Vulnerability Description
IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Commerce | 5.6.1 |
Related Weaknesses (CWE)
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR46386
- http://www.vsecurity.com/advisory/20130619-1.txt
- http://www.vsecurity.com/resources/advisory/20130619-1/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82541
- https://www-01.ibm.com/support/docview.wss?uid=swg21640597Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR46386
- http://www.vsecurity.com/advisory/20130619-1.txt
- http://www.vsecurity.com/resources/advisory/20130619-1/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82541
- https://www-01.ibm.com/support/docview.wss?uid=swg21640597Vendor Advisory
FAQ
What is CVE-2013-0523?
CVE-2013-0523 is a vulnerability with a CVSS score of 4.3 (MEDIUM). IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote...
How severe is CVE-2013-0523?
CVE-2013-0523 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0523?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Commerce.