IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: ibm
Published: 2013-07-31T18:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2013-04-12T00:00:00
Link: CVE-2013-2994
JSON object: View
NVD Information
Status : Modified
Published: 2013-08-01T13:32:25.660
Modified: 2017-08-29T01:33:19.167
Link: CVE-2013-2994
JSON object: View
Redhat Information
No data.
CWE