Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-0523

Опубликовано: 21 июн. 2013
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_commerce:5.6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:5.6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:5.6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:5.6.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:5.6.1.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:5.6.1.5:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:ibm:websphere_commerce:6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:6.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:6.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:6.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:6.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:6.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:6.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:6.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:6.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:6.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:6.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:6.0.0.11:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:ibm:websphere_commerce:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:7.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:7.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:7.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:7.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:7.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_commerce:7.0.0.7:*:*:*:*:*:*:*

EPSS

Процентиль: 37%
0.00159
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

github логотип

GHSA-qx72-vwp8-xwxm

github
почти 4 года назад

IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access.

EPSS

Процентиль: 37%
0.00159
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200