PT-2013-2402 · Ibm · Ibm Websphere Commerce Enterprise
Published
2013-06-21
·
Updated
2019-09-30
·
CVE-2013-0523
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM WebSphere Commerce Enterprise versions 5.6.x through 5.6.1.5
IBM WebSphere Commerce Enterprise versions 6.0.x through 6.0.0.11
IBM WebSphere Commerce Enterprise versions 7.0.x through 7.0.0.7
Description
The issue allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the
krypto parameter. This attack can leverage unspecified browser access or traffic-log access.Recommendations
For versions 5.6.x through 5.6.1.5, update to a version that uses a suitable encryption algorithm for storefront web requests.
For versions 6.0.x through 6.0.0.11, update to a version that uses a suitable encryption algorithm for storefront web requests.
For versions 7.0.x through 7.0.0.7, update to a version that uses a suitable encryption algorithm for storefront web requests.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Websphere Commerce Enterprise