IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 incorrectly maintains a valid session after unspecified interaction with REST services, which allows remote malicious users to issue REST requests in the context of an arbitrary user's active session via unknown vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere commerce 7.0 |