IBM WebSphere Application Server 3.02 up to and including 3.53 uses predictable session IDs for cookies, which allows remote malicious users to gain privileges of WebSphere users via brute force guessing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere commerce suite 3.2 |
||
ibm websphere application server |
||
ibm websphere commerce suite 3.1.2 |