VYPR
Unrated severityNVD Advisory· Published Aug 1, 2013· Updated Jun 16, 2026

CVE-2013-2994

CVE-2013-2994

Description

IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote attackers to issue REST requests in the context of an arbitrary user's active session via unknown vectors.

Affected products

3
  • cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack4:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack4:*:*:*:*:*:*
    • cpe:2.3:a:ibm:websphere_commerce:7.0:feature_pack5:*:*:*:*:*:*
    • (no CPE)range: 7.0 Feature Pack 4 and Feature Pack 5

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.