CVE-2016-6090

Name of the Vulnerable Software and Affected Versions IBM WebSphere Commerce (affected versions not specified) IBM WebSphere Commerce Developer (affected versions not specified) IBM Commerce on Cloud (affected versions not specified)

Description The issue is related to a lack of protection for service data, which could allow an attacker to disclose protected information, perform actions on behalf of an administrator, or cause a denial of service.

Recommendations For IBM WebSphere Commerce, consider restricting access to sensitive data until a fix is available. For IBM WebSphere Commerce Developer, restrict access to administrative operations to minimize the risk of exploitation. For IBM Commerce on Cloud, avoid using unprotected service data in administrative tasks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.