CVE-2012-3298
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21610905
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | websphere_commerce | 7.0 | |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR42770
- http://www.ibm.com/support/docview.wss?uid=swg21610905
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77294
- http://www-01.ibm.com/support/docview.wss?uid=swg1JR42770
- http://www.ibm.com/support/docview.wss?uid=swg21610905
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77294
Verify integrity in audit chain (admin only). AS-IS.