CVE-2010-2639

IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues."

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg24028397	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1JR38114	Vendor Advisory
http://www.securitytracker.com/id?1024845
https://exchange.xforce.ibmcloud.com/vulnerabilities/63406

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_commerce:7.0::enterprise:::::
	cpe:2.3:a:ibm:websphere_commerce:7.0.0.1::enterprise:::::

History

No history.

Information

Published : 2010-12-06 20:12

Updated : 2024-02-04 17:54

NVD link : CVE-2010-2639

Mitre link : CVE-2010-2639

CVE.ORG link : CVE-2010-2639

JSON object : View

Products Affected

ibm

websphere_commerce

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2010-2639", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-12-06T20:12:58.013", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24028397", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1JR38114", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1024845", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63406", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and \"concurrency issues.\""}, {"lang": "es", "value": "IBM WebSphere Commerce Enterprise 7.0 anteriores 7.0.0.2 permite a atacantes remotos leer mensajes previstos para otros destinatarios a trav\u00e9s de vectores que involucran acceso por el sistema de mensajer\u00eda fuera de l\u00ednea a la clase RunTimeProfileCacheCmdImpl. Relacionado con el almacenamiento en cach\u00e9 de objetos cambiantes (\"mutable\") y temas de concurrencia."}], "lastModified": "2017-08-17T01:32:46.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B1C5DE8-08DD-47CE-B323-8ADC06EA1066"}, {"criteria": "cpe:2.3:a:ibm:websphere_commerce:7.0.0.1:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "908A9A8C-81DA-4315-917E-12E33FAC6B9E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}