulnerable Software and Affected Versions IBM WebSphere Commerce Enterprise versions 5.6.x through 5.6.1.5 IBM WebSphere Commerce Enterprise versions 6.0.x through 6.0.0.11 IBM WebSphere Commerce Enterprise versions 7.0.x through 7.0.0.7

Description The issue allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter. This attack can leverage unspecified browser access or traffic-log access.

Recommendations For versions 5.6.x through 5.6.1.5, update to a version that uses a suitable encryption algorithm for storefront web requests. For versions 6.0.x through 6.0.0.11, update to a version that uses a suitable encryption algorithm for storefront web requests. For versions 7.0.x through 7.0.0.7, update to a version that uses a suitable encryption algorithm for storefront web requests.