Unrated severityNVD Advisory· Published Aug 1, 2013· Updated Jun 16, 2026
CVE-2013-2994
CVE-2013-2994
Description
IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors.
Affected products
3cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack4:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack4:*:*:*:*:*:*
- cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack5:*:*:*:*:*:*
- (no CPE)range: 7.0 Feature Pack 4 and Feature Pack 5
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.