Vulnerabilities > CVE-2012-3298 - Denial-Of-Service vulnerability in IBM Websphere Commerce 7.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
ibm
critical
NVD
Published: 2012-09-25
Updated: 2017-08-29

Summary

Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Ibm
1

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 55684 CVE ID: CVE-2012-3298,CVE-2012-3300 IBM WebSphere Commerce Enterprise 是业界领先的电子商务解决方案。 IBM WebSphere Commerce v7.0.0.0 - 7.0.0.5存在安全漏洞,成功利用后可允许远程攻击者绕过某些安全限制并执行未授权操作。 1) REST服务框架内存在错误,可被利用非法访问资源。 2)处理持久会话和个性化ID时存在错误,可被利用消耗系统资源并显示服务不可用。 0 IBM WebSphere Commerce Enterprise 7.0.0.0 - 7.0.0.5 厂商补丁: IBM --- IBM已经为此发布了一个安全公告(1610905)以及相应补丁: 1610905:Security Bulletin: Vulnerability in WebSphere Commerce REST services (CVE-2012-3298) 链接:http://www-01.ibm.com/support/docview.wss?uid=swg21610905
idSSV:60408
last seen2017-11-19
modified2012-09-27
published2012-09-27
reporterRoot
titleIBM WebSphere Commerce Enterprise REST服务安全限制绕过漏洞

References