IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
| Software | From | Fixed in |
|---|---|---|
| ibm / websphere_application_server | - | 3.5.3.x |
| ibm / websphere_commerce_suite | 3.1.2 | 3.1.2.x |
| ibm / websphere_commerce_suite | 3.2 | 3.2.x |