Vulnerabilities > CVE-2009-2752 - Cryptographic Issues vulnerability in IBM Websphere Commerce 7.0

CVSS 1.5 - LOW

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

ibm

CWE-310

NVD

Published: 2010-02-05

Updated: 2017-08-17

Summary

IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Websphere Commerce 7.0	1

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References